Jump to content

Recommended Posts

I have been having issues with being redirected to random websites, usually redirected to get-answers-fast.com. If I could get some help it would be greatly appreciated. I read a bit of other topics in this forum and have downloaded DDS and scanned once. I can post the files produced if needed.

Thank you.

Link to post
Share on other sites

Hi and Welcome to the Malwarebytes Forum,

Please follow the directions HERE and copy/paste the requested logs in your next reply.

Some background information on what we're planning to do can be found HERE

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    This is the executable version:
  • Download TDSSKiller and save it to your Desktop.
  • Double-click on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Thank you for your reply! Here are the logs from a fresh dds scan:

.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by missk831 at 21:17:23 on 2011-10-20

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1234 [GMT -7:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\userinit.exe

C:\windows\Explorer.EXE

C:\windows\system32\ctfmon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\windows\system32\conhost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [<NO NAME>]

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B2978D8F-E563-402F-B000-E31A4F9A88C7} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{B2978D8F-E563-402F-B000-E31A4F9A88C7}\2456C6B696E6E233531463 : DhcpNameServer = 192.168.2.1

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\missk831\appdata\roaming\mozilla\firefox\profiles\7h9maovf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

FF - prefs.js: network.proxy.type - 0

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll

FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll

FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-23 167936]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-19 442200]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-19 320856]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-5-23 176128]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-19 20568]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-19 54616]

S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-19 44768]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 135664]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-19 366152]

S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-15 135664]

S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-5-23 54136]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-18 1343400]

.

=============== Created Last 30 ================

.

2011-10-20 04:35:35 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-10-20 04:35:33 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-10-20 04:34:16 41184 ----a-w- c:\windows\avastSS.scr

2011-10-20 04:34:07 -------- d-----w- c:\programdata\AVAST Software

2011-10-20 04:34:07 -------- d-----w- c:\program files\AVAST Software

2011-10-19 08:22:11 -------- d-----w- c:\users\missk831\appdata\roaming\Malwarebytes

2011-10-19 08:22:01 -------- d-----w- c:\programdata\Malwarebytes

2011-10-19 08:21:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-18 23:10:27 -------- d-----w- c:\windows\system32\SPReview

2011-10-18 22:55:36 -------- d-----w- c:\users\missk831\appdata\local\ElevatedDiagnostics

2011-10-18 22:22:01 -------- d-----w- c:\windows\system32\EventProviders

2011-10-18 22:20:34 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-10-18 20:33:12 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{abb3fbaa-78b8-4012-aa38-0a539a221bf6}\mpengine.dll

2011-10-17 10:51:28 -------- d-----w- c:\users\missk831\appdata\local\Symantec

2011-10-14 00:16:56 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-14 00:16:56 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-14 00:16:56 59904 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-14 00:16:56 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-14 00:16:56 204288 ----a-w- c:\windows\system32\MSNP.ax

2011-10-14 00:16:55 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-14 00:16:55 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-14 00:16:54 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-10-03 06:02:20 -------- d-----w- c:\program files\Tango

2011-10-03 06:02:17 -------- d-----w- c:\users\missk831\appdata\local\tango

2011-09-30 00:12:08 770384 ----a-w- c:\windows\system32\msvcr100.dll

2011-09-30 00:12:08 421200 ----a-w- c:\windows\system32\msvcp100.dll

2011-09-27 22:56:57 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys

2011-09-27 22:56:57 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys

2011-09-27 22:56:57 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys

2011-09-27 22:56:57 -------- d-----w- c:\program files\LG Electronics

2011-09-23 05:51:48 -------- d-----w- c:\users\missk831\appdata\local\Diagnostics

.

==================== Find3M ====================

.

2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-09-16 03:25:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll

2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 21:24:56.86 ===============

Link to post
Share on other sites

Here is the text from the "attach" file:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/15/2010 6:44:10 PM

System Uptime: 10/20/2011 9:16:43 PM (0 hours ago)

.

Motherboard: TOSHIBA | | NBWAE

Processor: AMD Sempron SI-42 | Socket M2/S1G1 | 2099/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 198.341 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Network Shield Support

Device ID: ROOT\LEGACY_ASWTDI\0000

Manufacturer:

Name: avast! Network Shield Support

PNP Device ID: ROOT\LEGACY_ASWTDI\0000

Service: aswTdi

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP131: 10/18/2011 3:23:32 PM - Windows 7 Service Pack 1

RP133: 10/18/2011 3:57:39 PM - Installed TOSHIBA Service Station

RP134: 10/18/2011 4:09:28 PM - Windows Update

RP135: 10/19/2011 9:33:52 PM - avast! Free Antivirus Setup

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1

Applian Director

ATI Catalyst Install Manager

avast! Free Antivirus

Cap'n Crunch's Crunchling Adventure

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Combined Community Codec Pack 2010-10-10

Compatibility Pack for the 2007 Office system

Disney's Magic Artist Studio

Google Toolbar for Internet Explorer

Google Update Helper

Java Auto Updater

Java 6 Update 26

Junk Mail filter update

Label@Once 1.0

LG USB Modem driver

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox 7.0.1 (x86 en-US)

MSVCRT

MyToshiba

NetZero Launcher

Norton Internet Security

PlayReady PC Runtime x86

Quickbooks Financial Center

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Replay Media Catcher 4

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Skype Launcher

SpongeBob SquarePants® Operation Krabby Patty

Synaptics Pointing Device Driver

Tango

Toshiba Application and Driver Installer

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Online Backup

Toshiba Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

ToshibaRegistration

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Utility Common Driver

WildTangent Games

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

10/20/2011 9:24:26 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 9:17:19 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 9:17:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/20/2011 9:17:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/20/2011 9:17:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/20/2011 9:17:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/20/2011 9:17:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6

10/20/2011 9:14:10 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

10/20/2011 9:14:10 PM, Error: atikmdag [43029] - Display is not active

10/20/2011 5:06:49 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

10/20/2011 5:06:49 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

10/20/2011 4:10:15 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

10/20/2011 4:10:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.

10/20/2011 4:08:51 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.

10/20/2011 2:24:53 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

10/20/2011 2:24:53 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.

10/20/2011 12:36:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

10/20/2011 1:38:26 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 1:38:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/20/2011 1:38:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/20/2011 1:38:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2011 1:38:01 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2011 1:31:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

10/19/2011 8:35:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000076 (0x00000000, 0x84c1aa60, 0x000007d1, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 101911-21060-01.

10/19/2011 12:13:30 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

10/18/2011 7:45:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

10/18/2011 4:28:11 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Windows 7 Service Pack 1 (KB976932).

10/18/2011 4:23:39 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown.

10/18/2011 3:50:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0826: Update for Windows 7 (KB976422).

10/18/2011 3:46:59 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

10/18/2011 3:22:44 PM, Error: Microsoft-Windows-Service Pack Installer [6] - The Service Pack cannot be installed when the computer is running on battery power.

10/18/2011 3:17:02 PM, Error: Service Control Manager [7023] -

10/18/2011 2:32:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP DfsC discache eeCtrl IDSVix86 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIM SYMTDI tdx vwififlt Wanarpv6 WfpLwf

10/16/2011 6:36:53 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.

.

==== End Of File ===========================

Link to post
Share on other sites

Before we troubleshoot anything, I noticed that you have two AV's:

1. Norton Internet Security (probably preinstalled with your PC)

2. AVAST

Please uninstall the one you don't want to keep!

Delete TDSSKiller.exe on your desktop

Redownload TDSSKiller.exe but rename it as you download to calc.com

Then right-click calc.com & select "Run as Administrator"

If that doesn't work, try running it from safe mode by tapping the F8 key & using these directions:

http://support.kaspersky.com/faq/?qid=208283416

I saw this in DDS.txt which indicates MBAM found some threats and cleaned them:

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

Please open MBAM, Click Logs, retrieve the log from that scan, & copy/paste it into your next reply. Then open MBAM, update it, and perform a new Quick Scan & post that log, here, as well. Thanks!

Link to post
Share on other sites

This is the log you have asked for from the first scan preformed:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7977

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/19/2011 2:12:32 AM

mbam-log-2011-10-19 (02-12-32).txt

Scan type: Full scan (C:\|)

Objects scanned: 259160

Time elapsed: 46 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

I will do another scan shortly. I am still having difficulty getting the tddskiller to run. I renamed it to calc before downloading and attempted to run in normal mode, safe mode w/networking and just safe mode. All attempts clicking the "run as Admin". Whenever I try I'll get the hourglass next the cursor for a brief moment and then nothing happens. Also, Norton has been removed.

Link to post
Share on other sites

Download TFC to your desktop.

  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean

Reset Internet Proxy Settings if they were altered by the infection for all browsers you use by following these directions:

http://forums.avg.com/us-en/avg-forums?sec=thread&act=show&id=166875

Download and run a complete scan with the Microsoft Malicious Removal Tool:

Download Microsoft's Malicious Software Removal Tool (MSRT) to your desktop

Save and Rename it as You download it to explorer.exe

Double-click explorer.exe on your Desktop to run it

In the "Scan Type" selection window, select "Full Scan"

Perform a Full scan and the Click Finish when the scan is done.

Retrieve the MSRT log as follows, and attach it in your next reply:

1) Click on Start, Run

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter

notepad c:\windows\debug\mrt.log

You can use this tutorial as a guide, then attach the resulting scan report to your next reply:

http://secure-computer-solutions.com/blog/2010/09/scanning_and_removing_malware.html

Please Run ComboFix by following the steps provided in exactly this sequence:

Here is a tutorial that describes how to download, install and run Combofix. Please thoroughly review it beofre proceeding:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Very Important! BEFORE downloading Combofix, temporarily disable your antivirus and antimalware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix and even remove onboard components so it is rendered ineffective:

http://www.bleepingcomputer.com/forums/topic114351.html

Note: The above tutorial does not tell you to rename Combofix as I am about to instruct you to do in the following instructions, so make sure you complete the renaming step before launching Combofix.

Using ComboFix ->

Please download Combofix from one of these locations:

HERE or HERE

I want you to rename Combofix.exe as you download it to iexplore.exe

Notes:

  • It is very important that save the newly renamed EXE file to your desktop.
  • You must rename Combofixe.exe as you download it and not after it is on your computer.
    You may have to modify your browser settings if you use Firefox, so you can rename Combofix.exe as you download it. To do that:
    • Open Firefox
    • Click Tools -> Options -> Main
    • Under the downloads section check the button that says "Always ask me where to save files".
    • Click OK

    [*]For Internet Explorer:

    • Choose to save, not open the file
    • When prompted - save the file to your desktop, and rename it iexplore.exe.

Running Combofix

In the event you already have Combofix, please delete it as this is a new version.

  • Close any open browsers and programs.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • If Combofix asks to update, please allow it to do so. If it renames itself back to Combofix.exe - this is normal!!

1. To Launch Combofix

Right-Click iexplore.exe on your desktop & select "Run as Administrator" (approve any & all UAC prompts to allow it to run)

2. When finished, it will produce a logfile located at C:\ComboFix.txt

3. Post the contents of that log in your next reply.

Note: Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.

Please post C:\ComboFix.txt in your next reply.

If You have problems running Combofix then try running it in "Safe Mode with Networking" as follows:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading normally, the Advanced Options Menu should appear;
  • Select the option, to run Windows in "Safe Mode with Networking", then press Enter.
  • Choose your usual account, and launch Combofix as directed above.

=============

NOTE: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply.

-------------------

Please copy/paste the following into your next reply:

c:\windows\debug\mrt.log (attach this)

C:\Combofix.txt (copy/paste this)

Thanks!

Link to post
Share on other sites

Here is the log after downloading updates for MBAM:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7994

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

10/21/2011 11:08:52 AM

mbam-log-2011-10-21 (11-08-52).txt

Scan type: Quick scan

Objects scanned: 155633

Time elapsed: 2 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Wow I did not think it would take that long long to run these scans but I have finally finished. I have attached the log from MSRT. Here is the log from the comboFix scan:

ComboFix 11-10-21.06 - missk831 10/21/2011 22:51:15.1.1 - x86 NETWORK

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1243 [GMT -7:00]

Running from: c:\users\missk831\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-09-22 to 2011-10-22 )))))))))))))))))))))))))))))))

.

.

2011-10-22 06:20 . 2011-10-22 06:21 -------- d-----w- c:\users\missk831\AppData\Local\temp

2011-10-22 06:20 . 2011-10-22 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-10-22 05:26 . 2011-10-22 05:36 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABB3FBAA-78B8-4012-AA38-0A539A221BF6}\offreg.dll

2011-10-20 04:35 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-10-20 04:35 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-10-20 04:35 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-10-20 04:35 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-10-20 04:35 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-10-20 04:35 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-10-20 04:34 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr

2011-10-20 04:34 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-10-20 04:34 . 2011-10-20 04:34 -------- d-----w- c:\programdata\AVAST Software

2011-10-20 04:34 . 2011-10-20 04:34 -------- d-----w- c:\program files\AVAST Software

2011-10-19 08:22 . 2011-10-19 08:22 -------- d-----w- c:\users\missk831\AppData\Roaming\Malwarebytes

2011-10-19 08:22 . 2011-10-19 08:22 -------- d-----w- c:\programdata\Malwarebytes

2011-10-19 08:21 . 2011-10-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-10-18 23:10 . 2011-10-18 23:10 -------- d-----w- c:\windows\system32\SPReview

2011-10-18 22:57 . 2011-10-18 22:57 -------- d-----w- c:\users\missk831\AppData\Roaming\InstallShield

2011-10-18 22:55 . 2011-10-21 17:31 -------- d-----w- c:\users\missk831\AppData\Local\ElevatedDiagnostics

2011-10-18 22:22 . 2011-10-18 22:22 -------- d-----w- c:\windows\system32\EventProviders

2011-10-18 22:20 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2011-10-18 20:33 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ABB3FBAA-78B8-4012-AA38-0A539A221BF6}\mpengine.dll

2011-10-17 10:51 . 2011-10-17 10:51 -------- d-----w- c:\users\missk831\AppData\Local\Symantec

2011-10-14 00:16 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll

2011-10-14 00:16 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax

2011-10-14 00:16 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax

2011-10-14 00:16 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax

2011-10-14 00:16 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax

2011-10-14 00:16 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll

2011-10-14 00:16 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll

2011-10-14 00:16 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-10-03 06:02 . 2011-10-03 06:02 -------- d-----w- c:\program files\Tango

2011-10-03 06:02 . 2011-10-03 06:06 -------- d-----w- c:\users\missk831\AppData\Local\tango

2011-09-30 00:12 . 2011-09-30 00:12 770384 ----a-w- c:\windows\system32\msvcr100.dll

2011-09-30 00:12 . 2011-09-30 00:12 421200 ----a-w- c:\windows\system32\msvcp100.dll

2011-09-27 22:56 . 2011-09-27 22:56 -------- d-----w- c:\program files\LG Electronics

2011-09-27 22:56 . 2008-11-11 20:42 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys

2011-09-27 22:56 . 2008-11-11 20:41 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys

2011-09-27 22:56 . 2008-11-11 20:41 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys

2011-09-23 05:51 . 2011-09-23 05:51 -------- d-----w- c:\users\missk831\AppData\Local\Diagnostics

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-16 03:25 . 2011-07-03 04:11 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 06:38 . 2011-07-03 04:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-09-01 449608]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-09-01 1047208]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R1 aswSnx;aswSnx; [x]

R1 aswSP;aswSP; [x]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]

R2 aswFsBlk;aswFsBlk; [x]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 135664]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-09-01 366152]

R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 135664]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1343400]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 03:27]

.

2011-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 03:27]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\missk831\AppData\Roaming\Mozilla\Firefox\Profiles\7h9maovf.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-10-21 23:37:44

ComboFix-quarantined-files.txt 2011-10-22 06:37

.

Pre-Run: 212,893,712,384 bytes free

Post-Run: 212,810,706,944 bytes free

.

- - End Of File - - E2601D2F87B6F6CD83E3BED23BBA8588

mrt.log

Link to post
Share on other sites

Good job! Combofix found a few infected items but your MSRT scan was clean.

Delete TDSSKiller.zip and TDSSKiller.EXE on your Desktop.

I want you to register at the Kaspersky Forum:

http://forum.kaspersky.com/index.php?act=idx

  • Then download the ZIP file HERE:
  • Extract the zip archive, then disable your anti-malware active protection. Run it in Normal & Safe Mode (if it doesn't work in Normal Mode) and post back the resulting log.

NOTE:

If the above didn't work, then try doing the download & extraction on a clean PC & transfering to the infected PC.

Please perform a scan with the ESET online virus scanner

  • You can expect some detections in Combofix's quarantine (Qoobox) and system volume information. They will not represent active threats, so don't worry:
    [*]NOTE: You must perform this scan with Internet Explorer in Elevated Privilege (not protected) mode. To do that Right-Clicking the Internet Explorer short-cut and select "Run as Administrator".

Navigate to the following url using Internet Explorer:

http://www.eset.com/onlinescan/index.php

  • ESET recommends disabling your resident antivirus's auto-protection feature (MSE) before beginning the scan to avoid conflicts and system hangs
  • Use Internet Explorer to navigate to the scanner website because you must approve install an ActiveX add-on to complete the scan.
  • Check the "Yes, I accept the terms of use" box.
  • Click "Start"
  • Approve the installation of the ActiveX control that's required to enable scanning
  • Make sure the box to
    • Remove found threats is CHECKED!!
    • Click "Start"

    [*]Allow the definition data base to install

    [*]Click "Scan"

When the scan is done:

  • Do NOT choose the option to uninstall the ESET Online Scanner with all its components because you need to retain the scan log for posting.
  • Please post the scan report in your next reply. It can be found in this location:
    C:\Program Files\EsetOnlineScanner\log.txt
  • You can remove the ESET Online Scanner using the Windows Control Panel - Add/Remove Programs feature

So in your next reply I'd like to see:

  1. The TDSSKiller Log (if it successfully ran)
  2. The ESET scan report

Link to post
Share on other sites

Great, that link finally got tdssKiller to work! Here is the log created from the scan:

20:34:57.0281 1288 1.0.0.0 Oct 17 2011 16:07:02

20:34:57.0780 1288 ============================================================

20:34:57.0780 1288 Current date / time: 2011/10/22 20:34:57.0780

20:34:57.0780 1288 SystemInfo:

20:34:57.0780 1288

20:34:57.0780 1288 OS Version: 6.1.7600 ServicePack: 0.0

20:34:57.0780 1288 Product type: Workstation

20:34:57.0780 1288 ComputerName: MISSK831-PC

20:34:57.0780 1288 UserName: missk831

20:34:57.0780 1288 Windows directory: C:\windows

20:34:57.0780 1288 System windows directory: C:\windows

20:34:57.0780 1288 Processor architecture: Intel x86

20:34:57.0780 1288 Number of processors: 1

20:34:57.0780 1288 Page size: 0x1000

20:34:57.0780 1288 Boot type: Safe boot with network

20:34:57.0780 1288 ============================================================

20:35:13.0911 1288 Initialize success

20:35:16.0610 1372 ============================================================

20:35:16.0610 1372 Scan started

20:35:16.0610 1372 Mode: Manual;

20:35:16.0610 1372 ============================================================

20:35:17.0717 1372 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys

20:35:17.0733 1372 1394ohci - ok

20:35:17.0904 1372 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys

20:35:17.0920 1372 ACPI - ok

20:35:18.0092 1372 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys

20:35:18.0092 1372 AcpiPmi - ok

20:35:18.0435 1372 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

20:35:18.0450 1372 adp94xx - ok

20:35:18.0638 1372 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

20:35:18.0653 1372 adpahci - ok

20:35:18.0872 1372 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

20:35:18.0872 1372 adpu320 - ok

20:35:19.0168 1372 AFD (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys

20:35:19.0184 1372 AFD - ok

20:35:19.0433 1372 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys

20:35:19.0496 1372 AgereSoftModem - ok

20:35:19.0714 1372 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys

20:35:19.0714 1372 agp440 - ok

20:35:19.0948 1372 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

20:35:19.0964 1372 aic78xx - ok

20:35:20.0213 1372 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys

20:35:20.0213 1372 aliide - ok

20:35:20.0416 1372 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys

20:35:20.0432 1372 amdagp - ok

20:35:20.0603 1372 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys

20:35:20.0603 1372 amdide - ok

20:35:20.0806 1372 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

20:35:20.0822 1372 AmdK8 - ok

20:35:21.0040 1372 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

20:35:21.0040 1372 AmdPPM - ok

20:35:21.0321 1372 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys

20:35:21.0321 1372 amdsata - ok

20:35:21.0555 1372 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

20:35:21.0555 1372 amdsbs - ok

20:35:21.0773 1372 amdxata (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys

20:35:21.0789 1372 amdxata - ok

20:35:21.0992 1372 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys

20:35:21.0992 1372 AppID - ok

20:35:22.0194 1372 appliand (05eda44c080ebaf758f8a318488ffd75) C:\windows\system32\DRIVERS\appliand.sys

20:35:22.0194 1372 appliand - ok

20:35:22.0304 1372 appliandMP (05eda44c080ebaf758f8a318488ffd75) C:\windows\system32\DRIVERS\appliand.sys

20:35:22.0304 1372 appliandMP - ok

20:35:22.0491 1372 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

20:35:22.0491 1372 arc - ok

20:35:22.0709 1372 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

20:35:22.0709 1372 arcsas - ok

20:35:22.0943 1372 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\windows\system32\drivers\aswFsBlk.sys

20:35:22.0943 1372 aswFsBlk - ok

20:35:23.0177 1372 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\windows\system32\drivers\aswMonFlt.sys

20:35:23.0177 1372 aswMonFlt - ok

20:35:23.0364 1372 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\windows\system32\drivers\aswRdr.sys

20:35:23.0364 1372 aswRdr - ok

20:35:23.0583 1372 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\windows\system32\drivers\aswSnx.sys

20:35:23.0583 1372 aswSnx - ok

20:35:23.0817 1372 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\windows\system32\drivers\aswSP.sys

20:35:23.0817 1372 aswSP - ok

20:35:24.0066 1372 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\windows\system32\drivers\aswTdi.sys

20:35:24.0066 1372 aswTdi - ok

20:35:24.0300 1372 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

20:35:24.0300 1372 AsyncMac - ok

20:35:24.0488 1372 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys

20:35:24.0488 1372 atapi - ok

20:35:24.0878 1372 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys

20:35:24.0987 1372 atikmdag - ok

20:35:25.0190 1372 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys

20:35:25.0190 1372 AtiPcie - ok

20:35:25.0470 1372 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

20:35:25.0533 1372 b06bdrv - ok

20:35:25.0782 1372 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

20:35:25.0782 1372 b57nd60x - ok

20:35:26.0001 1372 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

20:35:26.0001 1372 Beep - ok

20:35:26.0282 1372 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

20:35:26.0282 1372 blbdrive - ok

20:35:26.0438 1372 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys

20:35:26.0438 1372 bowser - ok

20:35:26.0672 1372 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

20:35:26.0672 1372 BrFiltLo - ok

20:35:26.0843 1372 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

20:35:26.0843 1372 BrFiltUp - ok

20:35:27.0077 1372 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

20:35:27.0140 1372 Brserid - ok

20:35:27.0358 1372 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

20:35:27.0358 1372 BrSerWdm - ok

20:35:27.0576 1372 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

20:35:27.0576 1372 BrUsbMdm - ok

20:35:27.0748 1372 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

20:35:27.0748 1372 BrUsbSer - ok

20:35:27.0982 1372 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

20:35:27.0982 1372 BTHMODEM - ok

20:35:28.0154 1372 catchme - ok

20:35:28.0372 1372 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

20:35:28.0372 1372 cdfs - ok

20:35:28.0653 1372 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys

20:35:28.0668 1372 cdrom - ok

20:35:28.0902 1372 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

20:35:28.0902 1372 circlass - ok

20:35:29.0058 1372 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

20:35:29.0058 1372 CLFS - ok

20:35:29.0386 1372 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

20:35:29.0386 1372 CmBatt - ok

20:35:29.0558 1372 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys

20:35:29.0558 1372 cmdide - ok

20:35:29.0776 1372 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys

20:35:29.0792 1372 CNG - ok

20:35:30.0010 1372 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

20:35:30.0010 1372 Compbatt - ok

20:35:30.0197 1372 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys

20:35:30.0197 1372 CompositeBus - ok

20:35:30.0447 1372 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

20:35:30.0447 1372 crcdisk - ok

20:35:30.0728 1372 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys

20:35:30.0728 1372 DfsC - ok

20:35:31.0024 1372 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

20:35:31.0040 1372 discache - ok

20:35:31.0227 1372 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

20:35:31.0227 1372 Disk - ok

20:35:31.0523 1372 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

20:35:31.0523 1372 drmkaud - ok

20:35:31.0773 1372 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys

20:35:31.0773 1372 DXGKrnl - ok

20:35:32.0132 1372 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

20:35:32.0256 1372 ebdrv - ok

20:35:32.0584 1372 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

20:35:32.0600 1372 elxstor - ok

20:35:32.0818 1372 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys

20:35:32.0834 1372 ErrDev - ok

20:35:33.0068 1372 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

20:35:33.0068 1372 exfat - ok

20:35:33.0239 1372 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

20:35:33.0239 1372 fastfat - ok

20:35:33.0489 1372 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

20:35:33.0489 1372 fdc - ok

20:35:33.0660 1372 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

20:35:33.0660 1372 FileInfo - ok

20:35:33.0879 1372 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

20:35:33.0879 1372 Filetrace - ok

20:35:34.0066 1372 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

20:35:34.0066 1372 flpydisk - ok

20:35:34.0238 1372 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

20:35:34.0238 1372 FltMgr - ok

20:35:34.0518 1372 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

20:35:34.0518 1372 FsDepends - ok

20:35:34.0737 1372 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

20:35:34.0737 1372 Fs_Rec - ok

20:35:34.0908 1372 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys

20:35:34.0908 1372 fvevol - ok

20:35:35.0096 1372 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

20:35:35.0096 1372 gagp30kx - ok

20:35:35.0454 1372 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

20:35:35.0454 1372 hcw85cir - ok

20:35:35.0642 1372 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys

20:35:35.0642 1372 HdAudAddService - ok

20:35:35.0891 1372 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys

20:35:35.0891 1372 HDAudBus - ok

20:35:36.0110 1372 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

20:35:36.0110 1372 HidBatt - ok

20:35:36.0281 1372 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

20:35:36.0281 1372 HidBth - ok

20:35:36.0468 1372 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

20:35:36.0468 1372 HidIr - ok

20:35:36.0718 1372 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys

20:35:36.0718 1372 HidUsb - ok

20:35:37.0030 1372 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys

20:35:37.0030 1372 HpSAMD - ok

20:35:37.0248 1372 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys

20:35:37.0264 1372 HTTP - ok

20:35:37.0482 1372 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys

20:35:37.0482 1372 hwpolicy - ok

20:35:37.0685 1372 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys

20:35:37.0685 1372 i8042prt - ok

20:35:37.0857 1372 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys

20:35:37.0919 1372 iaStorV - ok

20:35:38.0106 1372 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

20:35:38.0106 1372 iirsp - ok

20:35:38.0450 1372 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys

20:35:38.0543 1372 IntcAzAudAddService - ok

20:35:38.0715 1372 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys

20:35:38.0715 1372 intelide - ok

20:35:38.0918 1372 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

20:35:38.0918 1372 intelppm - ok

20:35:39.0167 1372 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

20:35:39.0167 1372 IpFilterDriver - ok

20:35:39.0401 1372 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys

20:35:39.0401 1372 IPMIDRV - ok

20:35:39.0635 1372 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

20:35:39.0635 1372 IPNAT - ok

20:35:39.0807 1372 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

20:35:39.0807 1372 IRENUM - ok

20:35:40.0088 1372 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys

20:35:40.0103 1372 isapnp - ok

20:35:40.0322 1372 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys

20:35:40.0337 1372 iScsiPrt - ok

20:35:40.0556 1372 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys

20:35:40.0556 1372 kbdclass - ok

20:35:40.0790 1372 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys

20:35:40.0790 1372 kbdhid - ok

20:35:40.0946 1372 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys

20:35:40.0946 1372 KSecDD - ok

20:35:41.0133 1372 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\windows\system32\Drivers\ksecpkg.sys

20:35:41.0133 1372 KSecPkg - ok

20:35:41.0414 1372 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

20:35:41.0414 1372 lltdio - ok

20:35:41.0663 1372 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys

20:35:41.0663 1372 LPCFilter - ok

20:35:41.0897 1372 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

20:35:41.0897 1372 LSI_FC - ok

20:35:42.0147 1372 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

20:35:42.0147 1372 LSI_SAS - ok

20:35:42.0318 1372 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

20:35:42.0318 1372 LSI_SAS2 - ok

20:35:42.0506 1372 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

20:35:42.0506 1372 LSI_SCSI - ok

20:35:42.0708 1372 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

20:35:42.0771 1372 luafv - ok

20:35:43.0005 1372 MBAMProtector - ok

20:35:43.0254 1372 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

20:35:43.0254 1372 megasas - ok

20:35:43.0426 1372 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

20:35:43.0488 1372 MegaSR - ok

20:35:43.0676 1372 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

20:35:43.0676 1372 Modem - ok

20:35:43.0925 1372 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

20:35:43.0925 1372 monitor - ok

20:35:44.0159 1372 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys

20:35:44.0159 1372 mouclass - ok

20:35:44.0440 1372 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

20:35:44.0440 1372 mouhid - ok

20:35:44.0596 1372 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys

20:35:44.0658 1372 mountmgr - ok

20:35:44.0877 1372 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys

20:35:44.0877 1372 mpio - ok

20:35:45.0095 1372 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

20:35:45.0111 1372 mpsdrv - ok

20:35:45.0282 1372 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys

20:35:45.0298 1372 MRxDAV - ok

20:35:45.0516 1372 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys

20:35:45.0516 1372 mrxsmb - ok

20:35:45.0735 1372 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys

20:35:45.0750 1372 mrxsmb10 - ok

20:35:45.0922 1372 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys

20:35:45.0922 1372 mrxsmb20 - ok

20:35:46.0078 1372 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys

20:35:46.0078 1372 msahci - ok

20:35:46.0296 1372 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys

20:35:46.0296 1372 msdsm - ok

20:35:46.0608 1372 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

20:35:46.0608 1372 Msfs - ok

20:35:46.0827 1372 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

20:35:46.0827 1372 mshidkmdf - ok

20:35:46.0998 1372 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys

20:35:46.0998 1372 msisadrv - ok

20:35:47.0186 1372 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

20:35:47.0186 1372 MSKSSRV - ok

20:35:47.0420 1372 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

20:35:47.0420 1372 MSPCLOCK - ok

20:35:47.0732 1372 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

20:35:47.0732 1372 MSPQM - ok

20:35:47.0950 1372 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

20:35:47.0950 1372 MsRPC - ok

20:35:48.0168 1372 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys

20:35:48.0168 1372 mssmbios - ok

20:35:48.0340 1372 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

20:35:48.0340 1372 MSTEE - ok

20:35:48.0527 1372 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

20:35:48.0527 1372 MTConfig - ok

20:35:48.0730 1372 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

20:35:48.0730 1372 Mup - ok

20:35:48.0933 1372 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

20:35:48.0933 1372 NativeWifiP - ok

20:35:49.0182 1372 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys

20:35:49.0182 1372 NDIS - ok

20:35:49.0448 1372 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

20:35:49.0463 1372 NdisCap - ok

20:35:49.0635 1372 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

20:35:49.0635 1372 NdisTapi - ok

20:35:49.0853 1372 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys

20:35:49.0853 1372 Ndisuio - ok

20:35:50.0087 1372 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys

20:35:50.0087 1372 NdisWan - ok

20:35:50.0274 1372 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys

20:35:50.0274 1372 NDProxy - ok

20:35:50.0446 1372 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

20:35:50.0446 1372 NetBIOS - ok

20:35:50.0664 1372 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys

20:35:50.0664 1372 NetBT - ok

20:35:51.0008 1372 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

20:35:51.0008 1372 nfrd960 - ok

20:35:51.0242 1372 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

20:35:51.0242 1372 Npfs - ok

20:35:51.0538 1372 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

20:35:51.0538 1372 nsiproxy - ok

20:35:51.0788 1372 Ntfs (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys

20:35:51.0803 1372 Ntfs - ok

20:35:52.0022 1372 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

20:35:52.0022 1372 Null - ok

20:35:52.0193 1372 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys

20:35:52.0193 1372 nvraid - ok

20:35:52.0365 1372 nvstor (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys

20:35:52.0365 1372 nvstor - ok

20:35:52.0583 1372 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys

20:35:52.0583 1372 nv_agp - ok

20:35:52.0786 1372 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys

20:35:52.0786 1372 ohci1394 - ok

20:35:53.0051 1372 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

20:35:53.0051 1372 Parport - ok

20:35:53.0223 1372 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys

20:35:53.0223 1372 partmgr - ok

20:35:53.0441 1372 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

20:35:53.0441 1372 Parvdm - ok

20:35:53.0722 1372 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys

20:35:53.0722 1372 pci - ok

20:35:53.0956 1372 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys

20:35:53.0956 1372 pciide - ok

20:35:54.0143 1372 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

20:35:54.0143 1372 pcmcia - ok

20:35:54.0315 1372 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

20:35:54.0315 1372 pcw - ok

20:35:54.0596 1372 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

20:35:54.0611 1372 PEAUTH - ok

20:35:55.0032 1372 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

20:35:55.0032 1372 PptpMiniport - ok

20:35:55.0266 1372 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

20:35:55.0266 1372 Processor - ok

20:35:55.0578 1372 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

20:35:55.0578 1372 Psched - ok

20:35:55.0812 1372 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

20:35:55.0828 1372 ql2300 - ok

20:35:56.0046 1372 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

20:35:56.0062 1372 ql40xx - ok

20:35:56.0280 1372 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

20:35:56.0280 1372 QWAVEdrv - ok

20:35:56.0452 1372 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

20:35:56.0452 1372 RasAcd - ok

20:35:56.0655 1372 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

20:35:56.0655 1372 RasAgileVpn - ok

20:35:56.0873 1372 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

20:35:56.0873 1372 Rasl2tp - ok

20:35:57.0170 1372 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

20:35:57.0170 1372 RasPppoe - ok

20:35:57.0388 1372 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

20:35:57.0388 1372 RasSstp - ok

20:35:57.0622 1372 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys

20:35:57.0622 1372 rdbss - ok

20:35:57.0794 1372 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

20:35:57.0809 1372 rdpbus - ok

20:35:57.0981 1372 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys

20:35:57.0981 1372 RDPCDD - ok

20:35:58.0215 1372 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

20:35:58.0215 1372 RDPENCDD - ok

20:35:58.0449 1372 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

20:35:58.0449 1372 RDPREFMP - ok

20:35:58.0667 1372 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys

20:35:58.0667 1372 RDPWD - ok

20:35:58.0854 1372 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys

20:35:58.0854 1372 rdyboost - ok

20:35:59.0135 1372 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

20:35:59.0135 1372 rspndr - ok

20:35:59.0307 1372 RSUSBSTOR - ok

20:35:59.0525 1372 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys

20:35:59.0525 1372 RTL8167 - ok

20:35:59.0837 1372 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\windows\system32\DRIVERS\RTL8187Se.sys

20:35:59.0853 1372 RTL8187Se - ok

20:36:00.0056 1372 RtsUIR - ok

20:36:00.0243 1372 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys

20:36:00.0243 1372 sbp2port - ok

20:36:00.0430 1372 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys

20:36:00.0430 1372 scfilter - ok

20:36:00.0680 1372 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

20:36:00.0680 1372 secdrv - ok

20:36:00.0914 1372 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

20:36:00.0914 1372 Serenum - ok

20:36:01.0132 1372 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

20:36:01.0132 1372 Serial - ok

20:36:01.0319 1372 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

20:36:01.0319 1372 sermouse - ok

20:36:01.0584 1372 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

20:36:01.0584 1372 sffdisk - ok

20:36:01.0756 1372 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

20:36:01.0756 1372 sffp_mmc - ok

20:36:01.0959 1372 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\drivers\sffp_sd.sys

20:36:01.0959 1372 sffp_sd - ok

20:36:02.0177 1372 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

20:36:02.0177 1372 sfloppy - ok

20:36:02.0364 1372 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys

20:36:02.0364 1372 sisagp - ok

20:36:02.0614 1372 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

20:36:02.0614 1372 SiSRaid2 - ok

20:36:02.0832 1372 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

20:36:02.0832 1372 SiSRaid4 - ok

20:36:03.0051 1372 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

20:36:03.0051 1372 Smb - ok

20:36:03.0347 1372 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

20:36:03.0347 1372 spldr - ok

20:36:03.0581 1372 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys

20:36:03.0581 1372 srv - ok

20:36:03.0753 1372 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys

20:36:03.0768 1372 srv2 - ok

20:36:03.0924 1372 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys

20:36:03.0924 1372 srvnet - ok

20:36:04.0143 1372 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys

20:36:04.0158 1372 sscdbus - ok

20:36:04.0377 1372 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\windows\system32\DRIVERS\sscdmdfl.sys

20:36:04.0377 1372 sscdmdfl - ok

20:36:04.0626 1372 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\windows\system32\DRIVERS\sscdmdm.sys

20:36:04.0626 1372 sscdmdm - ok

20:36:04.0829 1372 sscdserd (751e66eb32efa80633b80f5d7ff0a1d8) C:\windows\system32\DRIVERS\sscdserd.sys

20:36:04.0829 1372 sscdserd - ok

20:36:05.0126 1372 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

20:36:05.0141 1372 stexstor - ok

20:36:05.0328 1372 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys

20:36:05.0328 1372 swenum - ok

20:36:05.0547 1372 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys

20:36:05.0562 1372 SynTP - ok

20:36:05.0890 1372 Tcpip (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\drivers\tcpip.sys

20:36:05.0937 1372 Tcpip - ok

20:36:06.0202 1372 TCPIP6 (c2daaeb48f3a47c410b041a0d2382ee1) C:\windows\system32\DRIVERS\tcpip.sys

20:36:06.0218 1372 TCPIP6 - ok

20:36:06.0374 1372 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys

20:36:06.0374 1372 tcpipreg - ok

20:36:06.0670 1372 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys

20:36:06.0670 1372 tdcmdpst - ok

20:36:06.0888 1372 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys

20:36:06.0888 1372 TDPIPE - ok

20:36:07.0091 1372 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys

20:36:07.0091 1372 TDTCP - ok

20:36:07.0263 1372 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys

20:36:07.0263 1372 tdx - ok

20:36:07.0481 1372 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys

20:36:07.0481 1372 TermDD - ok

20:36:07.0887 1372 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys

20:36:07.0902 1372 tssecsrv - ok

20:36:08.0090 1372 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys

20:36:08.0090 1372 tunnel - ok

20:36:08.0308 1372 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS

20:36:08.0308 1372 TVALZ - ok

20:36:08.0526 1372 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

20:36:08.0526 1372 uagp35 - ok

20:36:08.0714 1372 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys

20:36:08.0714 1372 udfs - ok

20:36:08.0963 1372 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys

20:36:08.0963 1372 uliagpkx - ok

20:36:09.0135 1372 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys

20:36:09.0135 1372 umbus - ok

20:36:09.0353 1372 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

20:36:09.0353 1372 UmPass - ok

20:36:09.0587 1372 usbbus (9419faac6552a51542dbba02971c841c) C:\windows\system32\DRIVERS\lgusbbus.sys

20:36:09.0587 1372 usbbus - ok

20:36:09.0774 1372 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\drivers\usbccgp.sys

20:36:09.0774 1372 usbccgp - ok

20:36:09.0993 1372 USBCCID - ok

20:36:10.0211 1372 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys

20:36:10.0274 1372 usbcir - ok

20:36:10.0461 1372 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\windows\system32\DRIVERS\lgusbdiag.sys

20:36:10.0461 1372 UsbDiag - ok

20:36:10.0679 1372 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\DRIVERS\usbehci.sys

20:36:10.0679 1372 usbehci - ok

20:36:10.0866 1372 usbhub (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys

20:36:10.0866 1372 usbhub - ok

20:36:11.0054 1372 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\windows\system32\DRIVERS\lgusbmodem.sys

20:36:11.0054 1372 USBModem - ok

20:36:11.0272 1372 usbohci (eb2d819a639015253c871cda09d91d58) C:\windows\system32\DRIVERS\usbohci.sys

20:36:11.0272 1372 usbohci - ok

20:36:11.0490 1372 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

20:36:11.0490 1372 usbprint - ok

20:36:11.0646 1372 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS

20:36:11.0646 1372 USBSTOR - ok

20:36:11.0818 1372 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys

20:36:11.0818 1372 usbuhci - ok

20:36:12.0052 1372 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys

20:36:12.0052 1372 vdrvroot - ok

20:36:12.0364 1372 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

20:36:12.0426 1372 vga - ok

20:36:12.0645 1372 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

20:36:12.0645 1372 VgaSave - ok

20:36:12.0941 1372 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys

20:36:12.0941 1372 vhdmp - ok

20:36:13.0191 1372 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys

20:36:13.0191 1372 viaagp - ok

20:36:13.0409 1372 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

20:36:13.0409 1372 ViaC7 - ok

20:36:13.0628 1372 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys

20:36:13.0643 1372 viaide - ok

20:36:13.0830 1372 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys

20:36:13.0830 1372 volmgr - ok

20:36:14.0049 1372 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

20:36:14.0049 1372 volmgrx - ok

20:36:14.0267 1372 volsnap (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys

20:36:14.0283 1372 volsnap - ok

20:36:14.0439 1372 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

20:36:14.0439 1372 vsmraid - ok

20:36:14.0688 1372 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

20:36:14.0688 1372 vwifibus - ok

20:36:14.0876 1372 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

20:36:14.0876 1372 vwififlt - ok

20:36:15.0094 1372 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

20:36:15.0094 1372 WacomPen - ok

20:36:15.0312 1372 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

20:36:15.0312 1372 WANARP - ok

20:36:15.0328 1372 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys

20:36:15.0328 1372 Wanarpv6 - ok

20:36:15.0531 1372 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

20:36:15.0531 1372 Wd - ok

20:36:15.0765 1372 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

20:36:15.0780 1372 Wdf01000 - ok

20:36:16.0077 1372 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

20:36:16.0077 1372 WfpLwf - ok

20:36:16.0311 1372 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

20:36:16.0326 1372 WIMMount - ok

20:36:16.0654 1372 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys

20:36:16.0654 1372 WinUsb - ok

20:36:16.0841 1372 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys

20:36:16.0841 1372 WmiAcpi - ok

20:36:17.0106 1372 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

20:36:17.0106 1372 ws2ifsl - ok

20:36:17.0340 1372 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

20:36:17.0340 1372 WudfPf - ok

20:36:17.0528 1372 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

20:36:17.0528 1372 WUDFRd - ok

20:36:17.0652 1372 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0

20:36:17.0652 1372 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected

20:36:17.0652 1372 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)

20:36:17.0730 1372 Boot (0x1200) (d3d7be52a601234197775f17478fffea) \Device\Harddisk0\DR0\Partition0

20:36:17.0730 1372 \Device\Harddisk0\DR0\Partition0 - ok

20:36:17.0730 1372 ============================================================

20:36:17.0730 1372 Scan finished

20:36:17.0730 1372 ============================================================

20:36:17.0808 0968 Detected object count: 1

20:36:17.0808 0968 Actual detected object count: 1

20:36:45.0701 0968 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot

20:36:45.0701 0968 \Device\Harddisk0\DR0 - ok

20:36:45.0701 0968 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure

20:36:49.0336 1072 Deinitialize success

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=e701ed338d999b4fb5f9172196eef652

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-10-23 04:54:57

# local_time=2011-10-22 09:54:57 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776573 100 94 0 70887267 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=114355

# found=0

# cleaned=0

# scan_time=3222

Link to post
Share on other sites

Fantastic & Excellent job!

Your scans are all coming up clean now and the rootkit that was causing your redirect problems been disinfected.

We have a perform a few "housekeeping" steps to remove the clean-up tools that we used!!

If I asked You to download OTL, TDSSKiller, MBRCheck or mbr.exe, please delete these programs from your Desktop (or their download location).

To remove Combofix and it's quarantine folder:

Click Start -> Run, and copy/paste the following bolded text in the Open: box and select OK:

combofix /uninstall

This will do the following:

  • Uninstall Combofix and all its associated files and folders.
  • Flush your system restore points and create a new restore point.
  • Rehide your system files and folders
  • Reset your system clock
  • Disable autorun to prevent you from contracting USB transferred infections. You can still access all plugged in devices via My Computer (or Computer in Vista & W7) or by hitting the (Windows key + E) simultaneously to open Windows Explorer.

---

Here are some additional measures you should take to keep your system in good working order and ensure your continued security.

1. Scan your system for outdated versions of commonly used software applications that may also cause your PC be vulnerable, using the Secunia Online Software Inspector (OSI) by clicking the Start Scanner button. This is very important because recent statistics confirm that an overwhelming majority of infections are aquired through application not Operating System flaws. Commonly used programs like Quicktime, Java, and Adobe Acrobat Reader, itunes, FlashPlayer and many others are frequently targeted today. You can make your computer much more secure if you update to the most current versions of these programs and any others that Secunia alerts you to.

Just click the "Start Scanner" button to get a listing of all outdated and possibly insecure resident programs.

Note: If your firewall prompts you about access, allow it.

2. Keep MBAM as an on demand scanner because I highly recommend it, and the quick scan will find most all active malware in minutes.

3. You can reduce your startups by downloading Malwarebyte's StartUp Lite and saving it to a convenient location. Just double-click StartUpLite.exe. Then, check the options you would like based on the descriptions provided, then select continue. This will free up system resources because nonessential background programs will no longer be running when you start up your computer.

4. You should visit the Windows Updates website, and obtain the most current Operating System updates/patches, and Internet Explorer released versions.

  • The easiest and fastest way to obtain Windows Updates is by clicking Control Panel -> Windows Update.
  • However, setting your computer to download and install updates automatically will relieve you of the responsibility of doing this on a continual basis. It is important to periodically check that Windows Updates is functioning properly because many threats disable it as part of their strategy to compromise your system. Windows Updates (including a new Microsoft Malicious Software Removal Tool (MSRT)) are released on the second Tuesday of every month.

5. Always run a fully updated antivirus with active protection enabled, and perform a complete system scan at least once per week.

Finally, please review the additional suggestions offered by Tony Klein in How did I get infected in the first place. so you can maintain a safe and secure computing environment.

Happy Surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.