Jump to content

Recommended Posts

Hi,

I have run our malawarebytes scan numerous times now, and although it is identtifying the svchost.exe as a malcious trojan.agent, it sees unable to complete the process to remove it. Each time, is says that it needs to reboot to complete elimination of the threat, but upon rebooting, it is failing to remove the file and I am still to have various problems relating to a windows command processor promt (apparently this is some sort of virus when I googled) continualy appearing and asking to make cahnges to the computer, and failure for many things to start. Within a couple of minutes, the computer usually crashes, following a blue screen message. Think this is something to do with the virus causing very heavy CPU activity. I have attached the files as requested below and am praying someone can help!

Thanks in advance,

Emma

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello Emma and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall the following applications: vShare Plugin and BitTorrent.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 3

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

In your next post, please include:

  • TDSSKiller log
  • ComboFix log

Link to post
Share on other sites

Hi, thanks for your help. I have done as suggested. I seem to have two TDSSKiller logs so have included both, as well as Combo fix log. Please see logs below,

Thanks, Emma

TDSSKiller Log

6:14:41.0073 3504 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

16:14:43.0086 3504 ============================================================

16:14:43.0086 3504 Current date / time: 2012/02/16 16:14:43.0086

16:14:43.0086 3504 SystemInfo:

16:14:43.0086 3504

16:14:43.0086 3504 OS Version: 6.1.7600 ServicePack: 0.0

16:14:43.0086 3504 Product type: Workstation

16:14:43.0086 3504 ComputerName: EMMADUNCAN-TOSH

16:14:43.0086 3504 UserName: Emma Duncan

16:14:43.0086 3504 Windows directory: C:\Windows

16:14:43.0086 3504 System windows directory: C:\Windows

16:14:43.0086 3504 Running under WOW64

16:14:43.0086 3504 Processor architecture: Intel x64

16:14:43.0086 3504 Number of processors: 4

16:14:43.0086 3504 Page size: 0x1000

16:14:43.0086 3504 Boot type: Normal boot

16:14:43.0086 3504 ============================================================

16:14:44.0817 3504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:14:44.0833 3504 \Device\Harddisk0\DR0:

16:14:44.0833 3504 MBR used

16:14:44.0833 3504 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12AD4000

16:14:44.0833 3504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12B9C800, BlocksNum 0x12891800

16:14:44.0926 3504 Initialize success

16:14:44.0926 3504 ============================================================

16:15:59.0073 3548 ============================================================

16:15:59.0073 3548 Scan started

16:15:59.0073 3548 Mode: Manual; SigCheck; TDLFS;

16:15:59.0073 3548 ============================================================

16:16:00.0306 3548 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys

16:16:00.0446 3548 1394ohci - ok

16:16:00.0618 3548 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys

16:16:00.0649 3548 ACPI - ok

16:16:00.0774 3548 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys

16:16:00.0867 3548 AcpiPmi - ok

16:16:01.0023 3548 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:16:01.0070 3548 adp94xx - ok

16:16:01.0195 3548 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:16:01.0242 3548 adpahci - ok

16:16:01.0351 3548 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:16:01.0398 3548 adpu320 - ok

16:16:01.0569 3548 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

16:16:01.0663 3548 AFD - ok

16:16:01.0819 3548 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys

16:16:01.0897 3548 AgereSoftModem - ok

16:16:02.0006 3548 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

16:16:02.0037 3548 agp440 - ok

16:16:02.0178 3548 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

16:16:02.0209 3548 aliide - ok

16:16:02.0365 3548 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

16:16:02.0381 3548 amdide - ok

16:16:02.0505 3548 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:16:02.0537 3548 AmdK8 - ok

16:16:02.0661 3548 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:16:02.0708 3548 AmdPPM - ok

16:16:02.0833 3548 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

16:16:02.0880 3548 amdsata - ok

16:16:02.0989 3548 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:16:03.0020 3548 amdsbs - ok

16:16:03.0145 3548 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

16:16:03.0207 3548 amdxata - ok

16:16:03.0332 3548 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

16:16:03.0441 3548 AppID - ok

16:16:03.0582 3548 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:16:03.0613 3548 arc - ok

16:16:03.0707 3548 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:16:03.0738 3548 arcsas - ok

16:16:03.0878 3548 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:16:04.0003 3548 AsyncMac - ok

16:16:04.0143 3548 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

16:16:04.0175 3548 atapi - ok

16:16:04.0424 3548 atikmdag (c9f90fee4fdc829382b9130a92fb744c) C:\Windows\system32\DRIVERS\atikmdag.sys

16:16:04.0627 3548 atikmdag - ok

16:16:04.0752 3548 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:16:04.0845 3548 b06bdrv - ok

16:16:04.0955 3548 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:16:05.0017 3548 b57nd60a - ok

16:16:05.0157 3548 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:16:05.0220 3548 Beep - ok

16:16:05.0329 3548 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:16:05.0376 3548 blbdrive - ok

16:16:05.0532 3548 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

16:16:05.0641 3548 bowser - ok

16:16:05.0750 3548 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:16:05.0813 3548 BrFiltLo - ok

16:16:05.0922 3548 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:16:05.0969 3548 BrFiltUp - ok

16:16:06.0062 3548 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:16:06.0125 3548 Brserid - ok

16:16:06.0234 3548 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:16:06.0296 3548 BrSerWdm - ok

16:16:06.0421 3548 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:16:06.0483 3548 BrUsbMdm - ok

16:16:06.0608 3548 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:16:06.0639 3548 BrUsbSer - ok

16:16:06.0764 3548 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:16:06.0827 3548 BTHMODEM - ok

16:16:06.0936 3548 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:16:06.0998 3548 cdfs - ok

16:16:07.0201 3548 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\drivers\cdrom.sys

16:16:07.0232 3548 cdrom - ok

16:16:07.0373 3548 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:16:07.0419 3548 circlass - ok

16:16:07.0513 3548 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:16:07.0544 3548 CLFS - ok

16:16:07.0731 3548 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:16:07.0778 3548 CmBatt - ok

16:16:07.0887 3548 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

16:16:07.0919 3548 cmdide - ok

16:16:08.0059 3548 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

16:16:08.0121 3548 CNG - ok

16:16:08.0246 3548 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:16:08.0277 3548 Compbatt - ok

16:16:08.0418 3548 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys

16:16:08.0465 3548 CompositeBus - ok

16:16:08.0605 3548 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:16:08.0636 3548 crcdisk - ok

16:16:08.0792 3548 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

16:16:08.0855 3548 ctxusbm - ok

16:16:09.0011 3548 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

16:16:09.0120 3548 DfsC - ok

16:16:09.0245 3548 dg_ssudbus (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys

16:16:09.0291 3548 dg_ssudbus - ok

16:16:09.0432 3548 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:16:09.0525 3548 discache - ok

16:16:09.0635 3548 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:16:09.0666 3548 Disk - ok

16:16:09.0791 3548 dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

16:16:09.0853 3548 dot4 - ok

16:16:10.0009 3548 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\drivers\Dot4Prt.sys

16:16:10.0056 3548 Dot4Print - ok

16:16:10.0149 3548 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

16:16:10.0212 3548 dot4usb - ok

16:16:10.0337 3548 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:16:10.0383 3548 drmkaud - ok

16:16:10.0508 3548 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

16:16:10.0602 3548 DXGKrnl - ok

16:16:10.0773 3548 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:16:10.0914 3548 ebdrv - ok

16:16:11.0039 3548 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:16:11.0070 3548 elxstor - ok

16:16:11.0195 3548 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

16:16:11.0241 3548 ErrDev - ok

16:16:11.0366 3548 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:16:11.0444 3548 exfat - ok

16:16:11.0538 3548 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:16:11.0600 3548 fastfat - ok

16:16:11.0709 3548 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:16:11.0772 3548 fdc - ok

16:16:11.0865 3548 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:16:11.0897 3548 FileInfo - ok

16:16:11.0990 3548 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:16:12.0068 3548 Filetrace - ok

16:16:12.0162 3548 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:16:12.0209 3548 flpydisk - ok

16:16:12.0318 3548 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

16:16:12.0365 3548 FltMgr - ok

16:16:12.0489 3548 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:16:12.0521 3548 FsDepends - ok

16:16:12.0614 3548 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

16:16:12.0630 3548 Fs_Rec - ok

16:16:12.0786 3548 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

16:16:12.0864 3548 fvevol - ok

16:16:12.0973 3548 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:16:13.0004 3548 gagp30kx - ok

16:16:13.0145 3548 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:16:13.0191 3548 GEARAspiWDM - ok

16:16:13.0363 3548 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:16:13.0425 3548 hcw85cir - ok

16:16:13.0566 3548 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

16:16:13.0628 3548 HdAudAddService - ok

16:16:13.0769 3548 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys

16:16:13.0815 3548 HDAudBus - ok

16:16:13.0940 3548 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

16:16:14.0003 3548 HECIx64 - ok

16:16:14.0112 3548 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:16:14.0143 3548 HidBatt - ok

16:16:14.0252 3548 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:16:14.0315 3548 HidBth - ok

16:16:14.0424 3548 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:16:14.0455 3548 HidIr - ok

16:16:14.0595 3548 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys

16:16:14.0642 3548 HidUsb - ok

16:16:14.0767 3548 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys

16:16:14.0783 3548 HpSAMD - ok

16:16:14.0923 3548 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

16:16:14.0985 3548 HTTP - ok

16:16:15.0173 3548 hwdatacard (21f59a1e203f637563c7fff5de2b2b85) C:\Windows\system32\DRIVERS\ewusbmdm.sys

16:16:15.0266 3548 hwdatacard - ok

16:16:15.0360 3548 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

16:16:15.0391 3548 hwpolicy - ok

16:16:15.0547 3548 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

16:16:15.0578 3548 i8042prt - ok

16:16:15.0703 3548 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys

16:16:15.0719 3548 iaStor - ok

16:16:15.0859 3548 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

16:16:15.0921 3548 iaStorV - ok

16:16:16.0031 3548 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:16:16.0062 3548 iirsp - ok

16:16:16.0187 3548 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys

16:16:16.0265 3548 Impcd - ok

16:16:16.0421 3548 IntcAzAudAddService (59b0bba422f04467e8c89b7ce6ae95e1) C:\Windows\system32\drivers\RTKVHD64.sys

16:16:16.0514 3548 IntcAzAudAddService - ok

16:16:16.0608 3548 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

16:16:16.0639 3548 intelide - ok

16:16:16.0701 3548 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:16:16.0733 3548 intelppm - ok

16:16:16.0857 3548 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:16:16.0920 3548 IpFilterDriver - ok

16:16:17.0060 3548 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys

16:16:17.0107 3548 IPMIDRV - ok

16:16:17.0232 3548 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:16:17.0310 3548 IPNAT - ok

16:16:17.0450 3548 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:16:17.0481 3548 IRENUM - ok

16:16:17.0606 3548 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

16:16:17.0637 3548 isapnp - ok

16:16:17.0778 3548 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys

16:16:17.0809 3548 iScsiPrt - ok

16:16:17.0934 3548 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

16:16:17.0965 3548 kbdclass - ok

16:16:18.0074 3548 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys

16:16:18.0105 3548 kbdhid - ok

16:16:18.0246 3548 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

16:16:18.0293 3548 KSecDD - ok

16:16:18.0402 3548 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

16:16:18.0449 3548 KSecPkg - ok

16:16:18.0589 3548 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:16:18.0667 3548 ksthunk - ok

16:16:18.0823 3548 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:16:18.0901 3548 lltdio - ok

16:16:19.0057 3548 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\Windows\system32\DRIVERS\LPCFilter.sys

16:16:19.0104 3548 LPCFilter - ok

16:16:19.0197 3548 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:16:19.0229 3548 LSI_FC - ok

16:16:19.0338 3548 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:16:19.0369 3548 LSI_SAS - ok

16:16:19.0494 3548 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:16:19.0525 3548 LSI_SAS2 - ok

16:16:19.0650 3548 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:16:19.0681 3548 LSI_SCSI - ok

16:16:19.0806 3548 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:16:19.0884 3548 luafv - ok

16:16:20.0040 3548 massfilter (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys

16:16:20.0118 3548 massfilter - ok

16:16:20.0243 3548 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

16:16:20.0258 3548 MBAMProtector - ok

16:16:20.0430 3548 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:16:20.0461 3548 megasas - ok

16:16:20.0555 3548 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:16:20.0586 3548 MegaSR - ok

16:16:20.0679 3548 mfeavfk (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys

16:16:20.0726 3548 mfeavfk - ok

16:16:20.0851 3548 mfehidk (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys

16:16:20.0929 3548 mfehidk - ok

16:16:21.0054 3548 mferkdk (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys

16:16:21.0101 3548 mferkdk - ok

16:16:21.0179 3548 mfesmfk (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys

16:16:21.0241 3548 mfesmfk - ok

16:16:21.0350 3548 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:16:21.0444 3548 Modem - ok

16:16:21.0553 3548 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:16:21.0600 3548 monitor - ok

16:16:21.0740 3548 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

16:16:21.0756 3548 mouclass - ok

16:16:21.0896 3548 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:16:21.0927 3548 mouhid - ok

16:16:22.0068 3548 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

16:16:22.0083 3548 mountmgr - ok

16:16:22.0224 3548 MPFP (dfed96e61756c67533bae6b7d5f8cca3) C:\Windows\system32\Drivers\Mpfp.sys

16:16:22.0286 3548 MPFP - ok

16:16:22.0411 3548 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys

16:16:22.0442 3548 mpio - ok

16:16:22.0567 3548 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:16:22.0645 3548 mpsdrv - ok

16:16:22.0739 3548 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

16:16:22.0785 3548 MRxDAV - ok

16:16:22.0895 3548 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:16:22.0988 3548 mrxsmb - ok

16:16:23.0113 3548 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:16:23.0175 3548 mrxsmb10 - ok

16:16:23.0300 3548 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:16:23.0394 3548 mrxsmb20 - ok

16:16:23.0503 3548 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys

16:16:23.0534 3548 msahci - ok

16:16:23.0628 3548 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys

16:16:23.0659 3548 msdsm - ok

16:16:23.0799 3548 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:16:23.0846 3548 Msfs - ok

16:16:23.0971 3548 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:16:24.0065 3548 mshidkmdf - ok

16:16:24.0189 3548 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

16:16:24.0205 3548 msisadrv - ok

16:16:24.0345 3548 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:16:24.0408 3548 MSKSSRV - ok

16:16:24.0517 3548 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:16:24.0611 3548 MSPCLOCK - ok

16:16:24.0720 3548 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:16:24.0813 3548 MSPQM - ok

16:16:24.0938 3548 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

16:16:24.0969 3548 MsRPC - ok

16:16:25.0110 3548 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

16:16:25.0141 3548 mssmbios - ok

16:16:25.0266 3548 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:16:25.0328 3548 MSTEE - ok

16:16:25.0422 3548 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:16:25.0469 3548 MTConfig - ok

16:16:25.0578 3548 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:16:25.0609 3548 Mup - ok

16:16:25.0718 3548 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:16:25.0781 3548 NativeWifiP - ok

16:16:25.0921 3548 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

16:16:25.0983 3548 NDIS - ok

16:16:26.0093 3548 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:16:26.0171 3548 NdisCap - ok

16:16:26.0295 3548 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:16:26.0342 3548 NdisTapi - ok

16:16:26.0436 3548 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

16:16:26.0529 3548 Ndisuio - ok

16:16:26.0639 3548 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:16:26.0732 3548 NdisWan - ok

16:16:26.0826 3548 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

16:16:26.0904 3548 NDProxy - ok

16:16:27.0029 3548 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:16:27.0107 3548 NetBIOS - ok

16:16:27.0231 3548 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

16:16:27.0309 3548 NetBT - ok

16:16:27.0450 3548 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:16:27.0481 3548 nfrd960 - ok

16:16:27.0575 3548 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:16:27.0653 3548 Npfs - ok

16:16:27.0762 3548 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:16:27.0824 3548 nsiproxy - ok

16:16:27.0980 3548 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

16:16:28.0058 3548 Ntfs - ok

16:16:28.0183 3548 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:16:28.0261 3548 Null - ok

16:16:28.0386 3548 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

16:16:28.0464 3548 nvraid - ok

16:16:28.0604 3548 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

16:16:28.0667 3548 nvstor - ok

16:16:28.0791 3548 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

16:16:28.0838 3548 nv_agp - ok

16:16:28.0947 3548 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

16:16:28.0994 3548 ohci1394 - ok

16:16:29.0135 3548 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:16:29.0181 3548 Parport - ok

16:16:29.0291 3548 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

16:16:29.0322 3548 partmgr - ok

16:16:29.0431 3548 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys

16:16:29.0462 3548 pci - ok

16:16:29.0571 3548 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

16:16:29.0603 3548 pciide - ok

16:16:29.0727 3548 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:16:29.0759 3548 pcmcia - ok

16:16:29.0883 3548 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:16:29.0899 3548 pcw - ok

16:16:30.0055 3548 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:16:30.0133 3548 PEAUTH - ok

16:16:30.0242 3548 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys

16:16:30.0289 3548 PGEffect - ok

16:16:30.0414 3548 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

16:16:30.0492 3548 PptpMiniport - ok

16:16:30.0601 3548 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:16:30.0632 3548 Processor - ok

16:16:30.0757 3548 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

16:16:30.0835 3548 Psched - ok

16:16:30.0991 3548 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:16:31.0053 3548 ql2300 - ok

16:16:31.0178 3548 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:16:31.0209 3548 ql40xx - ok

16:16:31.0334 3548 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:16:31.0365 3548 QWAVEdrv - ok

16:16:31.0490 3548 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:16:31.0537 3548 RasAcd - ok

16:16:31.0662 3548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:16:31.0740 3548 RasAgileVpn - ok

16:16:31.0849 3548 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:16:31.0943 3548 Rasl2tp - ok

16:16:32.0067 3548 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:16:32.0145 3548 RasPppoe - ok

16:16:32.0255 3548 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:16:32.0333 3548 RasSstp - ok

16:16:32.0442 3548 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

16:16:32.0520 3548 rdbss - ok

16:16:32.0629 3548 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:16:32.0691 3548 rdpbus - ok

16:16:32.0816 3548 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:16:32.0894 3548 RDPCDD - ok

16:16:33.0019 3548 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:16:33.0097 3548 RDPENCDD - ok

16:16:33.0206 3548 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:16:33.0284 3548 RDPREFMP - ok

16:16:33.0378 3548 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

16:16:33.0471 3548 RDPWD - ok

16:16:33.0596 3548 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

16:16:33.0627 3548 rdyboost - ok

16:16:33.0783 3548 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:16:33.0861 3548 rspndr - ok

16:16:34.0049 3548 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys

16:16:34.0127 3548 RSUSBSTOR - ok

16:16:34.0236 3548 RTHDMIAzAudService (483c537e69fa97c77f7fe0e2e1c1f102) C:\Windows\system32\drivers\RtHDMIVX.sys

16:16:34.0283 3548 RTHDMIAzAudService - ok

16:16:34.0392 3548 RTL8167 (365ed58b47b46de8b1c5fa759b6fcd6e) C:\Windows\system32\DRIVERS\Rt64win7.sys

16:16:34.0532 3548 RTL8167 - ok

16:16:34.0673 3548 RTL8187Se (3ec7911ed886dc5d8a9f70129254679c) C:\Windows\system32\DRIVERS\RTL8187Se.sys

16:16:34.0719 3548 RTL8187Se - ok

16:16:34.0860 3548 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\Windows\system32\DRIVERS\rtl8192se.sys

16:16:34.0938 3548 rtl8192se - ok

16:16:35.0047 3548 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys

16:16:35.0078 3548 sbp2port - ok

16:16:35.0172 3548 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

16:16:35.0234 3548 scfilter - ok

16:16:35.0375 3548 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:16:35.0437 3548 secdrv - ok

16:16:35.0562 3548 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:16:35.0593 3548 Serenum - ok

16:16:35.0702 3548 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:16:35.0733 3548 Serial - ok

16:16:35.0858 3548 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:16:35.0905 3548 sermouse - ok

16:16:36.0014 3548 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

16:16:36.0061 3548 sffdisk - ok

16:16:36.0186 3548 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

16:16:36.0233 3548 sffp_mmc - ok

16:16:36.0342 3548 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys

16:16:36.0389 3548 sffp_sd - ok

16:16:36.0498 3548 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:16:36.0545 3548 sfloppy - ok

16:16:36.0669 3548 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:16:36.0685 3548 SiSRaid2 - ok

16:16:36.0794 3548 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:16:36.0825 3548 SiSRaid4 - ok

16:16:36.0950 3548 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:16:37.0013 3548 Smb - ok

16:16:37.0137 3548 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:16:37.0153 3548 spldr - ok

16:16:37.0309 3548 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

16:16:37.0403 3548 srv - ok

16:16:37.0527 3548 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

16:16:37.0605 3548 srv2 - ok

16:16:37.0715 3548 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

16:16:37.0793 3548 srvnet - ok

16:16:37.0949 3548 ssudmdm (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys

16:16:37.0995 3548 ssudmdm - ok

16:16:38.0120 3548 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:16:38.0136 3548 stexstor - ok

16:16:38.0261 3548 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

16:16:38.0292 3548 swenum - ok

16:16:38.0463 3548 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\Windows\system32\DRIVERS\SynTP.sys

16:16:38.0526 3548 SynTP - ok

16:16:38.0713 3548 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

16:16:38.0807 3548 Tcpip - ok

16:16:38.0978 3548 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

16:16:39.0025 3548 TCPIP6 - ok

16:16:39.0150 3548 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

16:16:39.0197 3548 tcpipreg - ok

16:16:39.0384 3548 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys

16:16:39.0431 3548 tdcmdpst - ok

16:16:39.0524 3548 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:16:39.0618 3548 TDPIPE - ok

16:16:39.0727 3548 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

16:16:39.0821 3548 TDTCP - ok

16:16:39.0930 3548 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

16:16:40.0008 3548 tdx - ok

16:16:40.0133 3548 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys

16:16:40.0164 3548 TermDD - ok

16:16:40.0382 3548 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys

16:16:40.0460 3548 tos_sps64 - ok

16:16:40.0585 3548 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:16:40.0647 3548 tssecsrv - ok

16:16:40.0757 3548 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

16:16:40.0835 3548 tunnel - ok

16:16:40.0944 3548 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

16:16:41.0006 3548 TVALZ - ok

16:16:41.0100 3548 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\Windows\system32\DRIVERS\TVALZFL.sys

16:16:41.0147 3548 TVALZFL - ok

16:16:41.0240 3548 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:16:41.0271 3548 uagp35 - ok

16:16:41.0381 3548 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

16:16:41.0474 3548 udfs - ok

16:16:41.0599 3548 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

16:16:41.0630 3548 uliagpkx - ok

16:16:41.0771 3548 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\drivers\umbus.sys

16:16:41.0802 3548 umbus - ok

16:16:41.0911 3548 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:16:41.0958 3548 UmPass - ok

16:16:42.0067 3548 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

16:16:42.0161 3548 USBAAPL64 - ok

16:16:42.0270 3548 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

16:16:42.0348 3548 usbccgp - ok

16:16:42.0488 3548 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

16:16:42.0551 3548 usbcir - ok

16:16:42.0707 3548 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys

16:16:42.0785 3548 usbehci - ok

16:16:42.0941 3548 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

16:16:43.0019 3548 usbhub - ok

16:16:43.0112 3548 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys

16:16:43.0190 3548 usbohci - ok

16:16:43.0284 3548 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:16:43.0346 3548 usbprint - ok

16:16:43.0455 3548 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

16:16:43.0518 3548 usbscan - ok

16:16:43.0643 3548 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:16:43.0736 3548 USBSTOR - ok

16:16:43.0861 3548 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

16:16:43.0923 3548 usbuhci - ok

16:16:44.0079 3548 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

16:16:44.0189 3548 usbvideo - ok

16:16:44.0298 3548 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

16:16:44.0329 3548 vdrvroot - ok

16:16:44.0485 3548 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:16:44.0516 3548 vga - ok

16:16:44.0625 3548 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:16:44.0719 3548 VgaSave - ok

16:16:44.0844 3548 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys

16:16:44.0891 3548 vhdmp - ok

16:16:44.0984 3548 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

16:16:45.0015 3548 viaide - ok

16:16:45.0140 3548 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys

16:16:45.0156 3548 volmgr - ok

16:16:45.0296 3548 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

16:16:45.0327 3548 volmgrx - ok

16:16:45.0468 3548 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys

16:16:45.0499 3548 volsnap - ok

16:16:45.0624 3548 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:16:45.0655 3548 vsmraid - ok

16:16:45.0780 3548 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

16:16:45.0827 3548 vwifibus - ok

16:16:45.0936 3548 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

16:16:45.0998 3548 vwififlt - ok

16:16:46.0139 3548 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

16:16:46.0170 3548 vwifimp - ok

16:16:46.0263 3548 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:16:46.0295 3548 WacomPen - ok

16:16:46.0419 3548 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:16:46.0497 3548 WANARP - ok

16:16:46.0513 3548 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:16:46.0560 3548 Wanarpv6 - ok

16:16:46.0685 3548 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:16:46.0716 3548 Wd - ok

16:16:46.0856 3548 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:16:46.0903 3548 Wdf01000 - ok

16:16:47.0012 3548 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:16:47.0075 3548 WfpLwf - ok

16:16:47.0199 3548 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:16:47.0215 3548 WIMMount - ok

16:16:47.0465 3548 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

16:16:47.0511 3548 WinUsb - ok

16:16:47.0621 3548 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

16:16:47.0667 3548 WmiAcpi - ok

16:16:47.0823 3548 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:16:47.0870 3548 ws2ifsl - ok

16:16:48.0011 3548 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

16:16:48.0089 3548 WudfPf - ok

16:16:48.0198 3548 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:16:48.0276 3548 WUDFRd - ok

16:16:48.0416 3548 ZTEusbmdm6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

16:16:48.0525 3548 ZTEusbmdm6k - ok

16:16:48.0666 3548 ZTEusbnmea (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

16:16:48.0713 3548 ZTEusbnmea - ok

16:16:48.0853 3548 ZTEusbser6k (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

16:16:48.0915 3548 ZTEusbser6k - ok

16:16:48.0978 3548 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

16:16:49.0025 3548 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

16:16:49.0025 3548 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

16:16:49.0539 3548 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:16:49.0539 3548 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:16:49.0555 3548 Boot (0x1200) (7609f19f306cb518114e9b28a1b8b8c4) \Device\Harddisk0\DR0\Partition0

16:16:49.0555 3548 \Device\Harddisk0\DR0\Partition0 - ok

16:16:49.0571 3548 Boot (0x1200) (ad8882ecea93101862dd3e2a01486166) \Device\Harddisk0\DR0\Partition1

16:16:49.0586 3548 \Device\Harddisk0\DR0\Partition1 - ok

16:16:49.0586 3548 ============================================================

16:16:49.0586 3548 Scan finished

16:16:49.0586 3548 ============================================================

16:16:49.0602 3048 Detected object count: 2

16:16:49.0602 3048 Actual detected object count: 2

16:18:48.0848 3048 \Device\Harddisk0\DR0\# - copied to quarantine

16:18:48.0848 3048 \Device\Harddisk0\DR0 - copied to quarantine

16:18:49.0660 3048 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

16:18:49.0691 3048 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

16:18:49.0722 3048 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

16:18:49.0753 3048 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

16:18:49.0784 3048 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

16:18:49.0816 3048 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

16:18:49.0831 3048 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

16:18:49.0847 3048 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

16:18:49.0847 3048 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

16:18:49.0847 3048 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

16:18:49.0909 3048 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

16:18:49.0925 3048 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

16:18:49.0940 3048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

16:18:49.0940 3048 \Device\Harddisk0\DR0 - ok

16:18:49.0940 3048 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

16:18:49.0940 3048 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:18:49.0940 3048 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

16:19:35.0836 6896 Deinitialize success

SECOND TDSSKILLER LOG:

17:18:53.0955 1728 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

17:18:54.0642 1728 ============================================================

17:18:54.0642 1728 Current date / time: 2012/02/16 17:18:54.0642

17:18:54.0642 1728 SystemInfo:

17:18:54.0642 1728

17:18:54.0642 1728 OS Version: 6.1.7600 ServicePack: 0.0

17:18:54.0642 1728 Product type: Workstation

17:18:54.0642 1728 ComputerName: EMMADUNCAN-TOSH

17:18:54.0642 1728 UserName: Emma Duncan

17:18:54.0642 1728 Windows directory: C:\Windows

17:18:54.0642 1728 System windows directory: C:\Windows

17:18:54.0642 1728 Running under WOW64

17:18:54.0642 1728 Processor architecture: Intel x64

17:18:54.0642 1728 Number of processors: 4

17:18:54.0642 1728 Page size: 0x1000

17:18:54.0642 1728 Boot type: Normal boot

17:18:54.0642 1728 ============================================================

17:18:55.0344 1728 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:18:55.0359 1728 \Device\Harddisk0\DR0:

17:18:55.0359 1728 MBR used

17:18:55.0359 1728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12AD4000

17:18:55.0359 1728 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12B9C800, BlocksNum 0x12891800

17:18:55.0437 1728 Initialize success

17:18:55.0437 1728 ============================================================

17:18:58.0121 4648 Deinitialize success

Combofix log:

ComboFix 12-02-13.01 - Emma Duncan 16/02/2012 16:51:44.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3958.2523 [GMT 0:00]

Running from: c:\users\Emma Duncan\Desktop\ComboFix.exe

AV: McAfee VirusScan *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee VirusScan *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\3

c:\program files (x86)\3\3Connect\3ConnectHelp.chm

c:\program files (x86)\3\3Connect\AceDB.encrypt

c:\program files (x86)\3\3Connect\BEC_Reset.exe

c:\program files (x86)\3\3Connect\BecHelperService.exe

c:\program files (x86)\3\3Connect\birdstepdns.cmd

c:\program files (x86)\3\3Connect\birdstepip.cmd

c:\program files (x86)\3\3Connect\birdstepping.cmd

c:\program files (x86)\3\3Connect\birdsteppingv2.cmd

c:\program files (x86)\3\3Connect\BlackListedDev.cfg

c:\program files (x86)\3\3Connect\BlacklistedProcesses.xml

c:\program files (x86)\3\3Connect\browsing1.html

c:\program files (x86)\3\3Connect\cable_image.gif

c:\program files (x86)\3\3Connect\capicom.dll

c:\program files (x86)\3\3Connect\checkdata_online.html

c:\program files (x86)\3\3Connect\CiscoApiWrapper.dll

c:\program files (x86)\3\3Connect\Config.dat

c:\program files (x86)\3\3Connect\Config.encrypt

c:\program files (x86)\3\3Connect\Config.xml

c:\program files (x86)\3\3Connect\Config_23420.encrypt

c:\program files (x86)\3\3Connect\Config_23420.xml

c:\program files (x86)\3\3Connect\Config_27205.encrypt

c:\program files (x86)\3\3Connect\Config_27205.xml

c:\program files (x86)\3\3Connect\Config_Default.encrypt

c:\program files (x86)\3\3Connect\Config_Default.xml

c:\program files (x86)\3\3Connect\ConfigAup.encrypt

c:\program files (x86)\3\3Connect\ConfigAup.xml

c:\program files (x86)\3\3Connect\connecting1.html

c:\program files (x86)\3\3Connect\Content.css2

c:\program files (x86)\3\3Connect\Convert.xsl

c:\program files (x86)\3\3Connect\datausageguide1.html

c:\program files (x86)\3\3Connect\DeviceInstaller.exe

c:\program files (x86)\3\3Connect\Devices.xml

c:\program files (x86)\3\3Connect\Dialog.cfg

c:\program files (x86)\3\3Connect\ElevatedShell.exe

c:\program files (x86)\3\3Connect\endpoint.css

c:\program files (x86)\3\3Connect\endpoint2.css

c:\program files (x86)\3\3Connect\ExeAddOns\versionpatch.exe

c:\program files (x86)\3\3Connect\Flash.ocx

c:\program files (x86)\3\3Connect\homepage1.html

c:\program files (x86)\3\3Connect\HuaweiE220.dll

c:\program files (x86)\3\3Connect\ImportConfiguration.exe

c:\program files (x86)\3\3Connect\improve.htm

c:\program files (x86)\3\3Connect\incompatiblesoft.htm

c:\program files (x86)\3\3Connect\InstallHelpers.dll

c:\program files (x86)\3\3Connect\installservice.exe

c:\program files (x86)\3\3Connect\Killautorun.exe

c:\program files (x86)\3\3Connect\LanDevice.dll

c:\program files (x86)\3\3Connect\lastbill.htm

c:\program files (x86)\3\3Connect\live.css

c:\program files (x86)\3\3Connect\Logger.dll

c:\program files (x86)\3\3Connect\Mbb_abroad.htm

c:\program files (x86)\3\3Connect\mfc80u.dll

c:\program files (x86)\3\3Connect\Microsoft.VC80.CRT.manifest

c:\program files (x86)\3\3Connect\Microsoft.VC80.MFC.manifest

c:\program files (x86)\3\3Connect\modemcust.cfg

c:\program files (x86)\3\3Connect\modeminfo.cfg

c:\program files (x86)\3\3Connect\Modems\ZTE_1.2059.0.8.exe

c:\program files (x86)\3\3Connect\msvcp80.dll

c:\program files (x86)\3\3Connect\msvcr80.dll

c:\program files (x86)\3\3Connect\NetworkCodes.cfg

c:\program files (x86)\3\3Connect\OperatorList.xml

c:\program files (x86)\3\3Connect\OptGlobetrotterGTMax72.dll

c:\program files (x86)\3\3Connect\PatchInfo.ini

c:\program files (x86)\3\3Connect\ping1.html

c:\program files (x86)\3\3Connect\pingtest.JPG

c:\program files (x86)\3\3Connect\proxy.JPG

c:\program files (x86)\3\3Connect\Res.dll

c:\program files (x86)\3\3Connect\Roaming\RoamingPrice_23420.ini

c:\program files (x86)\3\3Connect\Skins\FlashSkin\gui.swf

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\account.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\arrow_dwn.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\arrow_up.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\background_history.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\background_main.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\background_rss.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\background_sidebox.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_back.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_connect.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_default.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_disconnect.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_login.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_rssclose.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\btn_rssopen.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\exit.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\globe.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\graph.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\minimize.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\nr_sms.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\rgn_history.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\rgn_main.swf

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\rgn_rss.swf

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\roaming.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\signal.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\sms.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\tab_1.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\images\tab_2.png

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\settings\constructor.xml

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\settings\offline.xml

c:\program files (x86)\3\3Connect\Skins\FlashSkin\resources\settings\strings.xml

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\banner.swf

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\bec_go_lite.swf

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\config.xml

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\menu_lite.xml

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\signal.swf

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\strings.xml

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_0.png

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_1.png

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_2.png

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_3.png

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_4.png

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_5.png

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\taskIcons\IDB_TASKICONS_6.png

c:\program files (x86)\3\3Connect\Skins\FlexSkin\assets\tretab.swf

c:\program files (x86)\3\3Connect\Skins\FlexSkin\gui.swf

c:\program files (x86)\3\3Connect\Skins\FlexSkin\modules\guiOverrides.swf

c:\program files (x86)\3\3Connect\Skins\FlexSkin\state.xml

c:\program files (x86)\3\3Connect\Sms.xml

c:\program files (x86)\3\3Connect\SmsApp2.dll

c:\program files (x86)\3\3Connect\SoftOpt.encrypt

c:\program files (x86)\3\3Connect\speed.htm

c:\program files (x86)\3\3Connect\status.htm

c:\program files (x86)\3\3Connect\Strings.txt

c:\program files (x86)\3\3Connect\SysConfig.dat

c:\program files (x86)\3\3Connect\SystemInfo.txt

c:\program files (x86)\3\3Connect\topup.html

c:\program files (x86)\3\3Connect\Update\ConfigAup.encrypt

c:\program files (x86)\3\3Connect\Update\ConfigAup.xml

c:\program files (x86)\3\3Connect\UserGuide.chm

c:\program files (x86)\3\3Connect\Version.encrypt

c:\program files (x86)\3\3Connect\WelcomeApp.exe

c:\program files (x86)\3\3Connect\WelcomeApp.ini

c:\program files (x86)\3\3Connect\Wilog.exe

c:\program files (x86)\3\3Connect\WWanDevice.dll

c:\program files (x86)\3\3Connect\ZTE620.dll

c:\programdata\SPL3A62.tmp

c:\programdata\SPL4197.tmp

c:\programdata\SPL6B71.tmp

c:\programdata\SPL8139.tmp

c:\programdata\SPL94A7.tmp

c:\programdata\SPL9867.tmp

c:\programdata\SPLA288.tmp

c:\programdata\SPLCA0F.tmp

c:\programdata\SPLD8CB.tmp

c:\programdata\SPLFC00.tmp

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Emma Duncan\AppData\Local\{F3EEB413-6A13-4586-86B7-A6B28748CC2C}

c:\users\Emma Duncan\AppData\Local\{F3EEB413-6A13-4586-86B7-A6B28748CC2C}\chrome.manifest

c:\users\Emma Duncan\AppData\Local\{F3EEB413-6A13-4586-86B7-A6B28748CC2C}\chrome\content\_cfg.js

c:\users\Emma Duncan\AppData\Local\{F3EEB413-6A13-4586-86B7-A6B28748CC2C}\chrome\content\overlay.xul

c:\users\Emma Duncan\AppData\Local\{F3EEB413-6A13-4586-86B7-A6B28748CC2C}\install.rdf

c:\users\Emma Duncan\AppData\Local\ayedmbpg.log

c:\users\Emma Duncan\AppData\Local\cruwyatj.log

c:\users\Emma Duncan\AppData\Local\ecluhjpd\midhumyt.exe

c:\users\Emma Duncan\AppData\Local\ic1081.dll

c:\users\Emma Duncan\AppData\Local\njdysles.log

c:\users\Emma Duncan\AppData\Local\oakmoilp.log

c:\users\Emma Duncan\AppData\Local\ssxtxeuk.log

c:\users\Emma Duncan\AppData\Roaming\Adobe\AdobeUpdate .exe

c:\users\Emma Duncan\AppData\Roaming\Adobe\plugs

c:\users\Emma Duncan\AppData\Roaming\Microsoft\Windows\Recent\Nos Votas !! Gracias !!.url

c:\users\Emma Duncan\AppData\Roaming\Microsoft\Windows\Recent\PCToRRenT - DivX Juegos PC Mp3 Software Y Mas !! Tu WeB de BiTToRRenT.url

c:\users\Emma Duncan\AppData\Roaming\Microsoft\Windows\Recent\PCTorrent Movil.url

c:\users\Emma Duncan\AppData\Roaming\Microsoft\Windows\Recent\Votanos !! Gracias !!.url

c:\users\Emma Duncan\Desktop\-.lnk

c:\users\Emma Duncan\Documents\~WRL0003.tmp

c:\users\Emma Duncan\Documents\~WRL0005.tmp

c:\users\Emma Duncan\Documents\~WRL0335.tmp

c:\users\Emma Duncan\Documents\~WRL3613.tmp

c:\users\Emma Duncan\Favorites\groupon.url

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_BecHelperService

-------\Service_BecHelperService

.

.

((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))

.

.

2012-02-16 16:59 . 2012-02-16 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-16 16:18 . 2012-02-16 16:18 -------- d-----w- C:\TDSSKiller_Quarantine

2012-02-14 15:42 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{176672C3-343D-42B4-B572-3B7B788C59BD}\mpengine.dll

2012-02-13 18:02 . 2012-02-13 18:02 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\B733.tmp

2012-02-13 18:02 . 2012-02-13 18:02 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\B732.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-16 17:03 . 2011-04-27 22:33 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2012-02-16 17:03 . 2011-04-27 22:38 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2012-02-15 20:39 . 2011-04-27 22:34 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll

2012-02-15 20:05 . 2011-04-27 22:33 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe

2012-01-27 00:52 . 2010-08-25 08:05 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-24 21:33 . 2012-01-02 23:05 2219008 ----a-w- c:\windows\bsdsetup.dll

2011-12-10 15:24 . 2010-08-28 19:43 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-12-02 09:46 . 2009-07-14 02:36 152064 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-12-02 09:46 . 2009-07-14 02:36 175104 ----a-w- c:\windows\system32\msclmd.dll

2011-11-24 22:23 . 2011-11-24 22:23 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2011-11-24 22:23 . 2011-11-24 22:23 98616 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2011-11-24 05:00 . 2011-12-14 11:16 3141632 ----a-w- c:\windows\system32\win32k.sys

2011-11-19 15:07 . 2012-01-11 12:58 77312 ----a-w- c:\windows\system32\packager.dll

2011-11-19 14:06 . 2012-01-11 12:58 67072 ----a-w- c:\windows\SysWow64\packager.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-26 15147400]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-08 98304]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"mcagent_exe"="c:\program files (x86)\McAfee.com\Agent\mcagent.exe" [2010-06-10 1218008]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"lxdfmon.exe"="c:\program files (x86) (x86)\Lexmark 6500 Series\lxdfmon.exe" [2010-02-10 455336]

"lxdfamon"="c:\program files (x86) (x86)\Lexmark 6500 Series\lxdfamon.exe" [2010-02-10 25256]

"Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2010-02-10 307880]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

.

c:\users\Emma Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Update Agent.lnk - c:\program files (x86)\3\3Connect\AutoUpdateSrv.exe [N/A]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24 135664]

R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe [2007-05-29 33712]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24 135664]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]

S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe [2007-05-29 1053104]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-01-13 103440]

S2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2009-10-15 116104]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24 12:03]

.

2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-24 12:03]

.

2012-01-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-08-24 11:22]

.

2012-02-01 c:\windows\Tasks\McQcTask.job

- c:\progra~2\mcafee\mqc\QcConsol.exe [2010-08-24 11:22]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2009-10-15 1050000]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]

"lxdfmon.exe"="c:\program files (x86)\Lexmark 6500 Series\lxdfmon.exe" [2010-02-10 455336]

"lxdfamon"="c:\program files (x86)\Lexmark 6500 Series\lxdfamon.exe" [2010-02-10 25256]

"combofix"="c:\combofix\CF27229.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: hants.gov.uk\passport

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

Wow6432Node-HKCU-Run-MidHumyt - c:\users\Emma Duncan\AppData\Local\ecluhjpd\midhumyt.exe

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Lexmark 6500 Series - c:\program files (x86) (x86)\Lexmark 6500 Series\Install\x64\Uninst.exe

AddRemove-1821046322.skyplayer.sky.com - c:\program files (x86)\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe

AddRemove-aaa - c:\windows\system32\javaws.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\progra~2\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\program files (x86)\McAfee\MPF\MPFSrv.exe

c:\program files (x86)\McAfee\MSK\MskSrver.exe

c:\windows\SysWOW64\rpcnet.exe

c:\windows\SysWOW64\rundll32.exe

c:\progra~2\McAfee\MSC\mcmscsvc.exe

c:\progra~2\mcafee.com\agent\mcagent.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe

c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files (x86)\Skype\Plugin Manager\skypePM.exe

c:\progra~2\COMMON~1\mcafee\mna\mcnasvc.exe

.

**************************************************************************

.

Completion time: 2012-02-16 17:11:09 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-16 17:11

.

Pre-Run: 90,679,906,304 bytes free

Post-Run: 93,260,619,776 bytes free

.

- - End Of File - - D9BC8B1088D7C810C1E5BF0B4BACCBB6

Link to post
Share on other sites

Step 1

Please re-run TDSSKiller and choose Delete option for those entries:

16:18:49.0940 3048 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
16:18:49.0940 3048 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates. If an update is found, it will download and install the latest version. If you already have difficulty, for your convenience we have video on YouTube, which shows visually how to do that.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

In your next post, please include:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Hi,

ESET cae up with 20 threats. I didn't ask it to take any additional action. Please see below logs.

Thanks for all your help, Cheers,

Emma

alwarebytes Anti-Malware (PRO) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.16.02

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Emma Duncan :: EMMADUNCAN-TOSH [administrator]

Protection: Enabled

16/02/2012 20:19:01

mbam-log-2012-02-16 (20-19-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 187537

Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Link to post
Share on other sites

Yes, It seems everything is fine now! :)

Here some final steps:

Please uninstall ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Manually delete TDSSKiller and DDS, then uninstall ESET Online Scanner.

Here some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.