Jump to content

cant remove virus or malwarebytes


arry21

Recommended Posts

  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

hi, sorry for delay. I'll be around all day tomorrow...

Brief description of symptoms

The virus won't let me use internet explorer. causes blue sreen crash when i use malwarebytes and combofix when not in safe mode. Virus still remains when both of those programs are run in safe mode. Its also taken over administrative control. can only enter control panel via command prompt.

Re-ran Combofix in safe mode, log attached.

Thanks for helping

Link to post
Share on other sites

ComboFix 12-02-11.02 - James 11/02/2012 16:26:09.4.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1540 [GMT 0:00]

Running from: c:\users\James\Downloads\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\AppData\Roaming\vso_ts_preview.xml

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))

.

.

2012-02-11 16:32 . 2012-02-11 16:32 -------- d-----w- c:\users\James\AppData\Local\temp

2012-02-11 16:32 . 2012-02-11 16:32 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-02-11 16:32 . 2012-02-11 16:32 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-02-11 16:32 . 2012-02-11 16:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-09 17:46 . 2012-02-09 18:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\programdata\Malwarebytes

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2012-02-09 17:20 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:48 . 2011-11-28 20:46 114688 ----a-w- c:\windows\system32\TODDSrv.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

*NewlyCreated* - ECACHE

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{2C9C50B8-1AB9-4594-82E4-23E0D8B3155A}: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-11 16:32

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1248)

c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll

c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax

c:\program files\K-Lite Codec Pack\Filters\DivXDecH264.ax

.

Completion time: 2012-02-11 16:34:31

ComboFix-quarantined-files.txt 2012-02-11 16:34

ComboFix2.txt 2012-02-07 19:36

ComboFix3.txt 2012-02-07 18:33

ComboFix4.txt 2012-01-03 21:32

ComboFix5.txt 2012-02-11 16:19

.

Pre-Run: 21,132,550,144 bytes free

Post-Run: 21,014,372,352 bytes free

.

- - End Of File - - C9361A8E398C4E79991E03F83645A3AC

Link to post
Share on other sites

Hi, thank you for the additional information!

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

is this the log you wanted

17:29:14.0302 3516 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

17:29:14.0944 3516 ============================================================

17:29:14.0944 3516 Current date / time: 2012/02/11 17:29:14.0944

17:29:14.0944 3516 SystemInfo:

17:29:14.0944 3516

17:29:14.0944 3516 OS Version: 6.0.6001 ServicePack: 1.0

17:29:14.0944 3516 Product type: Workstation

17:29:14.0944 3516 ComputerName: JAMES-PC

17:29:14.0945 3516 UserName: James

17:29:14.0945 3516 Windows directory: C:\Windows

17:29:14.0945 3516 System windows directory: C:\Windows

17:29:14.0945 3516 Processor architecture: Intel x86

17:29:14.0945 3516 Number of processors: 2

17:29:14.0945 3516 Page size: 0x1000

17:29:14.0945 3516 Boot type: Normal boot

17:29:14.0945 3516 ============================================================

17:29:17.0089 3516 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

17:29:17.0097 3516 \Device\Harddisk0\DR0:

17:29:17.0097 3516 MBR used

17:29:17.0100 3516 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x9470000

17:29:17.0100 3516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x975E800, BlocksNum 0x92BA800

17:29:17.0203 3516 Initialize success

17:29:17.0203 3516 ============================================================

17:29:22.0606 3260 ============================================================

17:29:22.0606 3260 Scan started

17:29:22.0606 3260 Mode: Manual;

17:29:22.0606 3260 ============================================================

17:29:23.0936 3260 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

17:29:23.0941 3260 ACPI - ok

17:29:24.0194 3260 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

17:29:24.0207 3260 adp94xx - ok

17:29:24.0361 3260 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

17:29:24.0372 3260 adpahci - ok

17:29:24.0414 3260 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

17:29:24.0418 3260 adpu160m - ok

17:29:24.0466 3260 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

17:29:24.0474 3260 adpu320 - ok

17:29:24.0650 3260 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

17:29:24.0659 3260 AFD - ok

17:29:24.0775 3260 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

17:29:24.0813 3260 AgereSoftModem - ok

17:29:25.0028 3260 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

17:29:25.0031 3260 agp440 - ok

17:29:25.0083 3260 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

17:29:25.0087 3260 aic78xx - ok

17:29:25.0287 3260 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

17:29:25.0290 3260 aliide - ok

17:29:25.0385 3260 AMBADVCAPBULK (80269f8a9634ad98dc43230b9b17f3c6) C:\Windows\system32\DRIVERS\AmbaDVCapBulk.sys

17:29:25.0404 3260 AMBADVCAPBULK - ok

17:29:25.0578 3260 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

17:29:25.0581 3260 amdagp - ok

17:29:25.0642 3260 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

17:29:25.0644 3260 amdide - ok

17:29:25.0718 3260 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

17:29:25.0721 3260 AmdK7 - ok

17:29:25.0761 3260 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

17:29:25.0763 3260 AmdK8 - ok

17:29:25.0913 3260 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys

17:29:25.0918 3260 ApfiltrService - ok

17:29:26.0058 3260 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

17:29:26.0062 3260 arc - ok

17:29:26.0217 3260 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

17:29:26.0220 3260 arcsas - ok

17:29:26.0278 3260 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

17:29:26.0280 3260 AsyncMac - ok

17:29:26.0322 3260 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

17:29:26.0324 3260 atapi - ok

17:29:26.0413 3260 athr (999eff35b4c6d969b232bf575972f86f) C:\Windows\system32\DRIVERS\athr.sys

17:29:26.0434 3260 athr - ok

17:29:26.0658 3260 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

17:29:26.0663 3260 Beep - ok

17:29:26.0740 3260 blbdrive - ok

17:29:26.0861 3260 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

17:29:26.0865 3260 bowser - ok

17:29:27.0022 3260 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

17:29:27.0024 3260 BrFiltLo - ok

17:29:27.0092 3260 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

17:29:27.0098 3260 BrFiltUp - ok

17:29:27.0167 3260 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

17:29:27.0170 3260 Brserid - ok

17:29:27.0204 3260 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

17:29:27.0207 3260 BrSerWdm - ok

17:29:27.0267 3260 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

17:29:27.0269 3260 BrUsbMdm - ok

17:29:27.0350 3260 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

17:29:27.0352 3260 BrUsbSer - ok

17:29:27.0395 3260 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

17:29:27.0397 3260 BTHMODEM - ok

17:29:27.0513 3260 catchme - ok

17:29:27.0658 3260 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

17:29:27.0664 3260 cdfs - ok

17:29:27.0769 3260 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

17:29:27.0774 3260 cdrom - ok

17:29:27.0878 3260 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

17:29:27.0881 3260 circlass - ok

17:29:27.0982 3260 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

17:29:27.0991 3260 CLFS - ok

17:29:28.0092 3260 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

17:29:28.0095 3260 CmBatt - ok

17:29:28.0167 3260 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

17:29:28.0169 3260 cmdide - ok

17:29:28.0289 3260 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

17:29:28.0291 3260 Compbatt - ok

17:29:28.0329 3260 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

17:29:28.0331 3260 crcdisk - ok

17:29:28.0392 3260 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

17:29:28.0395 3260 Crusoe - ok

17:29:28.0515 3260 DfsC (c0ff93c000460d3b139b552bbd310644) C:\Windows\system32\Drivers\dfsc.sys

17:29:28.0518 3260 DfsC ( Virus.Win32.ZAccess.g ) - infected

17:29:28.0518 3260 DfsC - detected Virus.Win32.ZAccess.g (0)

17:29:28.0692 3260 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

17:29:28.0695 3260 disk - ok

17:29:28.0790 3260 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

17:29:28.0792 3260 drmkaud - ok

17:29:28.0860 3260 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

17:29:28.0871 3260 DXGKrnl - ok

17:29:29.0018 3260 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

17:29:29.0023 3260 E1G60 - ok

17:29:29.0143 3260 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

17:29:29.0184 3260 Ecache - ok

17:29:29.0388 3260 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

17:29:29.0439 3260 eeCtrl - ok

17:29:29.0604 3260 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

17:29:29.0614 3260 elxstor - ok

17:29:29.0753 3260 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

17:29:29.0756 3260 EraserUtilRebootDrv - ok

17:29:29.0945 3260 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

17:29:29.0950 3260 exfat - ok

17:29:29.0998 3260 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

17:29:30.0004 3260 fastfat - ok

17:29:30.0082 3260 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

17:29:30.0084 3260 fdc - ok

17:29:30.0253 3260 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

17:29:30.0256 3260 FileInfo - ok

17:29:30.0297 3260 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

17:29:30.0299 3260 Filetrace - ok

17:29:30.0328 3260 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

17:29:30.0331 3260 flpydisk - ok

17:29:30.0389 3260 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

17:29:30.0396 3260 FltMgr - ok

17:29:30.0558 3260 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

17:29:30.0560 3260 Fs_Rec - ok

17:29:30.0605 3260 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

17:29:30.0608 3260 gagp30kx - ok

17:29:30.0668 3260 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:29:30.0670 3260 GEARAspiWDM - ok

17:29:30.0868 3260 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

17:29:30.0876 3260 HdAudAddService - ok

17:29:30.0914 3260 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

17:29:30.0916 3260 HDAudBus - ok

17:29:30.0971 3260 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

17:29:30.0973 3260 HidBth - ok

17:29:31.0010 3260 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

17:29:31.0012 3260 HidIr - ok

17:29:31.0167 3260 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

17:29:31.0169 3260 HidUsb - ok

17:29:31.0212 3260 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

17:29:31.0216 3260 HpCISSs - ok

17:29:31.0269 3260 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

17:29:31.0282 3260 HTTP - ok

17:29:31.0326 3260 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

17:29:31.0328 3260 i2omp - ok

17:29:31.0463 3260 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

17:29:31.0466 3260 i8042prt - ok

17:29:31.0568 3260 ialm (14f477463246e35f1dc932be6225598c) C:\Windows\system32\DRIVERS\igdkmd32.sys

17:29:31.0590 3260 ialm - ok

17:29:31.0734 3260 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

17:29:31.0742 3260 iaStorV - ok

17:29:31.0851 3260 IDSvix86 (2eb82af0bf61f9953568d1fa4a56a097) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20100811.001\IDSvix86.sys

17:29:31.0861 3260 IDSvix86 - ok

17:29:32.0059 3260 igfx (14f477463246e35f1dc932be6225598c) C:\Windows\system32\DRIVERS\igdkmd32.sys

17:29:32.0086 3260 igfx - ok

17:29:32.0135 3260 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

17:29:32.0137 3260 iirsp - ok

17:29:32.0372 3260 IntcAzAudAddService (721b1a0434647418f98d034bebd4b4db) C:\Windows\system32\drivers\RTKVHDA.sys

17:29:32.0423 3260 IntcAzAudAddService - ok

17:29:32.0554 3260 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

17:29:32.0556 3260 intelide - ok

17:29:32.0611 3260 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

17:29:32.0613 3260 intelppm - ok

17:29:32.0706 3260 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:29:32.0709 3260 IpFilterDriver - ok

17:29:32.0817 3260 IpInIp - ok

17:29:32.0864 3260 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

17:29:32.0867 3260 IPMIDRV - ok

17:29:32.0920 3260 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

17:29:32.0923 3260 IPNAT - ok

17:29:32.0982 3260 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

17:29:32.0985 3260 IRENUM - ok

17:29:33.0114 3260 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

17:29:33.0118 3260 isapnp - ok

17:29:33.0173 3260 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

17:29:33.0177 3260 iScsiPrt - ok

17:29:33.0216 3260 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

17:29:33.0219 3260 iteatapi - ok

17:29:33.0249 3260 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

17:29:33.0252 3260 iteraid - ok

17:29:33.0376 3260 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

17:29:33.0378 3260 kbdclass - ok

17:29:33.0412 3260 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

17:29:33.0415 3260 kbdhid - ok

17:29:33.0477 3260 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys

17:29:33.0485 3260 KR10I - ok

17:29:33.0609 3260 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys

17:29:33.0617 3260 KR10N - ok

17:29:33.0681 3260 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

17:29:33.0696 3260 KSecDD - ok

17:29:33.0903 3260 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

17:29:33.0906 3260 lltdio - ok

17:29:33.0989 3260 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys

17:29:33.0992 3260 LPCFilter - ok

17:29:34.0037 3260 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

17:29:34.0041 3260 LSI_FC - ok

17:29:34.0118 3260 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

17:29:34.0122 3260 LSI_SAS - ok

17:29:34.0218 3260 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

17:29:34.0221 3260 LSI_SCSI - ok

17:29:34.0262 3260 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

17:29:34.0265 3260 luafv - ok

17:29:34.0379 3260 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys

17:29:34.0380 3260 MBAMSwissArmy - ok

17:29:34.0620 3260 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

17:29:34.0623 3260 megasas - ok

17:29:34.0754 3260 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

17:29:34.0755 3260 Modem - ok

17:29:34.0859 3260 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

17:29:34.0860 3260 monitor - ok

17:29:34.0905 3260 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

17:29:34.0907 3260 mouclass - ok

17:29:34.0983 3260 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys

17:29:34.0985 3260 mouhid - ok

17:29:35.0042 3260 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

17:29:35.0046 3260 MountMgr - ok

17:29:35.0158 3260 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

17:29:35.0162 3260 mpio - ok

17:29:35.0208 3260 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

17:29:35.0211 3260 mpsdrv - ok

17:29:35.0294 3260 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

17:29:35.0296 3260 Mraid35x - ok

17:29:35.0346 3260 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

17:29:35.0352 3260 MRxDAV - ok

17:29:35.0439 3260 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:29:35.0444 3260 mrxsmb - ok

17:29:35.0492 3260 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:29:35.0500 3260 mrxsmb10 - ok

17:29:35.0558 3260 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:29:35.0563 3260 mrxsmb20 - ok

17:29:35.0609 3260 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

17:29:35.0613 3260 msahci - ok

17:29:35.0681 3260 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

17:29:35.0685 3260 msdsm - ok

17:29:35.0757 3260 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

17:29:35.0759 3260 Msfs - ok

17:29:35.0861 3260 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

17:29:35.0864 3260 msisadrv - ok

17:29:35.0960 3260 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

17:29:35.0962 3260 MSKSSRV - ok

17:29:36.0040 3260 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

17:29:36.0042 3260 MSPCLOCK - ok

17:29:36.0112 3260 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

17:29:36.0114 3260 MSPQM - ok

17:29:36.0159 3260 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

17:29:36.0166 3260 MsRPC - ok

17:29:36.0222 3260 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

17:29:36.0224 3260 mssmbios - ok

17:29:36.0293 3260 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

17:29:36.0311 3260 MSTEE - ok

17:29:36.0397 3260 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

17:29:36.0400 3260 Mup - ok

17:29:36.0484 3260 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

17:29:36.0490 3260 NativeWifiP - ok

17:29:36.0576 3260 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100818.006\NAVENG.SYS

17:29:36.0580 3260 NAVENG - ok

17:29:36.0647 3260 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100818.006\NAVEX15.SYS

17:29:36.0686 3260 NAVEX15 - ok

17:29:36.0852 3260 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

17:29:36.0861 3260 NDIS - ok

17:29:36.0933 3260 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

17:29:36.0935 3260 NdisTapi - ok

17:29:37.0028 3260 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

17:29:37.0030 3260 Ndisuio - ok

17:29:37.0225 3260 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

17:29:37.0230 3260 NdisWan - ok

17:29:37.0310 3260 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

17:29:37.0314 3260 NDProxy - ok

17:29:37.0387 3260 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

17:29:37.0389 3260 NetBIOS - ok

17:29:37.0528 3260 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

17:29:37.0534 3260 netbt - ok

17:29:37.0705 3260 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

17:29:37.0756 3260 NETw3v32 - ok

17:29:37.0892 3260 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

17:29:37.0896 3260 nfrd960 - ok

17:29:37.0960 3260 nltdi (3ee27bcff781f07a12df75e8be852b0e) C:\Windows\system32\drivers\nltdi.sys

17:29:37.0964 3260 nltdi - ok

17:29:38.0011 3260 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

17:29:38.0014 3260 Npfs - ok

17:29:38.0081 3260 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

17:29:38.0083 3260 nsiproxy - ok

17:29:38.0257 3260 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

17:29:38.0290 3260 Ntfs - ok

17:29:38.0331 3260 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

17:29:38.0334 3260 ntrigdigi - ok

17:29:38.0445 3260 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

17:29:38.0448 3260 Null - ok

17:29:38.0664 3260 nvlddmkm (e70d10238e1c7463728d56920d1eb186) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:29:38.0831 3260 nvlddmkm - ok

17:29:38.0960 3260 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

17:29:38.0965 3260 nvraid - ok

17:29:38.0997 3260 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

17:29:39.0000 3260 nvstor - ok

17:29:39.0050 3260 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

17:29:39.0055 3260 nv_agp - ok

17:29:39.0098 3260 NwlnkFlt - ok

17:29:39.0123 3260 NwlnkFwd - ok

17:29:39.0185 3260 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

17:29:39.0188 3260 ohci1394 - ok

17:29:39.0334 3260 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

17:29:39.0338 3260 Parport - ok

17:29:39.0379 3260 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

17:29:39.0382 3260 partmgr - ok

17:29:39.0414 3260 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

17:29:39.0417 3260 Parvdm - ok

17:29:39.0466 3260 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

17:29:39.0474 3260 pci - ok

17:29:39.0582 3260 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

17:29:39.0585 3260 pciide - ok

17:29:39.0628 3260 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys

17:29:39.0635 3260 pcmcia - ok

17:29:39.0703 3260 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

17:29:39.0706 3260 pcouffin - ok

17:29:40.0096 3260 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

17:29:40.0121 3260 PEAUTH - ok

17:29:40.0226 3260 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

17:29:40.0240 3260 PptpMiniport - ok

17:29:40.0274 3260 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

17:29:40.0277 3260 Processor - ok

17:29:40.0454 3260 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

17:29:40.0457 3260 PSched - ok

17:29:40.0561 3260 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

17:29:40.0588 3260 ql2300 - ok

17:29:40.0714 3260 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

17:29:40.0719 3260 ql40xx - ok

17:29:40.0769 3260 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

17:29:40.0771 3260 QWAVEdrv - ok

17:29:40.0818 3260 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

17:29:40.0820 3260 RasAcd - ok

17:29:40.0871 3260 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:29:40.0875 3260 Rasl2tp - ok

17:29:40.0995 3260 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

17:29:40.0998 3260 RasPppoe - ok

17:29:41.0070 3260 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

17:29:41.0074 3260 RasSstp - ok

17:29:41.0117 3260 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

17:29:41.0125 3260 rdbss - ok

17:29:41.0161 3260 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:29:41.0163 3260 RDPCDD - ok

17:29:41.0233 3260 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

17:29:41.0242 3260 rdpdr - ok

17:29:41.0348 3260 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

17:29:41.0354 3260 RDPENCDD - ok

17:29:41.0418 3260 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

17:29:41.0426 3260 RDPWD - ok

17:29:41.0500 3260 regivmov (9bd320951b21641d9a371bfc04bd0f31) C:\Windows\system32\DRIVERS\regivmov.sys

17:29:41.0504 3260 regivmov - ok

17:29:41.0647 3260 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

17:29:41.0650 3260 rspndr - ok

17:29:41.0708 3260 RTL8169 (455f7f7974211ea11b81f0f4e528e258) C:\Windows\system32\DRIVERS\Rtlh86.sys

17:29:41.0711 3260 RTL8169 - ok

17:29:41.0772 3260 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

17:29:41.0776 3260 sbp2port - ok

17:29:41.0844 3260 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

17:29:41.0849 3260 sdbus - ok

17:29:41.0968 3260 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

17:29:41.0971 3260 secdrv - ok

17:29:42.0020 3260 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

17:29:42.0023 3260 Serenum - ok

17:29:42.0073 3260 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

17:29:42.0077 3260 Serial - ok

17:29:42.0123 3260 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

17:29:42.0125 3260 sermouse - ok

17:29:42.0270 3260 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

17:29:42.0273 3260 sffdisk - ok

17:29:42.0296 3260 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

17:29:42.0299 3260 sffp_mmc - ok

17:29:42.0331 3260 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

17:29:42.0333 3260 sffp_sd - ok

17:29:42.0373 3260 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

17:29:42.0375 3260 sfloppy - ok

17:29:42.0428 3260 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

17:29:42.0432 3260 sisagp - ok

17:29:42.0467 3260 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

17:29:42.0470 3260 SiSRaid2 - ok

17:29:42.0586 3260 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

17:29:42.0590 3260 SiSRaid4 - ok

17:29:42.0663 3260 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

17:29:42.0667 3260 Smb - ok

17:29:42.0792 3260 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

17:29:42.0805 3260 SPBBCDrv - ok

17:29:42.0918 3260 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

17:29:42.0937 3260 spldr - ok

17:29:43.0001 3260 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS

17:29:43.0011 3260 SRTSP - ok

17:29:43.0082 3260 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS

17:29:43.0096 3260 SRTSPL - ok

17:29:43.0215 3260 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS

17:29:43.0218 3260 SRTSPX - ok

17:29:43.0282 3260 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

17:29:43.0292 3260 srv - ok

17:29:43.0344 3260 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

17:29:43.0350 3260 srv2 - ok

17:29:43.0392 3260 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

17:29:43.0397 3260 srvnet - ok

17:29:43.0579 3260 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

17:29:43.0581 3260 swenum - ok

17:29:43.0656 3260 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

17:29:43.0659 3260 Symc8xx - ok

17:29:43.0725 3260 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS

17:29:43.0727 3260 SYMDNS - ok

17:29:43.0756 3260 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS

17:29:43.0761 3260 SymEvent - ok

17:29:43.0878 3260 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS

17:29:43.0884 3260 SYMFW - ok

17:29:43.0916 3260 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS

17:29:43.0919 3260 SYMIDS - ok

17:29:43.0946 3260 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS

17:29:43.0949 3260 SYMNDISV - ok

17:29:44.0022 3260 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS

17:29:44.0028 3260 SYMREDRV - ok

17:29:44.0141 3260 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS

17:29:44.0148 3260 SYMTDI - ok

17:29:44.0189 3260 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

17:29:44.0193 3260 Sym_hi - ok

17:29:44.0219 3260 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

17:29:44.0223 3260 Sym_u3 - ok

17:29:44.0339 3260 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

17:29:44.0368 3260 Tcpip - ok

17:29:44.0498 3260 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

17:29:44.0513 3260 Tcpip6 - ok

17:29:44.0553 3260 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

17:29:44.0556 3260 tcpipreg - ok

17:29:44.0629 3260 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

17:29:44.0631 3260 tdcmdpst - ok

17:29:44.0688 3260 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

17:29:44.0691 3260 TDPIPE - ok

17:29:44.0744 3260 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

17:29:44.0747 3260 TDTCP - ok

17:29:44.0879 3260 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

17:29:44.0884 3260 tdx - ok

17:29:44.0938 3260 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

17:29:44.0941 3260 TermDD - ok

17:29:45.0028 3260 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys

17:29:45.0035 3260 tifm21 - ok

17:29:45.0206 3260 Tosrfcom - ok

17:29:45.0255 3260 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

17:29:45.0257 3260 tosrfec - ok

17:29:45.0284 3260 TpChoice - ok

17:29:45.0354 3260 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:29:45.0358 3260 tssecsrv - ok

17:29:45.0403 3260 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

17:29:45.0405 3260 tunmp - ok

17:29:45.0438 3260 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

17:29:45.0440 3260 tunnel - ok

17:29:45.0557 3260 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

17:29:45.0560 3260 TVALZ - ok

17:29:45.0623 3260 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

17:29:45.0627 3260 uagp35 - ok

17:29:45.0697 3260 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

17:29:45.0707 3260 udfs - ok

17:29:45.0949 3260 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

17:29:45.0953 3260 uliagpkx - ok

17:29:46.0041 3260 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

17:29:46.0119 3260 uliahci - ok

17:29:46.0172 3260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

17:29:46.0177 3260 UlSata - ok

17:29:46.0298 3260 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

17:29:46.0304 3260 ulsata2 - ok

17:29:46.0400 3260 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

17:29:46.0403 3260 umbus - ok

17:29:46.0447 3260 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys

17:29:46.0449 3260 UMPass - ok

17:29:46.0597 3260 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

17:29:46.0600 3260 USBAAPL - ok

17:29:46.0659 3260 usbccgp (9d554e3509868322fabd3c9933e3ccc2) C:\Windows\system32\DRIVERS\usbccgp.sys

17:29:46.0663 3260 usbccgp - ok

17:29:46.0705 3260 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

17:29:46.0709 3260 usbcir - ok

17:29:46.0773 3260 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

17:29:46.0776 3260 usbehci - ok

17:29:46.0900 3260 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

17:29:46.0907 3260 usbhub - ok

17:29:46.0958 3260 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

17:29:46.0961 3260 usbohci - ok

17:29:47.0006 3260 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

17:29:47.0009 3260 usbprint - ok

17:29:47.0058 3260 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:29:47.0062 3260 USBSTOR - ok

17:29:47.0166 3260 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

17:29:47.0168 3260 usbuhci - ok

17:29:47.0244 3260 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

17:29:47.0251 3260 usbvideo - ok

17:29:47.0307 3260 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

17:29:47.0311 3260 vga - ok

17:29:47.0428 3260 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

17:29:47.0430 3260 VgaSave - ok

17:29:47.0490 3260 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

17:29:47.0494 3260 viaagp - ok

17:29:47.0532 3260 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

17:29:47.0535 3260 ViaC7 - ok

17:29:47.0570 3260 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

17:29:47.0573 3260 viaide - ok

17:29:47.0622 3260 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

17:29:47.0625 3260 volmgr - ok

17:29:47.0743 3260 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

17:29:47.0754 3260 volmgrx - ok

17:29:47.0826 3260 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

17:29:47.0835 3260 volsnap - ok

17:29:47.0903 3260 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

17:29:47.0909 3260 vsmraid - ok

17:29:48.0051 3260 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

17:29:48.0054 3260 WacomPen - ok

17:29:48.0118 3260 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:29:48.0122 3260 Wanarp - ok

17:29:48.0144 3260 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

17:29:48.0146 3260 Wanarpv6 - ok

17:29:48.0217 3260 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

17:29:48.0220 3260 Wd - ok

17:29:48.0339 3260 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

17:29:48.0356 3260 Wdf01000 - ok

17:29:48.0545 3260 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

17:29:48.0548 3260 WmiAcpi - ok

17:29:48.0697 3260 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

17:29:48.0701 3260 WpdUsb - ok

17:29:48.0814 3260 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

17:29:48.0816 3260 ws2ifsl - ok

17:29:48.0914 3260 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:29:48.0922 3260 WUDFRd - ok

17:29:49.0007 3260 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

17:29:49.0060 3260 \Device\Harddisk0\DR0 - ok

17:29:49.0070 3260 Boot (0x1200) (0a54d535fa2ba9442f730560d6f6f101) \Device\Harddisk0\DR0\Partition0

17:29:49.0072 3260 \Device\Harddisk0\DR0\Partition0 - ok

17:29:49.0109 3260 Boot (0x1200) (9b8aed9b11c70957a72bd83796b63aa6) \Device\Harddisk0\DR0\Partition1

17:29:49.0111 3260 \Device\Harddisk0\DR0\Partition1 - ok

17:29:49.0113 3260 ============================================================

17:29:49.0113 3260 Scan finished

17:29:49.0113 3260 ============================================================

17:29:49.0152 5876 Detected object count: 1

17:29:49.0152 5876 Actual detected object count: 1

17:29:56.0266 5876 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine

17:29:56.0275 5876 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813

17:30:03.0032 5876 Backup copy not found, trying to cure infected file..

17:30:03.0033 5876 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)

17:30:03.0033 5876 C:\Windows\system32\Drivers\dfsc.sys - processing error

17:30:07.0466 5876 C:\Windows\System32\c_73811.nls - will be deleted on reboot

17:30:08.0634 5876 DfsC ( Virus.Win32.ZAccess.g ) - User select action: Cure

17:30:17.0062 4396 Deinitialize success

Link to post
Share on other sites

ComboFix 12-02-11.02 - James 11/02/2012 18:19:11.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1202 [GMT 0:00]

Running from: c:\users\James\Downloads\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\AppData\Local\temp\ppcrlui_4908_2

.

.

((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))

.

.

2012-02-11 18:31 . 2012-02-11 18:31 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-02-11 18:31 . 2012-02-11 18:31 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-02-11 18:31 . 2012-02-11 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-11 17:29 . 2012-02-11 17:29 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-11 16:34 . 2012-02-11 18:32 -------- d-----w- c:\users\James\AppData\Local\temp

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\programdata\Malwarebytes

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2012-02-09 17:20 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:48 . 2011-11-28 20:46 114688 ----a-w- c:\windows\system32\TODDSrv.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 01684738

*NewlyCreated* - COMHOST

*Deregistered* - 01684738

*Deregistered* - MBAMSwissArmy

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{2C9C50B8-1AB9-4594-82E4-23E0D8B3155A}: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-01684738.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-11 18:32

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

Completion time: 2012-02-11 18:35:33

ComboFix-quarantined-files.txt 2012-02-11 18:35

ComboFix2.txt 2012-02-11 16:34

ComboFix3.txt 2012-02-07 19:36

ComboFix4.txt 2012-02-07 18:33

ComboFix5.txt 2012-02-11 18:15

.

Pre-Run: 19,006,861,312 bytes free

Post-Run: 18,910,523,392 bytes free

.

- - End Of File - - 81B7E9929DB40C231DFE873DC106E515

Link to post
Share on other sites

Hi, lets manually look for a backup copy.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    dfsc.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 18:57 on 11/02/2012 by James

Administrator - Elevation successful

========== filefind ==========

Searching for "dfsc.sys"

C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys --a---- 75264 bytes [00:42 20/06/2011] [04:14 11/04/2009] 218D8AE46C88E82014F5D73D0236D9B2

C:\Windows\System32\drivers\dfsc.sys --a---- 75264 bytes [19:44 18/06/2011] [14:24 14/04/2011] C0FF93C000460D3B139B552BBD310644

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6000.16386_none_85636be1e930d40a\dfsc.sys --a---- 74752 bytes [08:31 02/11/2006] [08:31 02/11/2006] A7179DE59AE269AB70345527894CCD7C

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18000_none_879a2ddde61be4de\dfsc.sys --a---- 75264 bytes [00:37 26/05/2010] [05:28 19/01/2008] 9E635AE5E8AD93E2B5989E2E23679F97

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.18633_none_877cca5be63173a0\dfsc.sys --a---- 75264 bytes [19:44 18/06/2011] [14:24 14/04/2011] C0FF93C000460D3B139B552BBD310644

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6001.22899_none_87cb8b40ff7a5041\dfsc.sys --a---- 75264 bytes [19:44 18/06/2011] [13:22 13/04/2011] E20FB30D720810646ED24FB7CA9899A2

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys --a---- 75264 bytes [19:44 18/06/2011] [14:59 14/04/2011] 622C41A07CA7E6DD91770F50D532CB6C

C:\Windows\winsxs\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.22625_none_89f9ad5afc6b7999\dfsc.sys --a---- 75264 bytes [19:44 18/06/2011] [14:36 14/04/2011] 3A3436F7DFE0E0C58CD5C3B6C9F21634

-= EOF =-

Link to post
Share on other sites

Hi again, lets see if the following script will work. After running this, please rerun tdsskiller and post me the new log.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


FCopy::
C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-dfsclient_31bf3856ad364e35_6.0.6002.18005_none_8985a6e9e33db02a\dfsc.sys | C:\Windows\System32\drivers\dfsc.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-02-11.02 - James 11/02/2012 20:02:42.5.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1046 [GMT 0:00]

Running from: c:\users\James\Downloads\ComboFix.exe

Command switches used :: c:\users\James\Desktop\CFScript.txt

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\AppData\Local\temp\ppcrlui_4496_2

.

.

((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))

.

.

2012-02-11 20:22 . 2012-02-11 20:22 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-02-11 20:22 . 2012-02-11 20:22 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-02-11 20:22 . 2012-02-11 20:22 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-11 18:35 . 2012-02-11 20:22 -------- d-----w- c:\users\James\AppData\Local\temp

2012-02-11 17:29 . 2012-02-11 17:29 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\programdata\Malwarebytes

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2012-02-09 17:20 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:48 . 2011-11-28 20:46 114688 ----a-w- c:\windows\system32\TODDSrv.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2012-02-11 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{2C9C50B8-1AB9-4594-82E4-23E0D8B3155A}: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-11 20:22

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

Completion time: 2012-02-11 20:26:50

ComboFix-quarantined-files.txt 2012-02-11 20:26

ComboFix2.txt 2012-02-11 18:35

ComboFix3.txt 2012-02-11 16:34

ComboFix4.txt 2012-02-07 19:36

ComboFix5.txt 2012-02-11 20:00

.

Pre-Run: 18,941,870,080 bytes free

Post-Run: 19,077,505,024 bytes free

.

- - End Of File - - 4AD1489C3DA095E81B0C975A41EBE78E

Link to post
Share on other sites

and new tdds log

23:28:02.0317 0212 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57

23:28:02.0557 0212 ============================================================

23:28:02.0557 0212 Current date / time: 2012/02/11 23:28:02.0557

23:28:02.0557 0212 SystemInfo:

23:28:02.0557 0212

23:28:02.0558 0212 OS Version: 6.0.6001 ServicePack: 1.0

23:28:02.0558 0212 Product type: Workstation

23:28:02.0558 0212 ComputerName: JAMES-PC

23:28:02.0558 0212 UserName: James

23:28:02.0558 0212 Windows directory: C:\Windows

23:28:02.0558 0212 System windows directory: C:\Windows

23:28:02.0558 0212 Processor architecture: Intel x86

23:28:02.0559 0212 Number of processors: 2

23:28:02.0559 0212 Page size: 0x1000

23:28:02.0559 0212 Boot type: Normal boot

23:28:02.0559 0212 ============================================================

23:28:04.0862 0212 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:28:04.0866 0212 \Device\Harddisk0\DR0:

23:28:04.0866 0212 MBR used

23:28:04.0866 0212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x9470000

23:28:04.0866 0212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x975E800, BlocksNum 0x92BA800

23:28:05.0037 0212 Initialize success

23:28:05.0037 0212 ============================================================

23:28:07.0360 4236 ============================================================

23:28:07.0360 4236 Scan started

23:28:07.0360 4236 Mode: Manual;

23:28:07.0360 4236 ============================================================

23:28:08.0694 4236 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

23:28:08.0700 4236 ACPI - ok

23:28:08.0929 4236 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

23:28:08.0937 4236 adp94xx - ok

23:28:09.0114 4236 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

23:28:09.0120 4236 adpahci - ok

23:28:09.0236 4236 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

23:28:09.0239 4236 adpu160m - ok

23:28:09.0600 4236 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

23:28:09.0603 4236 adpu320 - ok

23:28:09.0949 4236 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys

23:28:09.0954 4236 AFD - ok

23:28:10.0626 4236 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

23:28:10.0645 4236 AgereSoftModem - ok

23:28:10.0995 4236 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

23:28:10.0997 4236 agp440 - ok

23:28:11.0172 4236 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

23:28:11.0175 4236 aic78xx - ok

23:28:11.0414 4236 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

23:28:11.0415 4236 aliide - ok

23:28:11.0784 4236 AMBADVCAPBULK (80269f8a9634ad98dc43230b9b17f3c6) C:\Windows\system32\DRIVERS\AmbaDVCapBulk.sys

23:28:11.0786 4236 AMBADVCAPBULK - ok

23:28:12.0355 4236 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

23:28:12.0357 4236 amdagp - ok

23:28:12.0430 4236 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

23:28:12.0431 4236 amdide - ok

23:28:12.0607 4236 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

23:28:12.0609 4236 AmdK7 - ok

23:28:12.0861 4236 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

23:28:12.0862 4236 AmdK8 - ok

23:28:13.0013 4236 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys

23:28:13.0015 4236 ApfiltrService - ok

23:28:13.0180 4236 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

23:28:13.0182 4236 arc - ok

23:28:13.0472 4236 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

23:28:13.0474 4236 arcsas - ok

23:28:13.0734 4236 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

23:28:13.0735 4236 AsyncMac - ok

23:28:13.0800 4236 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

23:28:13.0801 4236 atapi - ok

23:28:14.0404 4236 athr (999eff35b4c6d969b232bf575972f86f) C:\Windows\system32\DRIVERS\athr.sys

23:28:14.0417 4236 athr - ok

23:28:14.0847 4236 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

23:28:14.0847 4236 Beep - ok

23:28:15.0246 4236 blbdrive - ok

23:28:15.0717 4236 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys

23:28:15.0719 4236 bowser - ok

23:28:16.0211 4236 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

23:28:16.0212 4236 BrFiltLo - ok

23:28:16.0730 4236 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

23:28:16.0731 4236 BrFiltUp - ok

23:28:17.0245 4236 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

23:28:17.0247 4236 Brserid - ok

23:28:17.0748 4236 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

23:28:17.0750 4236 BrSerWdm - ok

23:28:18.0211 4236 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

23:28:18.0212 4236 BrUsbMdm - ok

23:28:18.0716 4236 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

23:28:18.0717 4236 BrUsbSer - ok

23:28:19.0150 4236 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

23:28:19.0152 4236 BTHMODEM - ok

23:28:19.0425 4236 catchme - ok

23:28:19.0769 4236 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

23:28:19.0771 4236 cdfs - ok

23:28:20.0246 4236 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

23:28:20.0248 4236 cdrom - ok

23:28:20.0689 4236 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

23:28:20.0691 4236 circlass - ok

23:28:21.0074 4236 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

23:28:21.0079 4236 CLFS - ok

23:28:21.0603 4236 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

23:28:21.0605 4236 CmBatt - ok

23:28:21.0900 4236 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

23:28:21.0901 4236 cmdide - ok

23:28:22.0089 4236 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

23:28:22.0091 4236 Compbatt - ok

23:28:22.0440 4236 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

23:28:22.0441 4236 crcdisk - ok

23:28:22.0514 4236 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

23:28:22.0516 4236 Crusoe - ok

23:28:22.0793 4236 DfsC (c0ff93c000460d3b139b552bbd310644) C:\Windows\system32\Drivers\dfsc.sys

23:28:22.0795 4236 DfsC ( Virus.Win32.ZAccess.g ) - infected

23:28:22.0795 4236 DfsC - detected Virus.Win32.ZAccess.g (0)

23:28:23.0092 4236 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

23:28:23.0094 4236 disk - ok

23:28:23.0267 4236 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

23:28:23.0268 4236 drmkaud - ok

23:28:23.0514 4236 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

23:28:23.0525 4236 DXGKrnl - ok

23:28:23.0774 4236 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

23:28:23.0776 4236 E1G60 - ok

23:28:23.0872 4236 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

23:28:23.0875 4236 Ecache - ok

23:28:24.0021 4236 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

23:28:24.0028 4236 eeCtrl - ok

23:28:24.0206 4236 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

23:28:24.0212 4236 elxstor - ok

23:28:24.0386 4236 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

23:28:24.0388 4236 EraserUtilRebootDrv - ok

23:28:24.0613 4236 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

23:28:24.0615 4236 exfat - ok

23:28:24.0785 4236 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

23:28:24.0788 4236 fastfat - ok

23:28:25.0203 4236 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

23:28:25.0205 4236 fdc - ok

23:28:25.0597 4236 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

23:28:25.0599 4236 FileInfo - ok

23:28:25.0796 4236 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

23:28:25.0798 4236 Filetrace - ok

23:28:25.0973 4236 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

23:28:25.0974 4236 flpydisk - ok

23:28:26.0366 4236 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

23:28:26.0370 4236 FltMgr - ok

23:28:26.0713 4236 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

23:28:26.0715 4236 Fs_Rec - ok

23:28:26.0771 4236 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

23:28:26.0773 4236 gagp30kx - ok

23:28:27.0045 4236 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:28:27.0046 4236 GEARAspiWDM - ok

23:28:27.0399 4236 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

23:28:27.0404 4236 HdAudAddService - ok

23:28:27.0714 4236 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:28:27.0716 4236 HDAudBus - ok

23:28:27.0948 4236 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

23:28:27.0950 4236 HidBth - ok

23:28:28.0210 4236 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

23:28:28.0211 4236 HidIr - ok

23:28:28.0522 4236 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

23:28:28.0524 4236 HidUsb - ok

23:28:28.0757 4236 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

23:28:28.0758 4236 HpCISSs - ok

23:28:28.0836 4236 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

23:28:28.0843 4236 HTTP - ok

23:28:29.0125 4236 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

23:28:29.0127 4236 i2omp - ok

23:28:29.0296 4236 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

23:28:29.0298 4236 i8042prt - ok

23:28:29.0657 4236 ialm (14f477463246e35f1dc932be6225598c) C:\Windows\system32\DRIVERS\igdkmd32.sys

23:28:29.0683 4236 ialm - ok

23:28:29.0833 4236 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

23:28:29.0838 4236 iaStorV - ok

23:28:29.0996 4236 IDSvix86 (2eb82af0bf61f9953568d1fa4a56a097) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20100811.001\IDSvix86.sys

23:28:30.0001 4236 IDSvix86 - ok

23:28:30.0447 4236 igfx (14f477463246e35f1dc932be6225598c) C:\Windows\system32\DRIVERS\igdkmd32.sys

23:28:30.0477 4236 igfx - ok

23:28:30.0623 4236 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

23:28:30.0625 4236 iirsp - ok

23:28:30.0804 4236 IntcAzAudAddService (721b1a0434647418f98d034bebd4b4db) C:\Windows\system32\drivers\RTKVHDA.sys

23:28:30.0834 4236 IntcAzAudAddService - ok

23:28:31.0521 4236 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

23:28:31.0522 4236 intelide - ok

23:28:31.0833 4236 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

23:28:31.0835 4236 intelppm - ok

23:28:32.0273 4236 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:28:32.0274 4236 IpFilterDriver - ok

23:28:33.0117 4236 IpInIp - ok

23:28:33.0774 4236 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

23:28:33.0776 4236 IPMIDRV - ok

23:28:34.0275 4236 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

23:28:34.0278 4236 IPNAT - ok

23:28:34.0726 4236 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

23:28:34.0728 4236 IRENUM - ok

23:28:35.0425 4236 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

23:28:35.0427 4236 isapnp - ok

23:28:35.0995 4236 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

23:28:35.0999 4236 iScsiPrt - ok

23:28:36.0727 4236 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

23:28:36.0729 4236 iteatapi - ok

23:28:36.0949 4236 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

23:28:36.0950 4236 iteraid - ok

23:28:37.0198 4236 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

23:28:37.0201 4236 kbdclass - ok

23:28:37.0901 4236 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

23:28:37.0902 4236 kbdhid - ok

23:28:38.0469 4236 KR10I (a383f2cea0a8f4e76e71abc869bd5748) C:\Windows\system32\drivers\kr10i.sys

23:28:38.0474 4236 KR10I - ok

23:28:39.0198 4236 KR10N (6e9922332386c2a49936b30b2b6fd298) C:\Windows\system32\drivers\kr10n.sys

23:28:39.0202 4236 KR10N - ok

23:28:39.0675 4236 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

23:28:39.0683 4236 KSecDD - ok

23:28:40.0258 4236 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

23:28:40.0260 4236 lltdio - ok

23:28:40.0756 4236 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys

23:28:40.0758 4236 LPCFilter - ok

23:28:41.0239 4236 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

23:28:41.0241 4236 LSI_FC - ok

23:28:41.0671 4236 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

23:28:41.0674 4236 LSI_SAS - ok

23:28:42.0106 4236 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

23:28:42.0108 4236 LSI_SCSI - ok

23:28:42.0551 4236 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

23:28:42.0553 4236 luafv - ok

23:28:42.0975 4236 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

23:28:42.0977 4236 megasas - ok

23:28:43.0109 4236 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

23:28:43.0110 4236 Modem - ok

23:28:43.0192 4236 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

23:28:43.0193 4236 monitor - ok

23:28:43.0271 4236 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

23:28:43.0273 4236 mouclass - ok

23:28:43.0752 4236 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys

23:28:43.0754 4236 mouhid - ok

23:28:44.0075 4236 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

23:28:44.0077 4236 MountMgr - ok

23:28:44.0446 4236 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

23:28:44.0449 4236 mpio - ok

23:28:44.0919 4236 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

23:28:44.0921 4236 mpsdrv - ok

23:28:45.0660 4236 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

23:28:45.0661 4236 Mraid35x - ok

23:28:45.0990 4236 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

23:28:45.0993 4236 MRxDAV - ok

23:28:46.0372 4236 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:28:46.0377 4236 mrxsmb - ok

23:28:46.0863 4236 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:28:46.0867 4236 mrxsmb10 - ok

23:28:47.0380 4236 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:28:47.0382 4236 mrxsmb20 - ok

23:28:47.0764 4236 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

23:28:47.0766 4236 msahci - ok

23:28:48.0114 4236 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

23:28:48.0116 4236 msdsm - ok

23:28:48.0401 4236 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

23:28:48.0403 4236 Msfs - ok

23:28:48.0761 4236 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

23:28:48.0763 4236 msisadrv - ok

23:28:49.0437 4236 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

23:28:49.0439 4236 MSKSSRV - ok

23:28:49.0817 4236 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

23:28:49.0818 4236 MSPCLOCK - ok

23:28:50.0612 4236 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

23:28:50.0613 4236 MSPQM - ok

23:28:50.0825 4236 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

23:28:50.0829 4236 MsRPC - ok

23:28:51.0188 4236 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

23:28:51.0189 4236 mssmbios - ok

23:28:51.0943 4236 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

23:28:51.0944 4236 MSTEE - ok

23:28:52.0840 4236 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

23:28:52.0842 4236 Mup - ok

23:28:53.0517 4236 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

23:28:53.0521 4236 NativeWifiP - ok

23:28:53.0831 4236 NAVENG (0953bb24c1e70a99c315f44f15993c17) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100818.006\NAVENG.SYS

23:28:53.0833 4236 NAVENG - ok

23:28:54.0779 4236 NAVEX15 (3ddb0bef60b65df6b110c23e17cd67dc) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20100818.006\NAVEX15.SYS

23:28:54.0802 4236 NAVEX15 - ok

23:28:55.0650 4236 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

23:28:55.0659 4236 NDIS - ok

23:28:55.0844 4236 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

23:28:55.0845 4236 NdisTapi - ok

23:28:56.0427 4236 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

23:28:56.0429 4236 Ndisuio - ok

23:28:56.0802 4236 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

23:28:56.0805 4236 NdisWan - ok

23:28:56.0937 4236 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

23:28:56.0939 4236 NDProxy - ok

23:28:57.0153 4236 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

23:28:57.0154 4236 NetBIOS - ok

23:28:57.0480 4236 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

23:28:57.0484 4236 netbt - ok

23:28:58.0459 4236 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

23:28:58.0489 4236 NETw3v32 - ok

23:28:58.0881 4236 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

23:28:58.0883 4236 nfrd960 - ok

23:28:59.0450 4236 nltdi (3ee27bcff781f07a12df75e8be852b0e) C:\Windows\system32\drivers\nltdi.sys

23:28:59.0453 4236 nltdi - ok

23:28:59.0566 4236 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

23:28:59.0568 4236 Npfs - ok

23:28:59.0637 4236 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

23:28:59.0639 4236 nsiproxy - ok

23:28:59.0767 4236 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

23:28:59.0787 4236 Ntfs - ok

23:29:00.0419 4236 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

23:29:00.0421 4236 ntrigdigi - ok

23:29:00.0945 4236 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

23:29:00.0946 4236 Null - ok

23:29:01.0853 4236 nvlddmkm (e70d10238e1c7463728d56920d1eb186) C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:29:01.0925 4236 nvlddmkm - ok

23:29:02.0693 4236 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

23:29:02.0695 4236 nvraid - ok

23:29:03.0008 4236 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

23:29:03.0010 4236 nvstor - ok

23:29:03.0482 4236 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

23:29:03.0486 4236 nv_agp - ok

23:29:03.0749 4236 NwlnkFlt - ok

23:29:03.0794 4236 NwlnkFwd - ok

23:29:03.0873 4236 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys

23:29:03.0876 4236 ohci1394 - ok

23:29:04.0055 4236 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

23:29:04.0057 4236 Parport - ok

23:29:04.0547 4236 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

23:29:04.0549 4236 partmgr - ok

23:29:04.0802 4236 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

23:29:04.0804 4236 Parvdm - ok

23:29:05.0262 4236 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

23:29:05.0266 4236 pci - ok

23:29:05.0582 4236 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

23:29:05.0583 4236 pciide - ok

23:29:06.0032 4236 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys

23:29:06.0038 4236 pcmcia - ok

23:29:06.0702 4236 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys

23:29:06.0704 4236 pcouffin - ok

23:29:07.0279 4236 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

23:29:07.0294 4236 PEAUTH - ok

23:29:07.0894 4236 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

23:29:07.0896 4236 PptpMiniport - ok

23:29:08.0006 4236 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

23:29:08.0009 4236 Processor - ok

23:29:08.0142 4236 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

23:29:08.0144 4236 PSched - ok

23:29:08.0250 4236 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

23:29:08.0266 4236 ql2300 - ok

23:29:08.0758 4236 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

23:29:08.0761 4236 ql40xx - ok

23:29:09.0335 4236 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

23:29:09.0336 4236 QWAVEdrv - ok

23:29:09.0783 4236 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

23:29:09.0785 4236 RasAcd - ok

23:29:10.0314 4236 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:29:10.0316 4236 Rasl2tp - ok

23:29:10.0785 4236 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

23:29:10.0787 4236 RasPppoe - ok

23:29:11.0446 4236 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

23:29:11.0449 4236 RasSstp - ok

23:29:11.0805 4236 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

23:29:11.0810 4236 rdbss - ok

23:29:12.0426 4236 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:29:12.0427 4236 RDPCDD - ok

23:29:12.0809 4236 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

23:29:12.0814 4236 rdpdr - ok

23:29:13.0208 4236 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

23:29:13.0210 4236 RDPENCDD - ok

23:29:13.0428 4236 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

23:29:13.0432 4236 RDPWD - ok

23:29:13.0555 4236 regivmov (9bd320951b21641d9a371bfc04bd0f31) C:\Windows\system32\DRIVERS\regivmov.sys

23:29:13.0557 4236 regivmov - ok

23:29:13.0746 4236 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

23:29:13.0748 4236 rspndr - ok

23:29:13.0951 4236 RTL8169 (455f7f7974211ea11b81f0f4e528e258) C:\Windows\system32\DRIVERS\Rtlh86.sys

23:29:13.0953 4236 RTL8169 - ok

23:29:14.0282 4236 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

23:29:14.0284 4236 sbp2port - ok

23:29:14.0577 4236 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys

23:29:14.0579 4236 sdbus - ok

23:29:14.0734 4236 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

23:29:14.0736 4236 secdrv - ok

23:29:15.0241 4236 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

23:29:15.0243 4236 Serenum - ok

23:29:15.0338 4236 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

23:29:15.0341 4236 Serial - ok

23:29:15.0381 4236 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

23:29:15.0383 4236 sermouse - ok

23:29:15.0469 4236 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

23:29:15.0470 4236 sffdisk - ok

23:29:15.0506 4236 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

23:29:15.0508 4236 sffp_mmc - ok

23:29:15.0541 4236 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

23:29:15.0543 4236 sffp_sd - ok

23:29:15.0638 4236 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

23:29:15.0640 4236 sfloppy - ok

23:29:15.0683 4236 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

23:29:15.0685 4236 sisagp - ok

23:29:15.0732 4236 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

23:29:15.0734 4236 SiSRaid2 - ok

23:29:15.0785 4236 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

23:29:15.0788 4236 SiSRaid4 - ok

23:29:15.0851 4236 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

23:29:15.0854 4236 Smb - ok

23:29:15.0968 4236 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

23:29:15.0978 4236 SPBBCDrv - ok

23:29:16.0112 4236 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

23:29:16.0114 4236 spldr - ok

23:29:16.0269 4236 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS

23:29:16.0275 4236 SRTSP - ok

23:29:16.0555 4236 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS

23:29:16.0562 4236 SRTSPL - ok

23:29:16.0681 4236 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS

23:29:16.0684 4236 SRTSPX - ok

23:29:16.0747 4236 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys

23:29:16.0753 4236 srv - ok

23:29:16.0810 4236 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys

23:29:16.0814 4236 srv2 - ok

23:29:16.0847 4236 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys

23:29:16.0850 4236 srvnet - ok

23:29:17.0000 4236 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

23:29:17.0002 4236 swenum - ok

23:29:17.0066 4236 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

23:29:17.0069 4236 Symc8xx - ok

23:29:17.0124 4236 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS

23:29:17.0125 4236 SYMDNS - ok

23:29:17.0175 4236 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS

23:29:17.0182 4236 SymEvent - ok

23:29:17.0310 4236 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS

23:29:17.0314 4236 SYMFW - ok

23:29:17.0360 4236 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS

23:29:17.0362 4236 SYMIDS - ok

23:29:17.0423 4236 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS

23:29:17.0425 4236 SYMNDISV - ok

23:29:17.0487 4236 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS

23:29:17.0489 4236 SYMREDRV - ok

23:29:17.0563 4236 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS

23:29:17.0567 4236 SYMTDI - ok

23:29:17.0755 4236 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

23:29:17.0757 4236 Sym_hi - ok

23:29:17.0885 4236 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

23:29:17.0887 4236 Sym_u3 - ok

23:29:18.0290 4236 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

23:29:18.0307 4236 Tcpip - ok

23:29:18.0479 4236 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

23:29:18.0493 4236 Tcpip6 - ok

23:29:18.0541 4236 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

23:29:18.0543 4236 tcpipreg - ok

23:29:18.0694 4236 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys

23:29:18.0696 4236 tdcmdpst - ok

23:29:18.0731 4236 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

23:29:18.0733 4236 TDPIPE - ok

23:29:18.0787 4236 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

23:29:18.0790 4236 TDTCP - ok

23:29:18.0845 4236 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

23:29:18.0847 4236 tdx - ok

23:29:18.0981 4236 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

23:29:18.0984 4236 TermDD - ok

23:29:19.0071 4236 tifm21 (f779ba4cd37963ab4600c9871b7752a3) C:\Windows\system32\drivers\tifm21.sys

23:29:19.0075 4236 tifm21 - ok

23:29:19.0116 4236 Tosrfcom - ok

23:29:19.0166 4236 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys

23:29:19.0168 4236 tosrfec - ok

23:29:19.0282 4236 TpChoice - ok

23:29:19.0364 4236 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:29:19.0366 4236 tssecsrv - ok

23:29:19.0545 4236 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

23:29:19.0547 4236 tunmp - ok

23:29:19.0737 4236 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys

23:29:19.0739 4236 tunnel - ok

23:29:19.0822 4236 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

23:29:19.0823 4236 TVALZ - ok

23:29:20.0222 4236 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

23:29:20.0224 4236 uagp35 - ok

23:29:20.0399 4236 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

23:29:20.0404 4236 udfs - ok

23:29:20.0592 4236 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

23:29:20.0595 4236 uliagpkx - ok

23:29:20.0737 4236 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

23:29:20.0742 4236 uliahci - ok

23:29:21.0015 4236 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

23:29:21.0018 4236 UlSata - ok

23:29:21.0374 4236 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

23:29:21.0378 4236 ulsata2 - ok

23:29:21.0710 4236 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

23:29:21.0712 4236 umbus - ok

23:29:21.0979 4236 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys

23:29:21.0981 4236 UMPass - ok

23:29:22.0195 4236 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

23:29:22.0198 4236 USBAAPL - ok

23:29:22.0413 4236 usbccgp (9d554e3509868322fabd3c9933e3ccc2) C:\Windows\system32\DRIVERS\usbccgp.sys

23:29:22.0416 4236 usbccgp - ok

23:29:22.0737 4236 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

23:29:22.0740 4236 usbcir - ok

23:29:23.0105 4236 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

23:29:23.0108 4236 usbehci - ok

23:29:23.0532 4236 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

23:29:23.0536 4236 usbhub - ok

23:29:23.0768 4236 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

23:29:23.0770 4236 usbohci - ok

23:29:23.0838 4236 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

23:29:23.0840 4236 usbprint - ok

23:29:23.0913 4236 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:29:23.0915 4236 USBSTOR - ok

23:29:23.0987 4236 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

23:29:23.0989 4236 usbuhci - ok

23:29:24.0043 4236 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

23:29:24.0046 4236 usbvideo - ok

23:29:24.0106 4236 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

23:29:24.0108 4236 vga - ok

23:29:24.0160 4236 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

23:29:24.0162 4236 VgaSave - ok

23:29:24.0235 4236 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

23:29:24.0238 4236 viaagp - ok

23:29:24.0297 4236 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

23:29:24.0299 4236 ViaC7 - ok

23:29:24.0324 4236 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

23:29:24.0327 4236 viaide - ok

23:29:24.0387 4236 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

23:29:24.0390 4236 volmgr - ok

23:29:24.0486 4236 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

23:29:24.0492 4236 volmgrx - ok

23:29:24.0558 4236 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

23:29:24.0564 4236 volsnap - ok

23:29:24.0624 4236 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

23:29:24.0627 4236 vsmraid - ok

23:29:24.0749 4236 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

23:29:24.0752 4236 WacomPen - ok

23:29:24.0794 4236 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:29:24.0797 4236 Wanarp - ok

23:29:24.0806 4236 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:29:24.0809 4236 Wanarpv6 - ok

23:29:24.0883 4236 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

23:29:24.0885 4236 Wd - ok

23:29:24.0971 4236 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

23:29:24.0981 4236 Wdf01000 - ok

23:29:25.0166 4236 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

23:29:25.0168 4236 WmiAcpi - ok

23:29:25.0263 4236 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

23:29:25.0265 4236 WpdUsb - ok

23:29:25.0324 4236 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

23:29:25.0326 4236 ws2ifsl - ok

23:29:25.0402 4236 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:29:25.0405 4236 WUDFRd - ok

23:29:25.0472 4236 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:29:25.0526 4236 \Device\Harddisk0\DR0 - ok

23:29:25.0534 4236 Boot (0x1200) (0a54d535fa2ba9442f730560d6f6f101) \Device\Harddisk0\DR0\Partition0

23:29:25.0536 4236 \Device\Harddisk0\DR0\Partition0 - ok

23:29:25.0564 4236 Boot (0x1200) (9b8aed9b11c70957a72bd83796b63aa6) \Device\Harddisk0\DR0\Partition1

23:29:25.0566 4236 \Device\Harddisk0\DR0\Partition1 - ok

23:29:25.0569 4236 ============================================================

23:29:25.0569 4236 Scan finished

23:29:25.0569 4236 ============================================================

23:29:25.0596 3288 Detected object count: 1

23:29:25.0596 3288 Actual detected object count: 1

23:29:42.0120 3288 C:\Windows\system32\Drivers\dfsc.sys - copied to quarantine

23:29:42.0128 3288 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813

23:29:42.0440 3288 Backup copy not found, trying to cure infected file..

23:29:42.0441 3288 C:\Windows\system32\Drivers\dfsc.sys - Cure failed (FFFFFFFF)

23:29:42.0441 3288 C:\Windows\system32\Drivers\dfsc.sys - processing error

23:29:47.0456 3288 DfsC ( Virus.Win32.ZAccess.g ) - User select action: Cure

23:32:50.0612 2280 Deinitialize success

Link to post
Share on other sites

Yes, that is possible (there are different hotfixes we can apply that replace this driver), but as no copy is currently present we can not do that right now, only after the rootkit is gone.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Rootkit::
C:\Windows\system32\Drivers\dfsc.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

i believe this is the new log, whilst running scan system rebooted and log came up blank. Every time i tried to open anything i got this error message

illegal operation attempted on a registry key that has been marked for deletion (explorer.exe was in the top of this window)

All back to normal after another reboot

ComboFix 11-11-28.02 - James 29/11/2011 0:25.1.2 - x86

Running from: c:\users\James\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\AppData\Local\Temp\ppcrlui_924_2

c:\windows\system32\

.

---- Previous Run -------

.

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\James\AppData\Roaming\inst.exe

c:\users\James\AppData\Roaming\vso_ts_preview.xml

c:\windows\assembly\GAC_MSIL\desktop.ini

c:\windows\system32\rasakme.dll

c:\windows\system32\urlidcon.dll

.

-- Previous Run --

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\lxdjcoms.exe . . . is infected!!

c:\windows\system32\lxdjcoms.exe . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\lxdjcoms.exe . . . is infected!!

c:\windows\system32\lxdjcoms.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\NetLimiter 2 Pro\nlsvc.exe was found and disinfected

Restored copy from - c:\program files\NetLimiter 2 Pro\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\lxdjcoms.exe . . . is infected!!

c:\windows\system32\lxdjcoms.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\NetLimiter 2 Pro\nlsvc.exe was found and disinfected

Restored copy from - c:\program files\NetLimiter 2 Pro\

.

Infected copy of c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\CCPD-LC\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\lxdjcoms.exe . . . is infected!!

c:\windows\system32\lxdjcoms.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\NetLimiter 2 Pro\nlsvc.exe was found and disinfected

Restored copy from - c:\program files\NetLimiter 2 Pro\

.

Infected copy of c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\CCPD-LC\

.

Infected copy of c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\AppCore\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\lxdjcoms.exe . . . is infected!!

c:\windows\system32\lxdjcoms.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\NetLimiter 2 Pro\nlsvc.exe was found and disinfected

Restored copy from - c:\program files\NetLimiter 2 Pro\

.

Infected copy of c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\CCPD-LC\

.

Infected copy of c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\AppCore\

.

Infected copy of c:\windows\system32\TODDSrv.exe was found and disinfected

Restored copy from - c:\windows\System32\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\lxdjcoms.exe . . . is infected!!

c:\windows\system32\lxdjcoms.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\NetLimiter 2 Pro\nlsvc.exe was found and disinfected

Restored copy from - c:\program files\NetLimiter 2 Pro\

.

Infected copy of c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\CCPD-LC\

.

Infected copy of c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\AppCore\

.

Infected copy of c:\windows\system32\TODDSrv.exe was found and disinfected

Restored copy from - c:\windows\System32\

.

Infected copy of c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\Power Saver\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\lxdjcoms.exe . . . is infected!!

c:\windows\system32\lxdjcoms.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\NetLimiter 2 Pro\nlsvc.exe was found and disinfected

Restored copy from - c:\program files\NetLimiter 2 Pro\

.

Infected copy of c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\CCPD-LC\

.

Infected copy of c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\AppCore\

.

Infected copy of c:\windows\system32\TODDSrv.exe was found and disinfected

Restored copy from - c:\windows\System32\

.

Infected copy of c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\Power Saver\

.

Infected copy of c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\

.

c:\windows\system32\agrsmsvc.exe . . . is infected!!

c:\windows\system32\agrsmsvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Apple\Mobile Device Support\

.

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . is infected!!

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\Bonjour\mDNSResponder.exe was found and disinfected

Restored copy from - c:\program files\Bonjour\

.

Infected copy of c:\program files\Common Files\Symantec Shared\ccSvcHst.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\

.

Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\ConfigFree\

.

Infected copy of c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe was found and disinfected

Restored copy from - c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

.

Infected copy of c:\program files\Google\Update\GoogleUpdate.exe was found and disinfected

Restored copy from - c:\program files\Google\Update\

.

Infected copy of c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe was found and disinfected

Restored copy from - c:\program files\Google\Common\Google Updater\

.

Infected copy of c:\program files\iPod\bin\iPodService.exe was found and disinfected

Restored copy from - c:\program files\iPod\bin\

.

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . is infected!!

c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE . . . was deleted!! You should re-install the program it pertains to

.

c:\windows\system32\lxdjcoms.exe . . . is infected!!

c:\windows\system32\lxdjcoms.exe . . . was deleted!! You should re-install the program it pertains to

.

Infected copy of c:\program files\NetLimiter 2 Pro\nlsvc.exe was found and disinfected

Restored copy from - c:\program files\NetLimiter 2 Pro\

.

Infected copy of c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\CCPD-LC\

.

Infected copy of c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Symantec Shared\AppCore\

.

Infected copy of c:\windows\system32\TODDSrv.exe was found and disinfected

Restored copy from - c:\windows\System32\

.

Infected copy of c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\Power Saver\

.

Infected copy of c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe was found and disinfected

Restored copy from - c:\program files\TOSHIBA\Bluetooth Toshiba Stack\

.

Infected copy of c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe was found and disinfected

Restored copy from - c:\program files\Common Files\Ulead Systems\DVD\

.

--------

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_f0541d4c

.

.

((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))

.

.

2011-11-29 00:43 . 2011-11-29 00:43 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2011-11-29 00:43 . 2011-11-29 00:47 -------- d-----w- c:\users\James\AppData\Local\temp

2011-11-29 00:43 . 2011-11-29 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-28 23:20 . 2011-11-28 23:20 -------- d-----w- c:\program files\Apple Software Update

2011-11-28 20:46 . 2011-11-28 20:48 114688 ----a-w- c:\windows\system32\TODDSrv.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 18:28 . 2011-10-25 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-25 16:27 . 2011-10-25 16:27 67584 ----a-w- c:\windows\system32\dlgalvid.dll

2011-08-31 17:00 . 2011-10-25 18:05 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-05-23 69632]

R3 AMBADVCAPBULK;Digital Video;c:\windows\system32\DRIVERS\AmbaDVCapBulk.sys [2008-05-12 41216]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2011-11-28 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

**************************************************************************

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files:

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(6192)

c:\program files\IDM\Desktop SMS\oehook.dll

c:\windows\system32\faxonnet.dll

c:\windows\system32\adenw32.dll

c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll

c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax

c:\program files\K-Lite Codec Pack\Filters\DivXDecH264.ax

.

------------------------ Other Running Processes ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\NetLimiter 2 Pro\nlsvc.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\NetLimiter 2 Pro\NLClient.exe

c:\windows\RtHDVCpl.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\windows\System32\rundll32.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Windows Mail\WinMail.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\wermgr.exe

.

**************************************************************************

.

Completion time: 2011-11-29 00:54:38 - machine was rebooted

ComboFix-quarantined-files.txt 2011-11-29 00:54

.

Pre-Run: 9,570,541,568 bytes free

Post-Run: 9,142,669,312 bytes free

.

- - End Of File - - 379959679953A5D20F66BBD8E3A3E0AB

ComboFix 12-01-03.04 - James 03/01/2012 20:58:49.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1197 [GMT 0:00]

Running from: c:\users\James\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\James\AppData\Local\f0541d4c

c:\users\James\AppData\Local\f0541d4c\@

c:\users\James\AppData\Local\f0541d4c\X

c:\users\James\AppData\Local\temp\ppcrlui_5972_2

.

.

((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))

.

.

2012-01-03 21:12 . 2012-01-03 21:12 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-01-03 21:12 . 2012-01-03 21:12 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-01-03 21:12 . 2012-01-03 21:12 -------- d-----w- c:\users\Default\AppData\Local\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:48 . 2011-11-28 20:46 114688 ----a-w- c:\windows\system32\TODDSrv.exe

2011-11-28 18:28 . 2011-10-25 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-25 16:27 . 2011-10-25 16:27 67584 ----a-w- c:\windows\system32\dlgalvid.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2012-01-03 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-03 21:13

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

Completion time: 2012-01-03 21:17:39

ComboFix-quarantined-files.txt 2012-01-03 21:17

ComboFix2.txt 2011-11-29 00:54

.

Pre-Run: 13,326,082,048 bytes free

Post-Run: 13,183,283,200 bytes free

.

- - End Of File - - 0F19CB08671DEAAA9A9D4DA99CAA858E

ComboFix 12-01-03.04 - James 03/01/2012 21:23:32.3.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1681 [GMT 0:00]

Running from: c:\users\James\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Created from 2011-12-03 to 2012-01-03 )))))))))))))))))))))))))))))))

.

.

2012-01-03 21:30 . 2012-01-03 21:30 -------- d-----w- c:\users\James\AppData\Local\temp

2012-01-03 21:30 . 2012-01-03 21:30 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-01-03 21:30 . 2012-01-03 21:30 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-01-03 21:30 . 2012-01-03 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:48 . 2011-11-28 20:46 114688 ----a-w- c:\windows\system32\TODDSrv.exe

2011-11-28 18:28 . 2011-10-25 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-10-25 16:27 . 2011-10-25 16:27 67584 ----a-w- c:\windows\system32\dlgalvid.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

*NewlyCreated* - ECACHE

.

Contents of the 'Scheduled Tasks' folder

.

2011-12-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2012-01-03 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-03 21:30

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1936)

c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll

c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax

c:\program files\K-Lite Codec Pack\Filters\DivXDecH264.ax

.

Completion time: 2012-01-03 21:32:49

ComboFix-quarantined-files.txt 2012-01-03 21:32

ComboFix2.txt 2012-01-03 21:17

ComboFix3.txt 2011-11-29 00:54

.

Pre-Run: 15,349,669,888 bytes free

Post-Run: 15,253,196,800 bytes free

.

- - End Of File - - 6184DC44ED5FE1DB83A0FC2EE886EC20

ComboFix 12-02-07.01 - James 07/02/2012 18:25:09.3.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1669 [GMT 0:00]

Running from: c:\users\James\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))

.

.

2012-02-07 18:30 . 2012-02-07 18:30 -------- d-----w- c:\users\James\AppData\Local\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:48 . 2011-11-28 20:46 114688 ----a-w- c:\windows\system32\TODDSrv.exe

2011-11-28 18:28 . 2011-10-25 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

*NewlyCreated* - ECACHE

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2012-02-07 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{2C9C50B8-1AB9-4594-82E4-23E0D8B3155A}: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-07 18:30

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1200)

c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll

c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax

c:\program files\K-Lite Codec Pack\Filters\DivXDecH264.ax

.

Completion time: 2012-02-07 18:33:12

ComboFix-quarantined-files.txt 2012-02-07 18:32

ComboFix2.txt 2012-01-03 21:32

ComboFix3.txt 2012-01-03 21:17

ComboFix4.txt 2011-11-29 00:54

.

Pre-Run: 18,778,284,032 bytes free

Post-Run: 18,926,043,136 bytes free

.

- - End Of File - - FEB287B561E1D11AD852F97B317B8C42

ComboFix 12-02-07.01 - James 07/02/2012 19:28:42.3.2 - x86 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1664 [GMT 0:00]

Running from: c:\users\James\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Created from 2012-01-07 to 2012-02-07 )))))))))))))))))))))))))))))))

.

.

2012-02-07 19:34 . 2012-02-07 19:34 -------- d-----w- c:\users\James\AppData\Local\temp

2012-02-07 19:34 . 2012-02-07 19:34 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-02-07 19:34 . 2012-02-07 19:34 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-02-07 19:34 . 2012-02-07 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-28 20:48 . 2011-11-28 20:46 114688 ----a-w- c:\windows\system32\TODDSrv.exe

2011-11-28 18:28 . 2011-10-25 18:14 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

*NewlyCreated* - ECACHE

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2012-02-07 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{2C9C50B8-1AB9-4594-82E4-23E0D8B3155A}: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-07 19:34

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1528)

c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll

c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax

c:\program files\K-Lite Codec Pack\Filters\DivXDecH264.ax

.

Completion time: 2012-02-07 19:36:38

ComboFix-quarantined-files.txt 2012-02-07 19:36

ComboFix2.txt 2012-02-07 18:33

ComboFix3.txt 2012-01-03 21:32

ComboFix4.txt 2012-01-03 21:17

ComboFix5.txt 2012-02-07 19:27

.

Pre-Run: 19,040,370,688 bytes free

Post-Run: 18,921,582,592 bytes free

.

- - End Of File - - EF161D81AF500FDCB39FAEED3E37F12A

Link to post
Share on other sites

apologies, the new combofix log

ComboFix 12-02-11.02 - James 12/02/2012 10:56:40.6.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2037.1024 [GMT 0:00]

Running from: c:\users\James\Downloads\ComboFix.exe

Command switches used :: c:\users\James\Desktop\CFScript.txt

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-01-12 to 2012-02-12 )))))))))))))))))))))))))))))))

.

.

2012-02-12 11:10 . 2012-02-12 11:10 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-02-12 11:10 . 2012-02-12 11:10 -------- d-----w- c:\users\Mcx1\AppData\Local\temp

2012-02-12 11:10 . 2012-02-12 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-11 20:26 . 2012-02-12 11:14 -------- d-----w- c:\users\James\AppData\Local\temp

2012-02-11 17:29 . 2012-02-11 23:29 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\users\James\AppData\Roaming\Malwarebytes

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\programdata\Malwarebytes

2012-02-09 17:20 . 2012-02-09 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2

2012-02-09 17:20 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-12 11:10 . 2011-06-18 19:44 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys

2011-11-28 20:48 . 2011-11-28 20:46 114688 ----a-w- c:\windows\system32\TODDSrv.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-02-04 15:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 413696]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-22 39408]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 4349952]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-19 411768]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-29 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 34352]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-11-01 438272]

"NDSTray.exe"="NDSTray.exe" [bU]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 107112]

"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-26 22696]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-03-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-01-13 90191]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-01-13 7766016]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-01-13 81920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-28 98304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-28 106496]

"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-28 81920]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 571024]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"lxdjmon.exe"="c:\program files\Lexmark 1400 Series\lxdjmon.exe" [bU]

"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-03-06 20480]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-20 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - James.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-07 17:48]

.

2012-02-12 c:\windows\Tasks\User_Feed_Synchronization-{D5815784-CB4B-4F4B-978B-D33494B927EA}.job

- c:\windows\system32\msfeedssync.exe [2011-08-03 04:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{2C9C50B8-1AB9-4594-82E4-23E0D8B3155A}: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\it6s0yzi.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-02-12 11:13

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????T??g????8?8?`?8???8???8??

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b4

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(7728)

c:\windows\system32\faxonnet.dll

c:\windows\system32\adenw32.dll

c:\program files\K-Lite Codec Pack\Filters\vsfilter.dll

c:\program files\K-Lite Codec Pack\ffdshow\ffdshow.ax

c:\program files\K-Lite Codec Pack\Filters\DivXDecH264.ax

.

------------------------ Other Running Processes ------------------------

.

c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\NetLimiter 2 Pro\nlsvc.exe

c:\windows\system32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\program files\NetLimiter 2 Pro\NLClient.exe

c:\program files\NetLimiter 2 Pro\NLClient.exe

c:\windows\RtHDVCpl.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\System32\rundll32.exe

c:\program files\Apoint2K\ApMsgFwd.exe

c:\windows\ehome\ehmsas.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\Windows Mail\WinMail.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\NetLimiter 2 Pro\NLClient.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\system32\WerFault.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\System32\wsqmcons.exe

c:\windows\system32\schtasks.exe

.

**************************************************************************

.

Completion time: 2012-02-12 11:22:51 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-12 11:22

ComboFix2.txt 2012-02-11 20:26

ComboFix3.txt 2012-02-11 18:35

ComboFix4.txt 2012-02-11 16:34

ComboFix5.txt 2012-02-12 10:54

.

Pre-Run: 19,066,761,216 bytes free

Post-Run: 19,064,180,736 bytes free

.

- - End Of File - - CFBA803EF18A9A6ED612BE34A2513B13

Link to post
Share on other sites

Besides that, how is the computer running?

Please click Start > Programs > accessories, right click Command Prompt and select "run as administrator".

Type chkdsk /r and press enter.

When asked to schedule the disk check for next reboot, type Y and press enter.

Restart your computer and let the disk check run unhindered. When done see if MBAM still BSODs during the scan.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.