Jump to content

smitfraud-c.generic-Can't seem to shake this one


Recommended Posts

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hi Elise! Thanks for your help!

08:13:52.0674 2436 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39

08:13:54.0679 2436 ============================================================

08:13:54.0679 2436 Current date / time: 2012/03/10 08:13:54.0679

08:13:54.0680 2436 SystemInfo:

08:13:54.0680 2436

08:13:54.0680 2436 OS Version: 6.1.7601 ServicePack: 1.0

08:13:54.0680 2436 Product type: Workstation

08:13:54.0680 2436 ComputerName: NIKKI-PC

08:13:54.0681 2436 UserName: Nikki

08:13:54.0681 2436 Windows directory: C:\windows

08:13:54.0681 2436 System windows directory: C:\windows

08:13:54.0681 2436 Running under WOW64

08:13:54.0681 2436 Processor architecture: Intel x64

08:13:54.0681 2436 Number of processors: 2

08:13:54.0681 2436 Page size: 0x1000

08:13:54.0681 2436 Boot type: Normal boot

08:13:54.0681 2436 ============================================================

08:13:57.0636 2436 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:13:57.0648 2436 \Device\Harddisk0\DR0:

08:13:57.0665 2436 MBR used

08:13:57.0665 2436 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23A94800

08:13:57.0715 2436 Initialize success

08:13:57.0715 2436 ============================================================

08:14:19.0060 0484 ============================================================

08:14:19.0060 0484 Scan started

08:14:19.0061 0484 Mode: Manual;

08:14:19.0061 0484 ============================================================

08:14:20.0047 0484 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

08:14:20.0055 0484 1394ohci - ok

08:14:20.0161 0484 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

08:14:20.0167 0484 ACPI - ok

08:14:20.0279 0484 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

08:14:20.0282 0484 AcpiPmi - ok

08:14:20.0417 0484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

08:14:20.0432 0484 adp94xx - ok

08:14:20.0561 0484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

08:14:20.0577 0484 adpahci - ok

08:14:20.0695 0484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

08:14:20.0702 0484 adpu320 - ok

08:14:20.0893 0484 aevocnsf (a412d2fd7c0e1b50a7845fa083894223) C:\windows\system32\drivers\aevocnsf.sys

08:14:20.0899 0484 aevocnsf - ok

08:14:21.0034 0484 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

08:14:21.0045 0484 AFD - ok

08:14:21.0159 0484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

08:14:21.0163 0484 agp440 - ok

08:14:21.0288 0484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

08:14:21.0292 0484 aliide - ok

08:14:21.0417 0484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

08:14:21.0422 0484 amdide - ok

08:14:21.0527 0484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

08:14:21.0536 0484 AmdK8 - ok

08:14:21.0887 0484 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys

08:14:22.0078 0484 amdkmdag - ok

08:14:22.0205 0484 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys

08:14:22.0211 0484 amdkmdap - ok

08:14:22.0320 0484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

08:14:22.0324 0484 AmdPPM - ok

08:14:22.0414 0484 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

08:14:22.0418 0484 amdsata - ok

08:14:22.0518 0484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

08:14:22.0527 0484 amdsbs - ok

08:14:22.0649 0484 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

08:14:22.0652 0484 amdxata - ok

08:14:22.0756 0484 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys

08:14:22.0759 0484 amd_sata - ok

08:14:22.0866 0484 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys

08:14:22.0870 0484 amd_xata - ok

08:14:23.0018 0484 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

08:14:23.0023 0484 AppID - ok

08:14:23.0208 0484 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

08:14:23.0213 0484 arc - ok

08:14:23.0355 0484 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

08:14:23.0359 0484 arcsas - ok

08:14:23.0458 0484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

08:14:23.0463 0484 AsyncMac - ok

08:14:23.0566 0484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

08:14:23.0571 0484 atapi - ok

08:14:23.0798 0484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

08:14:23.0813 0484 b06bdrv - ok

08:14:23.0937 0484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

08:14:23.0944 0484 b57nd60a - ok

08:14:24.0051 0484 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

08:14:24.0056 0484 Beep - ok

08:14:24.0301 0484 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys

08:14:24.0323 0484 BHDrvx64 - ok

08:14:24.0432 0484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

08:14:24.0436 0484 blbdrive - ok

08:14:24.0543 0484 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

08:14:24.0548 0484 bowser - ok

08:14:24.0645 0484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

08:14:24.0649 0484 BrFiltLo - ok

08:14:24.0749 0484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

08:14:24.0755 0484 BrFiltUp - ok

08:14:24.0912 0484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

08:14:24.0930 0484 Brserid - ok

08:14:25.0034 0484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

08:14:25.0038 0484 BrSerWdm - ok

08:14:25.0134 0484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

08:14:25.0139 0484 BrUsbMdm - ok

08:14:25.0245 0484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

08:14:25.0248 0484 BrUsbSer - ok

08:14:25.0348 0484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

08:14:25.0353 0484 BTHMODEM - ok

08:14:25.0467 0484 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

08:14:25.0472 0484 cdfs - ok

08:14:25.0576 0484 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

08:14:25.0583 0484 cdrom - ok

08:14:25.0687 0484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

08:14:25.0690 0484 circlass - ok

08:14:25.0823 0484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

08:14:25.0832 0484 CLFS - ok

08:14:25.0997 0484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

08:14:26.0001 0484 CmBatt - ok

08:14:26.0114 0484 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

08:14:26.0119 0484 cmdide - ok

08:14:26.0229 0484 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

08:14:26.0241 0484 CNG - ok

08:14:26.0388 0484 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys

08:14:26.0413 0484 CnxtHdAudService - ok

08:14:26.0522 0484 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

08:14:26.0525 0484 Compbatt - ok

08:14:26.0623 0484 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

08:14:26.0627 0484 CompositeBus - ok

08:14:26.0747 0484 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

08:14:26.0750 0484 crcdisk - ok

08:14:26.0921 0484 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

08:14:26.0926 0484 DfsC - ok

08:14:27.0049 0484 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

08:14:27.0053 0484 discache - ok

08:14:27.0215 0484 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

08:14:27.0219 0484 Disk - ok

08:14:27.0338 0484 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

08:14:27.0341 0484 drmkaud - ok

08:14:27.0452 0484 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

08:14:27.0467 0484 DXGKrnl - ok

08:14:27.0636 0484 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

08:14:27.0694 0484 ebdrv - ok

08:14:27.0816 0484 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

08:14:27.0827 0484 eeCtrl - ok

08:14:28.0102 0484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

08:14:28.0114 0484 elxstor - ok

08:14:28.0314 0484 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

08:14:28.0318 0484 EraserUtilRebootDrv - ok

08:14:28.0515 0484 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

08:14:28.0518 0484 ErrDev - ok

08:14:28.0810 0484 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

08:14:28.0819 0484 exfat - ok

08:14:29.0083 0484 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

08:14:29.0154 0484 fastfat - ok

08:14:29.0349 0484 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

08:14:29.0394 0484 fdc - ok

08:14:29.0610 0484 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

08:14:29.0614 0484 FileInfo - ok

08:14:29.0903 0484 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

08:14:29.0909 0484 Filetrace - ok

08:14:30.0103 0484 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

08:14:30.0108 0484 flpydisk - ok

08:14:30.0262 0484 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

08:14:30.0271 0484 FltMgr - ok

08:14:30.0487 0484 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

08:14:30.0491 0484 FsDepends - ok

08:14:30.0667 0484 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

08:14:30.0670 0484 Fs_Rec - ok

08:14:31.0006 0484 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

08:14:31.0011 0484 fvevol - ok

08:14:31.0201 0484 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys

08:14:31.0204 0484 FwLnk - ok

08:14:31.0319 0484 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

08:14:31.0323 0484 gagp30kx - ok

08:14:31.0431 0484 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

08:14:31.0435 0484 GEARAspiWDM - ok

08:14:31.0598 0484 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

08:14:31.0603 0484 hcw85cir - ok

08:14:31.0712 0484 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

08:14:31.0721 0484 HdAudAddService - ok

08:14:31.0870 0484 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

08:14:31.0873 0484 HDAudBus - ok

08:14:31.0965 0484 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

08:14:31.0972 0484 HidBatt - ok

08:14:32.0068 0484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

08:14:32.0074 0484 HidBth - ok

08:14:32.0196 0484 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

08:14:32.0201 0484 HidIr - ok

08:14:32.0337 0484 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

08:14:32.0341 0484 HidUsb - ok

08:14:32.0464 0484 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

08:14:32.0469 0484 HpSAMD - ok

08:14:32.0582 0484 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

08:14:32.0602 0484 HTTP - ok

08:14:32.0730 0484 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

08:14:32.0737 0484 hwpolicy - ok

08:14:32.0850 0484 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

08:14:32.0855 0484 i8042prt - ok

08:14:32.0963 0484 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

08:14:32.0974 0484 iaStorV - ok

08:14:33.0214 0484 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys

08:14:33.0229 0484 IDSVia64 - ok

08:14:33.0361 0484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

08:14:33.0365 0484 iirsp - ok

08:14:33.0472 0484 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

08:14:33.0478 0484 intelide - ok

08:14:33.0586 0484 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys

08:14:33.0592 0484 intelppm - ok

08:14:33.0697 0484 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

08:14:33.0705 0484 IpFilterDriver - ok

08:14:33.0867 0484 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

08:14:33.0873 0484 IPMIDRV - ok

08:14:34.0000 0484 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

08:14:34.0007 0484 IPNAT - ok

08:14:34.0116 0484 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

08:14:34.0121 0484 IRENUM - ok

08:14:34.0236 0484 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

08:14:34.0240 0484 isapnp - ok

08:14:34.0337 0484 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

08:14:34.0347 0484 iScsiPrt - ok

08:14:34.0449 0484 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

08:14:34.0454 0484 kbdclass - ok

08:14:34.0560 0484 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

08:14:34.0564 0484 kbdhid - ok

08:14:34.0661 0484 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

08:14:34.0666 0484 KSecDD - ok

08:14:34.0776 0484 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

08:14:34.0783 0484 KSecPkg - ok

08:14:34.0890 0484 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

08:14:34.0895 0484 ksthunk - ok

08:14:35.0010 0484 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys

08:14:35.0015 0484 L1C - ok

08:14:35.0171 0484 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

08:14:35.0177 0484 lltdio - ok

08:14:35.0308 0484 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

08:14:35.0314 0484 LSI_FC - ok

08:14:35.0410 0484 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

08:14:35.0414 0484 LSI_SAS - ok

08:14:35.0523 0484 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

08:14:35.0526 0484 LSI_SAS2 - ok

08:14:35.0627 0484 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

08:14:35.0633 0484 LSI_SCSI - ok

08:14:35.0754 0484 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

08:14:35.0758 0484 luafv - ok

08:14:35.0900 0484 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys

08:14:35.0903 0484 MBAMProtector - ok

08:14:36.0018 0484 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

08:14:36.0024 0484 megasas - ok

08:14:36.0148 0484 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

08:14:36.0166 0484 MegaSR - ok

08:14:36.0282 0484 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

08:14:36.0287 0484 Modem - ok

08:14:36.0398 0484 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

08:14:36.0399 0484 monitor - ok

08:14:36.0512 0484 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

08:14:36.0517 0484 mouclass - ok

08:14:36.0630 0484 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

08:14:36.0634 0484 mouhid - ok

08:14:36.0737 0484 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

08:14:36.0740 0484 mountmgr - ok

08:14:36.0861 0484 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

08:14:36.0869 0484 mpio - ok

08:14:36.0962 0484 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

08:14:36.0966 0484 mpsdrv - ok

08:14:37.0103 0484 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

08:14:37.0109 0484 MRxDAV - ok

08:14:37.0227 0484 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

08:14:37.0234 0484 mrxsmb - ok

08:14:37.0328 0484 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

08:14:37.0336 0484 mrxsmb10 - ok

08:14:37.0424 0484 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

08:14:37.0428 0484 mrxsmb20 - ok

08:14:37.0523 0484 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

08:14:37.0528 0484 msahci - ok

08:14:37.0623 0484 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

08:14:37.0630 0484 msdsm - ok

08:14:37.0786 0484 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

08:14:37.0790 0484 Msfs - ok

08:14:37.0900 0484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

08:14:37.0902 0484 mshidkmdf - ok

08:14:37.0994 0484 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

08:14:37.0998 0484 msisadrv - ok

08:14:38.0119 0484 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

08:14:38.0126 0484 MSKSSRV - ok

08:14:38.0254 0484 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

08:14:38.0257 0484 MSPCLOCK - ok

08:14:38.0360 0484 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

08:14:38.0364 0484 MSPQM - ok

08:14:38.0471 0484 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

08:14:38.0485 0484 MsRPC - ok

08:14:38.0587 0484 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

08:14:38.0589 0484 mssmbios - ok

08:14:38.0683 0484 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

08:14:38.0688 0484 MSTEE - ok

08:14:38.0800 0484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

08:14:38.0806 0484 MTConfig - ok

08:14:38.0952 0484 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

08:14:38.0955 0484 Mup - ok

08:14:39.0091 0484 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

08:14:39.0098 0484 NativeWifiP - ok

08:14:39.0253 0484 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\ENG64.SYS

08:14:39.0260 0484 NAVENG - ok

08:14:39.0462 0484 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120309.034\EX64.SYS

08:14:39.0492 0484 NAVEX15 - ok

08:14:39.0623 0484 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

08:14:39.0638 0484 NDIS - ok

08:14:39.0756 0484 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

08:14:39.0780 0484 NdisCap - ok

08:14:39.0937 0484 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

08:14:39.0942 0484 NdisTapi - ok

08:14:40.0054 0484 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

08:14:40.0058 0484 Ndisuio - ok

08:14:40.0164 0484 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

08:14:40.0171 0484 NdisWan - ok

08:14:40.0275 0484 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

08:14:40.0279 0484 NDProxy - ok

08:14:40.0378 0484 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

08:14:40.0381 0484 NetBIOS - ok

08:14:40.0483 0484 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

08:14:40.0489 0484 NetBT - ok

08:14:40.0613 0484 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

08:14:40.0618 0484 nfrd960 - ok

08:14:40.0745 0484 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

08:14:40.0751 0484 Npfs - ok

08:14:40.0869 0484 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

08:14:40.0871 0484 nsiproxy - ok

08:14:40.0948 0484 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

08:14:40.0973 0484 Ntfs - ok

08:14:41.0055 0484 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

08:14:41.0059 0484 Null - ok

08:14:41.0159 0484 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

08:14:41.0165 0484 nvraid - ok

08:14:41.0275 0484 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

08:14:41.0284 0484 nvstor - ok

08:14:41.0384 0484 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

08:14:41.0391 0484 nv_agp - ok

08:14:41.0512 0484 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

08:14:41.0520 0484 ohci1394 - ok

08:14:41.0661 0484 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

08:14:41.0666 0484 Parport - ok

08:14:41.0778 0484 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

08:14:41.0784 0484 partmgr - ok

08:14:41.0891 0484 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

08:14:41.0894 0484 pci - ok

08:14:41.0988 0484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

08:14:41.0992 0484 pciide - ok

08:14:42.0089 0484 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

08:14:42.0096 0484 pcmcia - ok

08:14:42.0185 0484 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

08:14:42.0189 0484 pcw - ok

08:14:42.0320 0484 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

08:14:42.0336 0484 PEAUTH - ok

08:14:42.0486 0484 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys

08:14:42.0491 0484 PGEffect - ok

08:14:42.0639 0484 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

08:14:42.0643 0484 PptpMiniport - ok

08:14:42.0744 0484 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

08:14:42.0749 0484 Processor - ok

08:14:42.0892 0484 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

08:14:42.0896 0484 Psched - ok

08:14:43.0051 0484 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

08:14:43.0076 0484 ql2300 - ok

08:14:43.0335 0484 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

08:14:43.0340 0484 ql40xx - ok

08:14:43.0443 0484 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

08:14:43.0446 0484 QWAVEdrv - ok

08:14:43.0548 0484 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

08:14:43.0554 0484 RasAcd - ok

08:14:43.0650 0484 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

08:14:43.0654 0484 RasAgileVpn - ok

08:14:43.0804 0484 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

08:14:43.0811 0484 Rasl2tp - ok

08:14:43.0919 0484 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

08:14:43.0924 0484 RasPppoe - ok

08:14:44.0027 0484 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

08:14:44.0031 0484 RasSstp - ok

08:14:44.0123 0484 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

08:14:44.0130 0484 rdbss - ok

08:14:44.0219 0484 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

08:14:44.0222 0484 rdpbus - ok

08:14:44.0346 0484 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

08:14:44.0349 0484 RDPCDD - ok

08:14:44.0465 0484 RDPDISPM (bdf2db2f19945afaf102a2c03062efb1) C:\windows\system32\DRIVERS\rdpdispm.sys

08:14:44.0468 0484 RDPDISPM - ok

08:14:44.0579 0484 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

08:14:44.0582 0484 RDPENCDD - ok

08:14:44.0687 0484 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

08:14:44.0690 0484 RDPREFMP - ok

08:14:44.0825 0484 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

08:14:44.0834 0484 RDPWD - ok

08:14:44.0944 0484 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

08:14:44.0951 0484 rdyboost - ok

08:14:45.0070 0484 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys

08:14:45.0074 0484 RimUsb - ok

08:14:45.0212 0484 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

08:14:45.0217 0484 rspndr - ok

08:14:45.0351 0484 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys

08:14:45.0360 0484 RSUSBSTOR - ok

08:14:45.0491 0484 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys

08:14:45.0508 0484 RTL8192Ce - ok

08:14:45.0610 0484 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

08:14:45.0619 0484 sbp2port - ok

08:14:45.0753 0484 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

08:14:45.0758 0484 scfilter - ok

08:14:45.0895 0484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

08:14:45.0900 0484 secdrv - ok

08:14:46.0027 0484 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

08:14:46.0030 0484 Serenum - ok

08:14:46.0141 0484 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

08:14:46.0145 0484 Serial - ok

08:14:46.0263 0484 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

08:14:46.0269 0484 sermouse - ok

08:14:46.0418 0484 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

08:14:46.0421 0484 sffdisk - ok

08:14:46.0530 0484 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

08:14:46.0533 0484 sffp_mmc - ok

08:14:46.0663 0484 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

08:14:46.0669 0484 sffp_sd - ok

08:14:46.0797 0484 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

08:14:46.0802 0484 sfloppy - ok

08:14:46.0943 0484 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

08:14:46.0947 0484 SiSRaid2 - ok

08:14:47.0067 0484 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

08:14:47.0073 0484 SiSRaid4 - ok

08:14:47.0180 0484 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

08:14:47.0188 0484 Smb - ok

08:14:47.0305 0484 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

08:14:47.0311 0484 spldr - ok

08:14:47.0486 0484 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\N360x64\0502000.00D\SRTSP64.SYS

08:14:47.0508 0484 SRTSP - ok

08:14:47.0636 0484 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\N360x64\0502000.00D\SRTSPX64.SYS

08:14:47.0641 0484 SRTSPX - ok

08:14:47.0773 0484 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

08:14:47.0787 0484 srv - ok

08:14:47.0910 0484 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

08:14:47.0919 0484 srv2 - ok

08:14:48.0014 0484 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

08:14:48.0022 0484 srvnet - ok

08:14:48.0147 0484 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

08:14:48.0151 0484 stexstor - ok

08:14:48.0262 0484 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

08:14:48.0265 0484 swenum - ok

08:14:48.0425 0484 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS

08:14:48.0434 0484 SymDS - ok

08:14:48.0594 0484 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS

08:14:48.0608 0484 SymEFA - ok

08:14:48.0720 0484 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

08:14:48.0726 0484 SymEvent - ok

08:14:48.0880 0484 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS

08:14:48.0887 0484 SymIRON - ok

08:14:49.0071 0484 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS

08:14:49.0084 0484 SymNetS - ok

08:14:49.0257 0484 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys

08:14:49.0285 0484 Tcpip - ok

08:14:49.0458 0484 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys

08:14:49.0478 0484 TCPIP6 - ok

08:14:49.0572 0484 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

08:14:49.0575 0484 tcpipreg - ok

08:14:49.0671 0484 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

08:14:49.0675 0484 tdcmdpst - ok

08:14:49.0819 0484 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

08:14:49.0823 0484 TDPIPE - ok

08:14:49.0928 0484 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

08:14:49.0935 0484 TDTCP - ok

08:14:50.0041 0484 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

08:14:50.0046 0484 tdx - ok

08:14:50.0148 0484 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

08:14:50.0152 0484 TermDD - ok

08:14:50.0329 0484 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

08:14:50.0333 0484 tssecsrv - ok

08:14:50.0456 0484 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

08:14:50.0461 0484 TsUsbFlt - ok

08:14:50.0557 0484 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

08:14:50.0561 0484 TsUsbGD - ok

08:14:50.0684 0484 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

08:14:50.0695 0484 tunnel - ok

08:14:50.0808 0484 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

08:14:50.0813 0484 TVALZ - ok

08:14:50.0887 0484 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

08:14:50.0892 0484 uagp35 - ok

08:14:50.0986 0484 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

08:14:50.0994 0484 udfs - ok

08:14:51.0115 0484 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

08:14:51.0119 0484 uliagpkx - ok

08:14:51.0217 0484 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

08:14:51.0221 0484 umbus - ok

08:14:51.0322 0484 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

08:14:51.0327 0484 UmPass - ok

08:14:51.0423 0484 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

08:14:51.0428 0484 usbccgp - ok

08:14:51.0510 0484 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

08:14:51.0515 0484 usbcir - ok

08:14:51.0602 0484 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

08:14:51.0606 0484 usbehci - ok

08:14:51.0713 0484 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

08:14:51.0721 0484 usbhub - ok

08:14:51.0836 0484 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys

08:14:51.0841 0484 usbohci - ok

08:14:51.0951 0484 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

08:14:51.0956 0484 usbprint - ok

08:14:52.0060 0484 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

08:14:52.0066 0484 USBSTOR - ok

08:14:52.0163 0484 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

08:14:52.0169 0484 usbuhci - ok

08:14:52.0280 0484 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

08:14:52.0288 0484 usbvideo - ok

08:14:52.0410 0484 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

08:14:52.0414 0484 vdrvroot - ok

08:14:52.0529 0484 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

08:14:52.0533 0484 vga - ok

08:14:52.0628 0484 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

08:14:52.0631 0484 VgaSave - ok

08:14:52.0744 0484 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

08:14:52.0749 0484 vhdmp - ok

08:14:52.0857 0484 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

08:14:52.0862 0484 viaide - ok

08:14:52.0977 0484 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

08:14:52.0982 0484 volmgr - ok

08:14:53.0091 0484 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

08:14:53.0099 0484 volmgrx - ok

08:14:53.0218 0484 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

08:14:53.0226 0484 volsnap - ok

08:14:53.0328 0484 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

08:14:53.0337 0484 vsmraid - ok

08:14:53.0627 0484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

08:14:53.0630 0484 vwifibus - ok

08:14:53.0725 0484 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

08:14:53.0729 0484 vwififlt - ok

08:14:53.0867 0484 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

08:14:53.0872 0484 vwifimp - ok

08:14:53.0993 0484 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

08:14:54.0000 0484 WacomPen - ok

08:14:54.0115 0484 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

08:14:54.0122 0484 WANARP - ok

08:14:54.0142 0484 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

08:14:54.0145 0484 Wanarpv6 - ok

08:14:54.0274 0484 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

08:14:54.0278 0484 Wd - ok

08:14:54.0389 0484 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

08:14:54.0401 0484 Wdf01000 - ok

08:14:54.0554 0484 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

08:14:54.0556 0484 WfpLwf - ok

08:14:54.0660 0484 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

08:14:54.0664 0484 WIMMount - ok

08:14:54.0894 0484 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

08:14:54.0900 0484 WmiAcpi - ok

08:14:55.0052 0484 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

08:14:55.0055 0484 ws2ifsl - ok

08:14:55.0180 0484 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

08:14:55.0184 0484 WudfPf - ok

08:14:55.0298 0484 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

08:14:55.0303 0484 WUDFRd - ok

08:14:55.0370 0484 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0

08:14:55.0424 0484 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

08:14:55.0425 0484 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

08:14:55.0451 0484 Boot (0x1200) (80ff801dbe2bbb8d72c04df77d231689) \Device\Harddisk0\DR0\Partition0

08:14:55.0453 0484 \Device\Harddisk0\DR0\Partition0 - ok

08:14:55.0457 0484 ============================================================

08:14:55.0457 0484 Scan finished

08:14:55.0457 0484 ============================================================

08:14:55.0488 3292 Detected object count: 1

08:14:55.0488 3292 Actual detected object count: 1

08:15:16.0027 3292 \Device\Harddisk0\DR0\# - copied to quarantine

08:15:16.0029 3292 \Device\Harddisk0\DR0 - copied to quarantine

08:15:16.0654 3292 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

08:15:16.0658 3292 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

08:15:16.0674 3292 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

08:15:16.0689 3292 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

08:15:16.0698 3292 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

08:15:16.0716 3292 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

08:15:16.0752 3292 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

08:15:16.0760 3292 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

08:15:16.0765 3292 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

08:15:16.0771 3292 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

08:15:16.0850 3292 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

08:15:16.0852 3292 \Device\Harddisk0\DR0 - ok

08:15:17.0367 3292 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

08:15:35.0003 3660 Deinitialize success

Link to post
Share on other sites

Hi, unfortunately you had a nasty rootkit on your computer. Please read the following first before continuing the cleaning process.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and cleaned, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

ComboFix 12-03-10.02 - Nikki 03/10/2012 10:51:20.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1306 [GMT -8:00]

Running from: c:\users\Nikki\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))

.

.

2012-03-10 19:05 . 2012-03-10 19:05 -------- d-----w- c:\users\KaetyBug\AppData\Local\temp

2012-03-10 19:05 . 2012-03-10 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-10 19:05 . 2012-03-10 19:05 -------- d-----w- c:\users\Camden and Keirsten\AppData\Local\temp

2012-03-10 16:15 . 2012-03-10 16:15 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-10 00:37 . 2010-11-11 19:59 252712 ----a-w- c:\windows\ETDUninst.dll

2012-03-09 19:21 . 2012-03-09 23:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-09 19:21 . 2012-03-09 19:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-03-06 16:08 . 2012-03-06 16:08 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe

2012-03-06 16:08 . 2012-03-06 16:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-06 16:08 . 2012-03-06 16:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-06 16:08 . 2012-03-06 16:08 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-03-06 16:08 . 2012-03-06 16:08 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe

2012-03-06 15:48 . 2012-03-06 15:48 -------- d-----w- c:\users\Nikki\AppData\Roaming\Malwarebytes

2012-03-06 15:48 . 2012-03-09 15:20 -------- d-----w- c:\programdata\Malwarebytes

2012-03-06 15:48 . 2012-03-09 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-06 15:48 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-05 04:02 . 2012-03-05 04:02 -------- d-----w- c:\programdata\ATI

2012-03-05 03:56 . 2012-03-05 04:01 -------- d-----w- c:\program files\ATI Technologies

2012-02-15 17:41 . 2012-02-15 17:41 48464 ----a-w- c:\windows\system32\drivers\aevocnsf.sys

2012-02-15 05:26 . 2012-02-15 05:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 00:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 00:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 00:51 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 00:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 00:51 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 00:50 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 00:50 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 00:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-10 20:55 . 2012-02-11 17:34 -------- dc-h--w- c:\programdata\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}

2012-02-10 20:54 . 2012-02-10 20:54 -------- d-----w- c:\users\Nikki\AppData\Local\PackageAware

2012-02-10 01:20 . 2012-02-10 01:20 -------- d-----w- c:\program files (x86)\Chimpoo_3a

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-30 00:10 . 2012-01-30 00:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\CA36.tmp

2012-01-30 00:10 . 2012-01-30 00:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C9F7.tmp

2012-01-08 02:18 . 2012-01-08 02:18 0 ---ha-w- c:\users\Nikki\AppData\Local\BITA884.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-14 39408]

"MusicManager"="c:\users\Nikki\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-02-21 13320704]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-07-29 17361032]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]

"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-08-02 77824]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 aevocnsf;aevocnsf;c:\windows\system32\drivers\aevocnsf.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys [2012-03-05 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-14 138360]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 18:03]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 18:03]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820138118-1891196870-2981794189-1001Core.job

- c:\users\Nikki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:16]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820138118-1891196870-2981794189-1001UA.job

- c:\users\Nikki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:16]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-10 11:16:45 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-10 19:16

.

Pre-Run: 249,316,507,648 bytes free

Post-Run: 248,856,104,960 bytes free

.

- - End Of File - - 6DB679831247E66237E46441A2AC7E9F

Link to post
Share on other sites

How are things running at this point?

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:


Driver::
aevocnsf

Rootkit::
c:\windows\system32\drivers\aevocnsf.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

Seems to be better!

ComboFix 12-03-10.02 - Nikki 03/10/2012 13:38:44.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1364 [GMT -8:00]

Running from: c:\users\Nikki\Downloads\ComboFix.exe

Command switches used :: c:\users\Nikki\Downloads\cfscript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_aevocnsf

.

.

((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))

.

.

2012-03-10 21:50 . 2012-03-10 21:50 -------- d-----w- c:\users\KaetyBug\AppData\Local\temp

2012-03-10 16:15 . 2012-03-10 16:15 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-10 00:37 . 2010-11-11 19:59 252712 ----a-w- c:\windows\ETDUninst.dll

2012-03-09 19:21 . 2012-03-09 23:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-03-09 19:21 . 2012-03-09 19:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-03-06 16:08 . 2012-03-06 16:08 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe

2012-03-06 16:08 . 2012-03-06 16:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2012-03-06 16:08 . 2012-03-06 16:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2012-03-06 16:08 . 2012-03-06 16:08 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-03-06 16:08 . 2012-03-06 16:08 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe

2012-03-06 15:48 . 2012-03-06 15:48 -------- d-----w- c:\users\Nikki\AppData\Roaming\Malwarebytes

2012-03-06 15:48 . 2012-03-09 15:20 -------- d-----w- c:\programdata\Malwarebytes

2012-03-06 15:48 . 2012-03-09 15:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-06 15:48 . 2011-12-10 23:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-05 04:02 . 2012-03-05 04:02 -------- d-----w- c:\programdata\ATI

2012-03-05 03:56 . 2012-03-05 04:01 -------- d-----w- c:\program files\ATI Technologies

2012-02-15 17:41 . 2012-02-15 17:41 48464 ----a-w- c:\windows\system32\drivers\aevocnsf.sys

2012-02-15 05:26 . 2012-02-15 05:26 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-15 00:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 00:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 00:51 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 00:51 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 00:51 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 00:50 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 00:50 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 00:50 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

2012-02-10 20:55 . 2012-02-11 17:34 -------- dc-h--w- c:\programdata\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}

2012-02-10 20:54 . 2012-02-10 20:54 -------- d-----w- c:\users\Nikki\AppData\Local\PackageAware

2012-02-10 01:20 . 2012-02-10 01:20 -------- d-----w- c:\program files (x86)\Chimpoo_3a

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-30 00:10 . 2012-01-30 00:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\CA36.tmp

2012-01-30 00:10 . 2012-01-30 00:10 6656 ----a-w- c:\programdata\Microsoft\Windows\DRM\C9F7.tmp

2012-01-08 02:18 . 2012-01-08 02:18 0 ---ha-w- c:\users\Nikki\AppData\Local\BITA884.tmp

.

.

(((((((((((((((((((((((((((((
)))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-21 03:09 . 2012-03-10 19:27 38648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-10 19:27 53446 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-01-20 23:10 . 2012-03-10 19:24 4966 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-08-01 04:59 . 2012-03-10 19:27 9946 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2820138118-1891196870-2981794189-1001_UserData.bin

+ 2012-03-10 21:52 . 2012-03-10 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-10 19:07 . 2012-03-10 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-10 19:07 . 2012-03-10 19:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-10 21:52 . 2012-03-10 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-03-10 21:51 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-10 19:06 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-06-14 17:34 . 2012-03-10 21:51 1405296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-06-14 17:34 . 2012-03-10 19:06 1405296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-08-01 05:02 . 2012-03-10 21:51 2887852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2820138118-1891196870-2981794189-1001-8192.dat

- 2011-08-01 05:02 . 2012-03-10 19:06 2887852 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2820138118-1891196870-2981794189-1001-8192.dat

- 2012-03-01 22:18 . 2012-03-10 19:06 4236548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2820138118-1891196870-2981794189-1001-4096.dat

+ 2012-03-01 22:18 . 2012-03-10 21:51 4236548 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2820138118-1891196870-2981794189-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-14 39408]

"MusicManager"="c:\users\Nikki\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-02-21 13320704]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-07-29 17361032]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-16 336384]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]

"QuickTime Task"="c:\program files (x86)\QuickTime\qttask.exe" [2011-08-02 77824]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-03-02 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120309.002\IDSvia64.sys [2012-03-05 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-14 138360]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 18:03]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 18:03]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820138118-1891196870-2981794189-1001Core.job

- c:\users\Nikki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:16]

.

2012-03-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2820138118-1891196870-2981794189-1001UA.job

- c:\users\Nikki\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:16]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [bU]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [bU]

"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]

"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU]

"combofix"="c:\combofix\CF20155.3XE" [2010-11-21 345088]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-10 14:06:01 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-10 22:06

ComboFix2.txt 2012-03-10 19:16

.

Pre-Run: 248,931,295,232 bytes free

Post-Run: 248,656,441,344 bytes free

.

- - End Of File - - 289C5FB95749F722280B89BF94ED2744

Link to post
Share on other sites

Good to hear that! :)

INSTALL ANTIVIRUS

---------------------------

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites

  • 1 month later...
  • 4 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.