Jump to content

Windows 7 Recovery Infection


Recommended Posts

Hi,

My Computer was infected with the Windows 7 Recovery malware. Some files were removed by doing a scan but I am still having issues. I have a blank desktop and all files were hidden. The selected the files to be unhidden now and I am showing just a "desktop ini" icon and a "windows 7 repair" icon. Any help is greatly appreciated. Thank you. Here's what I have log wise -

DDS.TXT

.

DDS (Ver_2011-06-12.02) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Baby at 17:00:35 on 2011-06-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1916.754 [GMT -4:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\taskhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\SearchProtocolHost.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\DllHost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\system32\sppsvc.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\SearchFilterHost.exe

\\?\C:\windows\system32\wbem\WMIADAP.EXE

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Baby\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\Baby\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

TCP: DhcpNameServer = 167.206.245.130 167.206.245.129

TCP: Interfaces\{F1519D4D-60A7-42B7-A1B9-5A73A1F86F3E} : DhcpNameServer = 167.206.245.130 167.206.245.129

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\mmcixgl1.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?client=firefox-a&rls=org.mozilla:en-US:official&hl=en&tab=wn

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-6-20 2151128]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-20 366640]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-30 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]

S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-6-20 17152]

S3 lvpepf64;Volume Adapter;C:\windows\system32\DRIVERS\lv302a64.sys --> C:\windows\system32\DRIVERS\lv302a64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\system32\DRIVERS\lvrs64.sys --> C:\windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\windows\system32\drivers\LVUSBS64.sys --> C:\windows\system32\drivers\LVUSBS64.sys [?]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-06-21 20:36:25 8718160 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFA0CAD5-6DDE-416F-9B6B-B8EA2FF1FAAA}\mpengine.dll

2011-06-21 01:59:40 -------- d-----w- C:\Users\Baby\AppData\Roaming\Malwarebytes

2011-06-21 01:59:32 39984 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-21 01:59:30 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-21 01:59:27 25912 ----a-w- C:\windows\System32\drivers\mbam.sys

2011-06-21 01:59:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-21 01:56:31 -------- d-----w- C:\Users\Baby\AppData\Local\Apple Computer

2011-06-21 01:51:28 189520 ----a-w- C:\windows\SysWow64\drivers\tmcomm.sys

2011-06-21 01:37:42 16432 ----a-w- C:\windows\System32\lsdelete.exe

2011-06-20 23:18:28 49752 ----a-w- C:\windows\System32\drivers\SBREDrv.sys

2011-06-20 23:15:05 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys

2011-06-20 23:15:01 -------- d-----w- C:\Program Files (x86)\Lavasoft

2011-06-16 02:12:23 1923968 ----a-w- C:\windows\System32\drivers\tcpip.sys

2011-06-16 02:12:22 499200 ----a-w- C:\windows\System32\drivers\afd.sys

2011-06-16 02:12:21 289280 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys

2011-06-16 02:12:20 158208 ----a-w- C:\windows\System32\drivers\mrxsmb.sys

2011-06-16 02:12:20 128000 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys

2011-06-16 02:12:19 3135488 ----a-w- C:\windows\System32\win32k.sys

2011-06-16 02:12:12 467456 ----a-w- C:\windows\System32\drivers\srv.sys

2011-06-16 02:12:12 410112 ----a-w- C:\windows\System32\drivers\srv2.sys

2011-06-16 02:12:12 168448 ----a-w- C:\windows\System32\drivers\srvnet.sys

2011-06-16 02:11:50 861696 ----a-w- C:\windows\System32\oleaut32.dll

2011-06-16 02:11:49 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll

2011-06-16 02:11:48 976896 ----a-w- C:\windows\System32\inetcomm.dll

2011-06-16 02:11:48 741376 ----a-w- C:\windows\SysWow64\inetcomm.dll

2011-06-08 01:36:57 -------- d-----w- C:\Users\Baby\AppData\Local\ElevatedDiagnostics

2011-06-07 02:52:57 -------- d--h--w- C:\ProgramData\Skype Extras

2011-06-07 02:49:54 -------- d-----r- C:\Program Files (x86)\Skype

2011-06-02 01:01:39 -------- d--h--w- C:\Users\Baby\AppData\Local\Apple

2011-05-29 15:23:15 -------- d-----w- C:\windows\System32\SPReview

2011-05-29 15:22:08 -------- d-----w- C:\windows\System32\EventProviders

2011-05-24 23:34:56 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD95C3E0-CF52-4B42-BBD9-1619F7A39080}\gapaengine.dll

2011-05-24 23:28:07 27520 ----a-w- C:\windows\System32\drivers\Diskdump.sys

.

==================== Find3M ====================

.

2011-06-15 22:35:49 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-29 15:33:58 152576 ----a-w- C:\windows\SysWow64\msclmd.dll

2011-05-29 15:33:57 175616 ----a-w- C:\windows\System32\msclmd.dll

2011-04-23 01:29:25 2303488 ----a-w- C:\windows\System32\jscript9.dll

2011-04-23 01:19:19 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2011-04-22 23:35:56 1797632 ----a-w- C:\windows\SysWow64\jscript9.dll

2011-04-22 23:25:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-04-09 07:02:55 5562240 ----a-w- C:\windows\System32\ntoskrnl.exe

2011-04-09 06:58:56 142336 ----a-w- C:\windows\System32\poqexec.exe

2011-04-09 06:02:25 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02:25 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56:38 123904 ----a-w- C:\windows\SysWow64\poqexec.exe

2011-03-25 03:29:26 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys

2011-03-25 03:29:14 98816 ----a-w- C:\windows\System32\drivers\usbccgp.sys

2011-03-25 03:29:14 325120 ----a-w- C:\windows\System32\drivers\usbport.sys

2011-03-25 03:29:04 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys

2011-03-25 03:29:04 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys

2011-03-25 03:29:03 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys

2011-03-25 03:28:59 7936 ----a-w- C:\windows\System32\drivers\usbd.sys

.

============= FINISH: 17:01:35.80 ===============

ARK.TXT

WAS COMPLETELY BLANK

ATTACH.TXT

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-12.02)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 1/9/2011 5:47:49 PM

System Uptime: 6/21/2011 4:56:05 PM (1 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 177.738 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP120: 5/30/2011 10:13:30 AM - Windows Update

RP121: 6/1/2011 9:02:01 PM - Installed QuickTime

RP122: 6/3/2011 8:21:22 PM - Windows Update

RP123: 6/6/2011 10:44:35 PM - Windows Update

RP124: 6/10/2011 7:59:59 AM - Windows Update

RP125: 6/14/2011 7:22:29 AM - Windows Update

RP126: 6/16/2011 7:48:53 AM - Windows Update

RP127: 6/18/2011 9:37:55 AM - Installed TOSHIBA Service Station

RP128: 6/20/2011 7:13:04 PM - Installed Ad-Aware

RP129: 6/20/2011 7:13:49 PM - Installed Ad-Aware

RP130: 6/20/2011 7:18:22 PM - Windows Update

.

==== Installed Programs ======================

.

Ad-Aware

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros Driver Installation Program

Best Buy pc app

D3DX10

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Graphics Media Accelerator Driver

Java 6 Update 17

Junk Mail filter update

Label@Once 1.0

Malwarebytes' Anti-Malware version 1.51.0.1200

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 4.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

QuickTime

RAR File Open Knife - Free Opener

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Skype Toolbars

Skype

Link to post
Share on other sites

Hi, first lets run a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Please download and run unhide.exe and let me know if that made your files visible again.

Link to post
Share on other sites

Hi Elise,

OK after running unhide.exe my files are visible again, however the desktop is still missing all of its icons and there is still a windows 7 repair icon showing. Other than that everything appears normal. Here is the log from the TDSS Rootkit scan -

2011/06/22 15:15:02.0864 3644 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/22 15:15:03.0223 3644 ================================================================================

2011/06/22 15:15:03.0223 3644 SystemInfo:

2011/06/22 15:15:03.0223 3644

2011/06/22 15:15:03.0223 3644 OS Version: 6.1.7601 ServicePack: 1.0

2011/06/22 15:15:03.0223 3644 Product type: Workstation

2011/06/22 15:15:03.0223 3644 ComputerName: BABY-PC

2011/06/22 15:15:03.0223 3644 UserName: Baby

2011/06/22 15:15:03.0223 3644 Windows directory: C:\windows

2011/06/22 15:15:03.0223 3644 System windows directory: C:\windows

2011/06/22 15:15:03.0223 3644 Running under WOW64

2011/06/22 15:15:03.0223 3644 Processor architecture: Intel x64

2011/06/22 15:15:03.0223 3644 Number of processors: 1

2011/06/22 15:15:03.0223 3644 Page size: 0x1000

2011/06/22 15:15:03.0223 3644 Boot type: Normal boot

2011/06/22 15:15:03.0223 3644 ================================================================================

2011/06/22 15:15:04.0299 3644 Initialize success

2011/06/22 15:15:14.0751 2864 ================================================================================

2011/06/22 15:15:14.0751 2864 Scan started

2011/06/22 15:15:14.0751 2864 Mode: Manual;

2011/06/22 15:15:14.0751 2864 ================================================================================

2011/06/22 15:15:15.0266 2864 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

2011/06/22 15:15:15.0437 2864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

2011/06/22 15:15:15.0562 2864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

2011/06/22 15:15:15.0718 2864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

2011/06/22 15:15:15.0859 2864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

2011/06/22 15:15:15.0983 2864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

2011/06/22 15:15:16.0155 2864 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys

2011/06/22 15:15:16.0280 2864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

2011/06/22 15:15:16.0451 2864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

2011/06/22 15:15:16.0483 2864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

2011/06/22 15:15:16.0639 2864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

2011/06/22 15:15:16.0763 2864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

2011/06/22 15:15:16.0951 2864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

2011/06/22 15:15:17.0075 2864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

2011/06/22 15:15:17.0247 2864 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

2011/06/22 15:15:17.0372 2864 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

2011/06/22 15:15:17.0497 2864 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

2011/06/22 15:15:17.0653 2864 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

2011/06/22 15:15:17.0793 2864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

2011/06/22 15:15:17.0933 2864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

2011/06/22 15:15:18.0121 2864 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys

2011/06/22 15:15:18.0417 2864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

2011/06/22 15:15:18.0620 2864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

2011/06/22 15:15:18.0791 2864 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

2011/06/22 15:15:19.0010 2864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

2011/06/22 15:15:19.0166 2864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

2011/06/22 15:15:19.0306 2864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

2011/06/22 15:15:19.0447 2864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

2011/06/22 15:15:19.0587 2864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

2011/06/22 15:15:19.0696 2864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

2011/06/22 15:15:19.0805 2864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

2011/06/22 15:15:19.0930 2864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

2011/06/22 15:15:20.0039 2864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

2011/06/22 15:15:20.0180 2864 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

2011/06/22 15:15:20.0289 2864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys

2011/06/22 15:15:20.0414 2864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

2011/06/22 15:15:20.0523 2864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

2011/06/22 15:15:20.0695 2864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

2011/06/22 15:15:20.0819 2864 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

2011/06/22 15:15:20.0929 2864 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys

2011/06/22 15:15:21.0085 2864 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys

2011/06/22 15:15:21.0209 2864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

2011/06/22 15:15:21.0334 2864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys

2011/06/22 15:15:21.0459 2864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

2011/06/22 15:15:21.0677 2864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

2011/06/22 15:15:21.0787 2864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

2011/06/22 15:15:21.0927 2864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

2011/06/22 15:15:22.0052 2864 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

2011/06/22 15:15:22.0192 2864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

2011/06/22 15:15:22.0582 2864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

2011/06/22 15:15:22.0816 2864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

2011/06/22 15:15:22.0941 2864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

2011/06/22 15:15:23.0113 2864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

2011/06/22 15:15:23.0222 2864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

2011/06/22 15:15:23.0362 2864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

2011/06/22 15:15:23.0503 2864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

2011/06/22 15:15:23.0612 2864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

2011/06/22 15:15:23.0721 2864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

2011/06/22 15:15:23.0830 2864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

2011/06/22 15:15:23.0971 2864 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

2011/06/22 15:15:24.0111 2864 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

2011/06/22 15:15:24.0251 2864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

2011/06/22 15:15:24.0376 2864 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys

2011/06/22 15:15:24.0470 2864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

2011/06/22 15:15:24.0673 2864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

2011/06/22 15:15:24.0797 2864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

2011/06/22 15:15:24.0907 2864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys

2011/06/22 15:15:25.0031 2864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

2011/06/22 15:15:25.0141 2864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

2011/06/22 15:15:25.0250 2864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

2011/06/22 15:15:25.0390 2864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys

2011/06/22 15:15:25.0531 2864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

2011/06/22 15:15:25.0671 2864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

2011/06/22 15:15:25.0780 2864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

2011/06/22 15:15:25.0936 2864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys

2011/06/22 15:15:26.0061 2864 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys

2011/06/22 15:15:26.0170 2864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

2011/06/22 15:15:26.0529 2864 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys

2011/06/22 15:15:26.0857 2864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

2011/06/22 15:15:27.0013 2864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

2011/06/22 15:15:27.0137 2864 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

2011/06/22 15:15:27.0262 2864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

2011/06/22 15:15:27.0371 2864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

2011/06/22 15:15:27.0496 2864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

2011/06/22 15:15:27.0605 2864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

2011/06/22 15:15:27.0715 2864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

2011/06/22 15:15:27.0824 2864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

2011/06/22 15:15:27.0933 2864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys

2011/06/22 15:15:28.0058 2864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

2011/06/22 15:15:28.0167 2864 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys

2011/06/22 15:15:28.0276 2864 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys

2011/06/22 15:15:28.0385 2864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

2011/06/22 15:15:28.0510 2864 L1C (48686c29856f46443952a831424f8d6f) C:\windows\system32\DRIVERS\L1C62x64.sys

2011/06/22 15:15:28.0666 2864 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys

2011/06/22 15:15:28.0807 2864 Lbd (c8b3131857931ae76798a741cc52b021) C:\windows\system32\DRIVERS\Lbd.sys

2011/06/22 15:15:28.0931 2864 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

2011/06/22 15:15:29.0072 2864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

2011/06/22 15:15:29.0212 2864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

2011/06/22 15:15:29.0337 2864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

2011/06/22 15:15:29.0462 2864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

2011/06/22 15:15:29.0571 2864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

2011/06/22 15:15:29.0696 2864 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\windows\system32\DRIVERS\lv302a64.sys

2011/06/22 15:15:29.0836 2864 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\windows\system32\DRIVERS\lvrs64.sys

2011/06/22 15:15:29.0945 2864 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\windows\system32\drivers\LVUSBS64.sys

2011/06/22 15:15:30.0101 2864 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\windows\system32\drivers\mbam.sys

2011/06/22 15:15:30.0211 2864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

2011/06/22 15:15:30.0320 2864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

2011/06/22 15:15:30.0460 2864 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

2011/06/22 15:15:30.0569 2864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

2011/06/22 15:15:30.0663 2864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys

2011/06/22 15:15:30.0788 2864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

2011/06/22 15:15:30.0928 2864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

2011/06/22 15:15:31.0349 2864 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\windows\system32\DRIVERS\MpFilter.sys

2011/06/22 15:15:31.0490 2864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

2011/06/22 15:15:31.0630 2864 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\windows\system32\DRIVERS\MpNWMon.sys

2011/06/22 15:15:31.0739 2864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

2011/06/22 15:15:31.0864 2864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

2011/06/22 15:15:31.0989 2864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

2011/06/22 15:15:32.0114 2864 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\windows\system32\DRIVERS\mrxsmb10.sys

2011/06/22 15:15:32.0223 2864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

2011/06/22 15:15:32.0332 2864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

2011/06/22 15:15:32.0457 2864 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

2011/06/22 15:15:32.0582 2864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

2011/06/22 15:15:32.0707 2864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

2011/06/22 15:15:32.0816 2864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

2011/06/22 15:15:32.0956 2864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

2011/06/22 15:15:33.0097 2864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

2011/06/22 15:15:33.0221 2864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

2011/06/22 15:15:33.0346 2864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

2011/06/22 15:15:33.0471 2864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys

2011/06/22 15:15:33.0596 2864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

2011/06/22 15:15:33.0705 2864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

2011/06/22 15:15:33.0830 2864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

2011/06/22 15:15:33.0970 2864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

2011/06/22 15:15:34.0126 2864 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

2011/06/22 15:15:34.0235 2864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

2011/06/22 15:15:34.0360 2864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

2011/06/22 15:15:34.0485 2864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

2011/06/22 15:15:34.0594 2864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

2011/06/22 15:15:34.0719 2864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

2011/06/22 15:15:34.0828 2864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

2011/06/22 15:15:34.0953 2864 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

2011/06/22 15:15:35.0109 2864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

2011/06/22 15:15:35.0249 2864 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\windows\system32\DRIVERS\NisDrvWFP.sys

2011/06/22 15:15:35.0421 2864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

2011/06/22 15:15:35.0546 2864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

2011/06/22 15:15:35.0702 2864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

2011/06/22 15:15:35.0827 2864 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

2011/06/22 15:15:35.0936 2864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

2011/06/22 15:15:36.0045 2864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

2011/06/22 15:15:36.0154 2864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

2011/06/22 15:15:36.0279 2864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

2011/06/22 15:15:36.0419 2864 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

2011/06/22 15:15:36.0529 2864 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys

2011/06/22 15:15:36.0653 2864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

2011/06/22 15:15:36.0747 2864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

2011/06/22 15:15:36.0856 2864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

2011/06/22 15:15:36.0965 2864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

2011/06/22 15:15:37.0090 2864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

2011/06/22 15:15:37.0324 2864 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\windows\system32\DRIVERS\LV302V64.SYS

2011/06/22 15:15:37.0589 2864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

2011/06/22 15:15:37.0683 2864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

2011/06/22 15:15:37.0839 2864 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

2011/06/22 15:15:37.0979 2864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

2011/06/22 15:15:38.0104 2864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

2011/06/22 15:15:38.0229 2864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

2011/06/22 15:15:38.0338 2864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

2011/06/22 15:15:38.0447 2864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

2011/06/22 15:15:38.0557 2864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

2011/06/22 15:15:38.0681 2864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

2011/06/22 15:15:38.0791 2864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

2011/06/22 15:15:38.0900 2864 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

2011/06/22 15:15:39.0009 2864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

2011/06/22 15:15:39.0118 2864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

2011/06/22 15:15:39.0243 2864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

2011/06/22 15:15:39.0383 2864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

2011/06/22 15:15:39.0508 2864 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys

2011/06/22 15:15:39.0633 2864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

2011/06/22 15:15:39.0773 2864 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys

2011/06/22 15:15:39.0914 2864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

2011/06/22 15:15:40.0023 2864 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys

2011/06/22 15:15:40.0132 2864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

2011/06/22 15:15:40.0273 2864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

2011/06/22 15:15:40.0397 2864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

2011/06/22 15:15:40.0538 2864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

2011/06/22 15:15:40.0663 2864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

2011/06/22 15:15:40.0756 2864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

2011/06/22 15:15:40.0912 2864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

2011/06/22 15:15:41.0037 2864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

2011/06/22 15:15:41.0146 2864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

2011/06/22 15:15:41.0271 2864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

2011/06/22 15:15:41.0396 2864 Sftfs (72cd52403efc137290cb5a328510ebca) C:\windows\system32\DRIVERS\Sftfslh.sys

2011/06/22 15:15:41.0536 2864 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\windows\system32\DRIVERS\Sftplaylh.sys

2011/06/22 15:15:41.0661 2864 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\windows\system32\DRIVERS\Sftredirlh.sys

2011/06/22 15:15:41.0770 2864 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\windows\system32\DRIVERS\Sftvollh.sys

2011/06/22 15:15:41.0895 2864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

2011/06/22 15:15:42.0004 2864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

2011/06/22 15:15:42.0129 2864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

2011/06/22 15:15:42.0285 2864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

2011/06/22 15:15:42.0441 2864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

2011/06/22 15:15:42.0566 2864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

2011/06/22 15:15:42.0675 2864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

2011/06/22 15:15:42.0815 2864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

2011/06/22 15:15:42.0940 2864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys

2011/06/22 15:15:43.0081 2864 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

2011/06/22 15:15:43.0268 2864 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\drivers\tcpip.sys

2011/06/22 15:15:43.0455 2864 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\DRIVERS\tcpip.sys

2011/06/22 15:15:43.0580 2864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

2011/06/22 15:15:43.0689 2864 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

2011/06/22 15:15:43.0814 2864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

2011/06/22 15:15:43.0923 2864 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

2011/06/22 15:15:44.0048 2864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

2011/06/22 15:15:44.0157 2864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys

2011/06/22 15:15:44.0375 2864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

2011/06/22 15:15:44.0516 2864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

2011/06/22 15:15:44.0641 2864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

2011/06/22 15:15:44.0750 2864 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

2011/06/22 15:15:44.0859 2864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

2011/06/22 15:15:44.0968 2864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

2011/06/22 15:15:45.0093 2864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

2011/06/22 15:15:45.0218 2864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys

2011/06/22 15:15:45.0327 2864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

2011/06/22 15:15:45.0452 2864 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys

2011/06/22 15:15:45.0577 2864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

2011/06/22 15:15:45.0686 2864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

2011/06/22 15:15:45.0795 2864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

2011/06/22 15:15:45.0904 2864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

2011/06/22 15:15:46.0013 2864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

2011/06/22 15:15:46.0123 2864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

2011/06/22 15:15:46.0232 2864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

2011/06/22 15:15:46.0357 2864 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys

2011/06/22 15:15:46.0466 2864 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys

2011/06/22 15:15:46.0606 2864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

2011/06/22 15:15:46.0731 2864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

2011/06/22 15:15:46.0840 2864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

2011/06/22 15:15:46.0949 2864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

2011/06/22 15:15:47.0074 2864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

2011/06/22 15:15:47.0183 2864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

2011/06/22 15:15:47.0308 2864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

2011/06/22 15:15:47.0449 2864 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

2011/06/22 15:15:47.0558 2864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

2011/06/22 15:15:47.0683 2864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

2011/06/22 15:15:47.0776 2864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

2011/06/22 15:15:47.0917 2864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

2011/06/22 15:15:48.0041 2864 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

2011/06/22 15:15:48.0073 2864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

2011/06/22 15:15:48.0213 2864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

2011/06/22 15:15:48.0338 2864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

2011/06/22 15:15:48.0494 2864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

2011/06/22 15:15:48.0603 2864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

2011/06/22 15:15:48.0821 2864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys

2011/06/22 15:15:48.0977 2864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

2011/06/22 15:15:49.0133 2864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

2011/06/22 15:15:49.0258 2864 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

2011/06/22 15:15:49.0352 2864 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

2011/06/22 15:15:49.0399 2864 ================================================================================

2011/06/22 15:15:49.0399 2864 Scan finished

2011/06/22 15:15:49.0399 2864 ================================================================================

2011/06/22 15:15:49.0414 4636 Detected object count: 0

2011/06/22 15:15:49.0414 4636 Actual detected object count: 0

2011/06/22 15:17:06.0790 0672 Deinitialize success

Thanks so much for your help so far.

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Here's the log as you requested (I am now only able to run programs by right-clicking and running as administrator) -

ComboFix 11-06-22.05 - Baby 06/23/2011 13:14:02.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1916.697 [GMT -4:00]

Running from: c:\users\Baby\Desktop\ComboFix.exe

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\security\Database\tmp.edb

c:\windows\system32\Thumbs.db

.

.

((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))

.

.

2011-06-23 17:20 . 2011-06-23 17:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-22 19:30 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{014EA32E-CAD9-45BD-AC38-0EA23988511D}\mpengine.dll

2011-06-21 01:59 . 2011-06-21 01:59 -------- d-----w- c:\users\Baby\AppData\Roaming\Malwarebytes

2011-06-21 01:59 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-21 01:59 . 2011-06-21 01:59 -------- d-----w- c:\programdata\Malwarebytes

2011-06-21 01:59 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-21 01:59 . 2011-06-21 01:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-06-21 01:56 . 2011-06-21 01:56 -------- d-----w- c:\users\Baby\AppData\Local\Apple Computer

2011-06-21 01:51 . 2010-09-06 09:26 189520 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2011-06-21 01:37 . 2011-06-20 23:18 16432 ----a-w- c:\windows\system32\lsdelete.exe

2011-06-20 23:18 . 2011-06-20 23:18 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-06-20 23:15 . 2011-06-20 23:15 -------- dc----w- c:\windows\system32\DRVSTORE

2011-06-20 23:15 . 2011-06-20 14:31 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys

2011-06-20 23:15 . 2011-06-20 23:15 -------- d-----w- c:\programdata\Lavasoft

2011-06-20 23:15 . 2011-06-20 23:15 -------- d-----w- c:\program files (x86)\Lavasoft

2011-06-18 13:37 . 2011-06-18 13:37 -------- d-----w- c:\users\Baby\AppData\Roaming\InstallShield

2011-06-16 02:12 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-06-16 02:12 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys

2011-06-16 02:12 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-06-16 02:12 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-06-16 02:12 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2011-06-16 02:12 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys

2011-06-16 02:12 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-06-16 02:12 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys

2011-06-16 02:12 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys

2011-06-16 02:11 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll

2011-06-16 02:11 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll

2011-06-16 02:11 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll

2011-06-16 02:11 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll

2011-06-08 01:36 . 2011-06-08 01:36 -------- d-----w- c:\users\Baby\AppData\Local\ElevatedDiagnostics

2011-06-07 02:52 . 2011-06-08 04:07 -------- d-----w- c:\users\Baby\AppData\Roaming\skypePM

2011-06-07 02:52 . 2011-06-07 02:53 -------- d-----w- c:\programdata\Skype Extras

2011-06-07 02:50 . 2011-06-08 10:08 -------- d-----w- c:\users\Baby\AppData\Roaming\Skype

2011-06-07 02:49 . 2011-06-07 02:49 -------- d-----w- c:\program files (x86)\Common Files\Skype

2011-06-07 02:49 . 2011-06-07 02:50 -------- d-----r- c:\program files (x86)\Skype

2011-06-07 02:49 . 2011-06-07 02:49 -------- d-----w- c:\programdata\Skype

2011-06-02 01:01 . 2011-06-02 01:01 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-06-02 01:01 . 2011-06-02 01:01 -------- d-----w- c:\users\Baby\AppData\Local\Apple

2011-06-02 01:01 . 2011-06-02 01:01 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-06-02 01:01 . 2011-06-02 01:01 -------- d-----w- c:\programdata\Apple

2011-05-29 15:23 . 2011-05-29 15:23 -------- d-----w- c:\windows\system32\SPReview

2011-05-29 15:22 . 2011-05-29 15:22 -------- d-----w- c:\windows\system32\EventProviders

2011-05-24 23:34 . 2011-02-02 22:36 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FD95C3E0-CF52-4B42-BBD9-1619F7A39080}\gapaengine.dll

2011-05-24 23:28 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-15 22:35 . 2011-05-18 00:59 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-29 15:33 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll

2011-05-29 15:33 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-05-11 01:41 . 2011-05-11 01:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-11 01:41 . 2011-05-11 01:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-11 01:41 . 2011-05-11 01:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll

2011-05-11 01:41 . 2011-05-11 01:41 85504 ----a-w- c:\windows\system32\iesetup.dll

2011-05-11 01:41 . 2011-05-11 01:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2011-05-11 01:41 . 2011-05-11 01:41 76800 ----a-w- c:\windows\system32\tdc.ocx

2011-05-11 01:41 . 2011-05-11 01:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2011-05-11 01:41 . 2011-05-11 01:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll

2011-05-11 01:41 . 2011-05-11 01:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx

2011-05-11 01:41 . 2011-05-11 01:41 603648 ----a-w- c:\windows\system32\vbscript.dll

2011-05-11 01:41 . 2011-05-11 01:41 49664 ----a-w- c:\windows\system32\imgutil.dll

2011-05-11 01:41 . 2011-05-11 01:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2011-05-11 01:41 . 2011-05-11 01:41 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-11 01:41 . 2011-05-11 01:41 448512 ----a-w- c:\windows\system32\html.iec

2011-05-11 01:41 . 2011-05-11 01:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-05-11 01:41 . 2011-05-11 01:41 367104 ----a-w- c:\windows\SysWow64\html.iec

2011-05-11 01:41 . 2011-05-11 01:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll

2011-05-11 01:41 . 2011-05-11 01:41 30720 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-11 01:41 . 2011-05-11 01:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll

2011-05-11 01:41 . 2011-05-11 01:41 222208 ----a-w- c:\windows\system32\msls31.dll

2011-05-11 01:41 . 2011-05-11 01:41 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-11 01:41 . 2011-05-11 01:41 165888 ----a-w- c:\windows\system32\iexpress.exe

2011-05-11 01:41 . 2011-05-11 01:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll

2011-05-11 01:41 . 2011-05-11 01:41 160256 ----a-w- c:\windows\system32\wextract.exe

2011-05-11 01:41 . 2011-05-11 01:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe

2011-05-11 01:41 . 2011-05-11 01:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2011-05-11 01:41 . 2011-05-11 01:41 1492992 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-11 01:41 . 2011-05-11 01:41 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2011-05-11 01:41 . 2011-05-11 01:41 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2011-05-11 01:41 . 2011-05-11 01:41 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-05-11 01:41 . 2011-05-11 01:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-11 01:41 . 2011-05-11 01:41 12288 ----a-w- c:\windows\system32\mshta.exe

2011-05-11 01:41 . 2011-05-11 01:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe

2011-05-11 01:41 . 2011-05-11 01:41 114176 ----a-w- c:\windows\system32\admparse.dll

2011-05-11 01:41 . 2011-05-11 01:41 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-05-11 01:41 . 2011-05-11 01:41 111616 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-11 01:41 . 2011-05-11 01:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2011-05-11 01:41 . 2011-05-11 01:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll

2011-05-09 22:00 . 2011-01-22 05:44 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-04-09 07:02 . 2011-05-11 01:50 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 06:58 . 2011-05-11 01:50 142336 ----a-w- c:\windows\system32\poqexec.exe

2011-04-09 06:02 . 2011-05-11 01:50 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-04-09 06:02 . 2011-05-11 01:50 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-11 01:50 123904 ----a-w- c:\windows\SysWow64\poqexec.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

c:\users\Baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MLB.TV NexDef Plug-in.lnk - c:\users\Baby\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe [2011-3-16 15502336]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-06-20 17152]

R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-06-20 2151128]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-06-20 14:31]

.

2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]

.

2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 167.206.245.130 167.206.245.129

FF - ProfilePath - c:\users\Baby\AppData\Roaming\Mozilla\Firefox\Profiles\mmcixgl1.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/nwshp?client=firefox-a&rls=org.mozilla:en-US:official&hl=en&tab=wn

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2991593679-2889441882-3839175555-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2991593679-2889441882-3839175555-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

.

**************************************************************************

.

Completion time: 2011-06-23 13:26:23 - machine was rebooted

ComboFix-quarantined-files.txt 2011-06-23 17:26

.

Pre-Run: 193,027,903,488 bytes free

Post-Run: 193,199,546,368 bytes free

.

- - End Of File - - 18756C60A587526F0EAFA48C270868AB

Link to post
Share on other sites

Hi there, please let me know how things are running at this point.

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AdAware or MS Security Essentials.

Link to post
Share on other sites

Hi there, please let me know how things are running at this point.

TWO ANTIVIRUS PROGRAMS

---------------------------------------

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AdAware or MS Security Essentials.

Hi,

Well everything seems to be OK but I have lost my desktop icons which is fine if there aren't any other issues related to that but I still have "Windows 7 Repair" files on my comp as well as on my desktop.

Link to post
Share on other sites

I don't think any files are missing just that the icons aren't there which is no problem. I believe everything is good now.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6923

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

6/23/2011 5:07:41 PM

mbam-log-2011-06-23 (17-07-40).txt

Scan type: Quick scan

Objects scanned: 169018

Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hi again,

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 6.
  • Look for "JDK 6 Update 26 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-6u26-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

Hi there,

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Oh well I went to do the final steps and the computer is completely frozen now....not sure what happened. I am on a different laptop right now. I can't move the cursor, bring up task manager or shut the computer down...was fine a bit ago

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.