Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Vista Malware Virus and suspected "Bot" activity


  • Please log in to reply

#1
kaos_1971

kaos_1971

    New Member

  • Member
  • Pip
  • 7 posts
Want to express my thanks beforehand to all the volunteers that make this site possible!
Today I was online and the Windows Vista Malware popup appeared. Immediatly I ran Malwarebytes and Super AntiSpyware. Malwarebytes was the only one that found anything and cleaned them up. Thought I was good because I hadnt had a popup since then. Then I get an email from my ISP provider stating I had suspected "Bot" activity on my ISP. Ran Malwarebytes, Antivirus and the Super Antispyware again and none of them found anything.

Here is my OTL log:

OTL logfile created on: 9/5/2011 7:31:50 PM - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Joe\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 30.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.55 Gb Total Space | 171.13 Gb Free Space | 59.31% Space Free | Partition Type: NTFS

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/09 07:27:45 | 000,142,848 | ---- | M] () -- C:\Program Files (x86)\BB Lite\BB Lite.exe
PRC - [2011/07/07 17:33:25 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/12/25 13:06:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
PRC - [2008/04/17 02:21:24 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2008/04/17 02:19:16 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2008/04/15 18:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (SafeList) ==========

MOD - [2011/07/04 06:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010/12/25 13:06:58 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/01 21:19:01 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/04/30 21:20:42 | 001,371,136 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008/04/30 20:42:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008/04/24 19:57:40 | 000,084,992 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV:64bit: - [2008/02/06 14:50:18 | 000,434,016 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 12:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2007/12/03 18:04:48 | 000,175,104 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV:64bit: - [2007/11/21 17:53:16 | 000,135,168 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/17 10:50:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/28 04:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/04 16:46:22 | 000,046,392 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2008/07/18 21:39:30 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/05/28 18:20:16 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/04/17 02:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/15 18:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/04/03 23:01:28 | 000,036,864 | ---- | M] (TOSHIBA Corporation.) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ipinip.sys -- (IpInIp)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/04 06:32:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/06/23 10:21:34 | 000,318,568 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/08/14 11:40:44 | 000,260,144 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008/07/18 19:52:16 | 000,504,912 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/06/12 19:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/04/28 07:38:12 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2008/04/15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/02 19:27:18 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/02/29 15:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/20 21:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007/12/20 17:10:50 | 000,028,200 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV:64bit: - [2007/12/11 15:03:36 | 000,027,272 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2007/11/09 15:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2006/11/20 00:11:06 | 000,008,704 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2006/11/09 01:34:00 | 000,237,568 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10n64.sys -- (KR10N64)
DRV:64bit: - [2006/11/09 01:33:00 | 000,248,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\kr10i64.sys -- (KR10I64)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/01/25 17:22:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/27 04:01:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/09/05 18:04:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: pscnow.com ([citrix] https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\toshiba_1920x1200-1.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/05 18:13:30 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\temp
[2011/09/05 18:04:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/09/05 17:23:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/05 17:23:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/05 17:23:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/05 17:23:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/05 17:23:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/05 17:15:52 | 004,195,482 | R--- | C] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe
[2011/09/05 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/09/01 21:18:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\SUPERAntiSpyware.com
[2011/09/01 21:14:04 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/08/28 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\RedNeck Beach
[2011/08/22 22:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/22 22:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/22 22:04:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/08/22 21:58:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/08/16 18:05:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/08/08 19:52:06 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Destin11
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/05 19:21:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 19:21:46 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/05 18:10:26 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/05 18:10:26 | 000,607,406 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/05 18:10:26 | 000,105,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/05 18:04:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/05 18:02:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/05 17:16:02 | 004,195,482 | R--- | M] (Swearware) -- C:\Users\Joe\Desktop\ComboFix.exe
[2011/09/05 08:09:02 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/01 21:14:03 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/28 22:22:19 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 20:30:18 | 000,050,711 | ---- | M] () -- C:\Users\Joe\Documents\UPS.pdf
[2011/08/23 20:29:19 | 000,015,980 | ---- | M] () -- C:\Users\Joe\Documents\UPS.docx
[2011/08/22 22:05:08 | 000,001,705 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 21:59:08 | 000,001,767 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/20 11:04:08 | 000,030,720 | ---- | M] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/13 16:44:58 | 000,015,946 | ---- | M] () -- C:\Users\Joe\Documents\Cover LetterSIE.docx
[2011/08/09 07:34:27 | 000,058,368 | ---- | M] () -- C:\Users\Joe\Documents\Resume.doc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/05 17:23:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/05 17:23:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/05 17:23:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/05 17:23:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/05 17:23:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/05 08:09:02 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/09/01 21:14:03 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 20:30:16 | 000,050,711 | ---- | C] () -- C:\Users\Joe\Documents\UPS.pdf
[2011/08/23 20:29:18 | 000,015,980 | ---- | C] () -- C:\Users\Joe\Documents\UPS.docx
[2011/08/22 22:05:08 | 000,001,705 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/08/22 21:59:07 | 000,001,767 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/13 16:44:57 | 000,015,946 | ---- | C] () -- C:\Users\Joe\Documents\Cover LetterSIE.docx
[2011/08/09 07:33:42 | 000,058,368 | ---- | C] () -- C:\Users\Joe\Documents\Joel Friske Resume.doc
[2011/07/24 21:26:38 | 000,000,680 | ---- | C] () -- C:\Users\Joe\AppData\Local\d3d9caps.dat
[2011/06/04 16:41:00 | 000,000,077 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\Rim.Desktop.Exception.log
[2011/06/04 16:39:54 | 000,001,153 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
[2011/06/04 16:26:28 | 000,427,640 | ---- | C] () -- C:\Users\Joe\AppData\Local\dd_vcredistMSI52BF.txt
[2011/06/04 16:26:28 | 000,011,452 | ---- | C] () -- C:\Users\Joe\AppData\Local\dd_vcredistUI52BF.txt
[2011/02/06 16:31:48 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/25 17:25:41 | 000,000,697 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\ConvAPIPlugin.log
[2011/01/25 17:17:17 | 000,000,882 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/11/27 21:23:24 | 000,030,720 | ---- | C] () -- C:\Users\Joe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/23 12:46:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/11/23 12:45:08 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/11/21 18:51:00 | 000,426,140 | ---- | C] () -- C:\Users\Joe\AppData\Local\dd_vcredistMSI3D6C.txt
[2010/11/21 18:50:59 | 000,011,590 | ---- | C] () -- C:\Users\Joe\AppData\Local\dd_vcredistUI3D6C.txt
[2010/11/21 18:30:32 | 000,000,016 | RHS- | C] () -- C:\Windows\SysWow64\drivers\fbd.sys
[2010/11/21 17:56:33 | 000,128,113 | ---- | C] () -- C:\Windows\SysWow64\csellang.ini
[2010/11/21 17:56:33 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\csellang.dll
[2010/11/21 17:56:33 | 000,007,671 | ---- | C] () -- C:\Windows\SysWow64\cseltbl.ini
[2008/08/18 13:37:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/08/18 13:23:51 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2008/08/18 13:23:51 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2008/08/18 13:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2008/08/18 13:23:51 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2008/08/18 13:23:51 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2008/08/18 13:23:51 | 000,020,480 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

========== LOP Check ==========

[2011/07/07 22:46:25 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\BigBrotherLite
[2011/06/04 18:03:22 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Blackberry Desktop
[2010/12/17 21:58:09 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\GARMIN
[2010/12/20 19:32:57 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\ICAClient
[2011/06/04 16:41:40 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Research In Motion
[2011/09/05 18:01:44 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Is Comcast your ISP? They have been sending out notices to everyone, infected or not, but let's make sure you are clean:

If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan


On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply

Ron
  • 0

#3
kaos_1971

kaos_1971

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7659

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

9/6/2011 8:57:48 PM
mbam-log-2011-09-06 (20-57-48).txt

Scan type: Quick scan
Objects scanned: 181123
Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#4
kaos_1971

kaos_1971

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Just ran ComboFix and it did its thing and rebooted... then before it could finish. got the bluescreen saying physical memory dump and i restarted the computer.
Here is what the error message said:
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 1000007e
BCP1: FFFFFFFFC0000005
BCP2: FFFFF8000294A3A0
BCP3: FFFFFA60019E7908
BCP4: FFFFFA60019E72E0
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini090611-01.dmp
C:\Users\Joe\AppData\Local\temp\WER-63180-0.sysdata.xml
C:\Users\Joe\AppData\Local\temp\WER7898.tmp.version.txt

Read our privacy statement:
http://go.microsoft....63&clcid=0x0409

Running ComboFix again
  • 0

#5
kaos_1971

kaos_1971

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ComboFix 11-09-06.03 - Joe 09/06/2011 21:33:54.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3963.2340 [GMT -5:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-08-07 to 2011-09-07 )))))))))))))))))))))))))))))))
.
.
2011-09-07 02:40 . 2011-09-07 02:42 -------- d-----w- c:\users\Joe\AppData\Local\temp
2011-09-07 02:40 . 2011-09-07 02:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-06 06:52 . 2011-08-12 04:10 8862544 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A09B287-22F6-452A-82C9-BD9CB3447AAC}\mpengine.dll
2011-09-05 21:49 . 2011-09-05 21:49 -------- d-----w- c:\program files (x86)\ESET
2011-09-02 02:18 . 2011-09-02 02:18 -------- d-----w- c:\users\Joe\AppData\Roaming\SUPERAntiSpyware.com
2011-09-02 02:14 . 2011-09-02 02:14 -------- d-----w- c:\programdata\!SASCORE
2011-08-24 12:35 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 12:35 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-23 03:04 . 2011-08-23 03:04 -------- d-----w- c:\program files\iPod
2011-08-23 03:04 . 2011-08-23 03:05 -------- d-----w- c:\program files\iTunes
2011-08-23 03:04 . 2011-08-23 03:05 -------- d-----w- c:\program files (x86)\iTunes
2011-08-23 02:59 . 2011-08-23 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-23 02:59 . 2011-08-23 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-23 02:59 . 2011-08-23 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-23 02:59 . 2011-08-23 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-23 02:59 . 2011-08-23 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-23 02:59 . 2011-08-23 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-23 02:59 . 2011-08-23 02:59 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-23 02:58 . 2011-08-23 02:59 -------- d-----w- c:\program files (x86)\QuickTime
2011-08-09 22:24 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-09 22:24 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-08-09 22:24 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 22:24 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 22:24 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-09 22:24 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-12 16:34 . 2011-07-12 16:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:34 . 2011-07-12 16:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:34 . 2011-07-12 16:34 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:34 . 2011-07-12 16:34 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-07-07 22:33 . 2011-07-07 22:23 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-07 00:52 . 2010-12-25 18:32 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-12-25 18:32 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-07-04 11:43 . 2010-11-21 23:50 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-11-21 23:50 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-07-04 11:43 . 2011-01-14 22:59 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-03-08 02:13 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-11-21 23:51 288088 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-11-21 23:51 45400 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-11-21 23:51 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-11-21 23:51 64856 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-11-21 23:51 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-09-05_22.37.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 03:20 . 2011-09-07 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-09-05 22:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2011-09-05 22:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-07 02:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-09-05 22:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-09-07 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-09-07 02:43 53380 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-09-07 02:43 71460 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-11-21 23:28 . 2011-09-07 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-21 23:28 . 2011-09-05 22:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-21 23:28 . 2011-09-05 22:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-11-21 23:28 . 2011-09-07 01:06 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-21 23:28 . 2011-09-05 22:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 23:28 . 2011-09-07 01:06 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-11 22:17 . 2011-09-07 02:40 2984 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2010-11-21 23:32 . 2011-09-07 02:43 7768 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3773203505-1370703415-2769583534-1000_UserData.bin
- 2011-09-05 22:36 . 2011-09-05 22:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-07 02:41 . 2011-09-07 02:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-09-07 02:41 . 2011-09-07 02:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-09-05 22:36 . 2011-09-05 22:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-11-22 09:00 . 2011-09-06 19:33 254878 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-09-04 07:08 607406 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-07 02:32 607406 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-09-07 02:32 105014 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2011-09-04 07:08 105014 c:\windows\system32\perfc009.dat
+ 2011-02-11 22:17 . 2011-09-07 02:40 390872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-11 22:17 . 2011-09-05 22:35 390872 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-11-21 23:24 . 2011-09-05 22:35 1968968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-11-21 23:24 . 2011-09-07 02:40 1968968 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-29 19:09 . 2011-09-07 02:40 1303536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3773203505-1370703415-2769583534-1000-8192.dat
- 2011-04-29 19:09 . 2011-09-05 22:35 1303536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3773203505-1370703415-2769583534-1000-8192.dat
+ 2011-04-29 19:09 . 2011-09-07 02:40 41617048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3773203505-1370703415-2769583534-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-05-19 432640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-02 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 KR10I64;KR10I64;c:\windows\system32\drivers\kr10i64.sys [x]
R4 KR10N64;KR10N64;c:\windows\system32\drivers\kr10n64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-02 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2008-04-04 36864]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2008-08-04 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 175104]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 NETw5v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 84992]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 181784]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1573160]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.toshibadirect.com/dpdstart
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: pscnow.com\citrix
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2011-09-06 21:47:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-07 02:47
ComboFix2.txt 2011-09-05 23:13
ComboFix3.txt 2011-09-05 22:46
.
Pre-Run: 183,127,273,472 bytes free
Post-Run: 183,066,869,760 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 748E1331D7D3A1E238C322D08663859D
  • 0

#6
kaos_1971

kaos_1971

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
2011/09/06 21:53:26.0689 0904 TDSS rootkit removing tool 2.5.19.0 Sep 6 2011 19:23:56
2011/09/06 21:53:27.0110 0904 ================================================================================
2011/09/06 21:53:27.0110 0904 SystemInfo:
2011/09/06 21:53:27.0110 0904
2011/09/06 21:53:27.0110 0904 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/06 21:53:27.0110 0904 Product type: Workstation
2011/09/06 21:53:27.0110 0904 ComputerName: JOE-PC
2011/09/06 21:53:27.0110 0904 UserName: Joe
2011/09/06 21:53:27.0110 0904 Windows directory: C:\Windows
2011/09/06 21:53:27.0110 0904 System windows directory: C:\Windows
2011/09/06 21:53:27.0110 0904 Running under WOW64
2011/09/06 21:53:27.0110 0904 Processor architecture: Intel x64
2011/09/06 21:53:27.0110 0904 Number of processors: 2
2011/09/06 21:53:27.0110 0904 Page size: 0x1000
2011/09/06 21:53:27.0110 0904 Boot type: Normal boot
2011/09/06 21:53:27.0110 0904 ================================================================================
2011/09/06 21:53:27.0438 0904 Initialize success
2011/09/06 21:53:37.0047 2980 ================================================================================
2011/09/06 21:53:37.0047 2980 Scan started
2011/09/06 21:53:37.0047 2980 Mode: Manual;
2011/09/06 21:53:37.0047 2980 ================================================================================
2011/09/06 21:53:37.0609 2980 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/09/06 21:53:37.0780 2980 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/09/06 21:53:37.0874 2980 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/09/06 21:53:37.0936 2980 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/09/06 21:53:37.0968 2980 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/09/06 21:53:38.0061 2980 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/09/06 21:53:38.0139 2980 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/09/06 21:53:38.0248 2980 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/09/06 21:53:38.0311 2980 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/09/06 21:53:38.0389 2980 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/09/06 21:53:38.0420 2980 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/09/06 21:53:38.0482 2980 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/09/06 21:53:38.0592 2980 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/09/06 21:53:38.0638 2980 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/09/06 21:53:38.0701 2980 aswFsBlk (55353cd0da287b2c3782485740965b54) C:\Windows\system32\drivers\aswFsBlk.sys
2011/09/06 21:53:38.0748 2980 aswMonFlt (b38061cdefb71361e0c7547ac60527e8) C:\Windows\system32\drivers\aswMonFlt.sys
2011/09/06 21:53:38.0794 2980 aswRdr (91e7aca95933633b2557f47cdfdb74c3) C:\Windows\system32\drivers\aswRdr.sys
2011/09/06 21:53:38.0857 2980 aswSnx (2b15499f68fad60ce69264a327e9b0f0) C:\Windows\system32\drivers\aswSnx.sys
2011/09/06 21:53:38.0919 2980 aswSP (4d939ecb19dc930056593390d1c87c43) C:\Windows\system32\drivers\aswSP.sys
2011/09/06 21:53:38.0982 2980 aswTdi (d633426c5a207ce21767569aa4946891) C:\Windows\system32\drivers\aswTdi.sys
2011/09/06 21:53:39.0044 2980 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/06 21:53:39.0122 2980 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/09/06 21:53:39.0340 2980 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/09/06 21:53:39.0418 2980 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/06 21:53:39.0496 2980 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/06 21:53:39.0528 2980 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/09/06 21:53:39.0590 2980 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/09/06 21:53:39.0621 2980 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/09/06 21:53:39.0652 2980 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/06 21:53:39.0684 2980 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/09/06 21:53:39.0715 2980 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/09/06 21:53:39.0793 2980 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/06 21:53:39.0840 2980 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/06 21:53:39.0902 2980 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/09/06 21:53:39.0964 2980 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/09/06 21:53:40.0027 2980 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/06 21:53:40.0058 2980 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/09/06 21:53:40.0089 2980 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/06 21:53:40.0136 2980 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/09/06 21:53:40.0214 2980 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/09/06 21:53:40.0276 2980 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/09/06 21:53:40.0339 2980 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/06 21:53:40.0386 2980 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/06 21:53:40.0401 2980 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/06 21:53:40.0464 2980 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/09/06 21:53:40.0542 2980 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/06 21:53:40.0588 2980 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/09/06 21:53:40.0682 2980 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/09/06 21:53:40.0744 2980 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/09/06 21:53:40.0807 2980 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/09/06 21:53:40.0885 2980 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/09/06 21:53:40.0947 2980 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/09/06 21:53:40.0978 2980 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/06 21:53:41.0025 2980 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/09/06 21:53:41.0072 2980 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/09/06 21:53:41.0134 2980 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/06 21:53:41.0181 2980 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/09/06 21:53:41.0244 2980 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/06 21:53:41.0275 2980 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
2011/09/06 21:53:41.0306 2980 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/06 21:53:41.0368 2980 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/06 21:53:41.0478 2980 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/09/06 21:53:41.0571 2980 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/06 21:53:41.0634 2980 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/09/06 21:53:41.0665 2980 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/09/06 21:53:41.0727 2980 HidUsb (d02c82cb3a20f391c8aeff94e8e0baa1) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/06 21:53:41.0774 2980 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/09/06 21:53:41.0852 2980 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/09/06 21:53:41.0914 2980 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/09/06 21:53:41.0961 2980 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/06 21:53:42.0039 2980 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/06 21:53:42.0086 2980 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/09/06 21:53:42.0352 2980 igfx (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/09/06 21:53:42.0477 2980 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/09/06 21:53:42.0555 2980 IntcAzAudAddService (1835b384d2d66752ed1460e9085230bd) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/06 21:53:42.0633 2980 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/09/06 21:53:42.0680 2980 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/06 21:53:42.0758 2980 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/06 21:53:42.0851 2980 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/06 21:53:42.0898 2980 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/06 21:53:42.0961 2980 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/09/06 21:53:42.0992 2980 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/09/06 21:53:43.0039 2980 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/06 21:53:43.0085 2980 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/09/06 21:53:43.0117 2980 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/09/06 21:53:43.0148 2980 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/06 21:53:43.0179 2980 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/06 21:53:43.0241 2980 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
2011/09/06 21:53:43.0288 2980 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
2011/09/06 21:53:43.0351 2980 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/06 21:53:43.0413 2980 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/09/06 21:53:43.0460 2980 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/06 21:53:43.0538 2980 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/06 21:53:43.0569 2980 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/06 21:53:43.0631 2980 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/06 21:53:43.0678 2980 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/09/06 21:53:43.0725 2980 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/09/06 21:53:43.0756 2980 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/09/06 21:53:43.0803 2980 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/09/06 21:53:43.0834 2980 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/06 21:53:43.0865 2980 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/06 21:53:43.0897 2980 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/06 21:53:43.0943 2980 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/09/06 21:53:43.0990 2980 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/09/06 21:53:44.0037 2980 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/06 21:53:44.0068 2980 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/06 21:53:44.0084 2980 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/09/06 21:53:44.0131 2980 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/06 21:53:44.0177 2980 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/06 21:53:44.0209 2980 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/06 21:53:44.0240 2980 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/09/06 21:53:44.0287 2980 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/09/06 21:53:44.0333 2980 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/09/06 21:53:44.0380 2980 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/09/06 21:53:44.0443 2980 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/06 21:53:44.0474 2980 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/06 21:53:44.0521 2980 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/09/06 21:53:44.0583 2980 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/09/06 21:53:44.0645 2980 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/06 21:53:44.0677 2980 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/09/06 21:53:44.0708 2980 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/09/06 21:53:44.0755 2980 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/06 21:53:44.0817 2980 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/09/06 21:53:44.0879 2980 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/06 21:53:44.0895 2980 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/06 21:53:44.0942 2980 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/06 21:53:44.0973 2980 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/09/06 21:53:45.0035 2980 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/06 21:53:45.0098 2980 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/06 21:53:45.0301 2980 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
2011/09/06 21:53:45.0472 2980 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/09/06 21:53:45.0535 2980 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/09/06 21:53:45.0581 2980 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/06 21:53:45.0675 2980 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/09/06 21:53:45.0722 2980 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/09/06 21:53:45.0769 2980 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/09/06 21:53:45.0815 2980 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/09/06 21:53:45.0878 2980 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/09/06 21:53:46.0003 2980 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/09/06 21:53:46.0065 2980 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/09/06 21:53:46.0127 2980 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/09/06 21:53:46.0190 2980 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/09/06 21:53:46.0252 2980 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
2011/09/06 21:53:46.0283 2980 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/09/06 21:53:46.0361 2980 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/09/06 21:53:46.0595 2980 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/06 21:53:46.0642 2980 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/09/06 21:53:46.0720 2980 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/06 21:53:46.0767 2980 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/09/06 21:53:46.0845 2980 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/09/06 21:53:46.0923 2980 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/09/06 21:53:46.0970 2980 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/06 21:53:47.0017 2980 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/06 21:53:47.0063 2980 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/06 21:53:47.0126 2980 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/06 21:53:47.0188 2980 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/06 21:53:47.0235 2980 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/06 21:53:47.0282 2980 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/06 21:53:47.0329 2980 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/09/06 21:53:47.0360 2980 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/06 21:53:47.0422 2980 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/09/06 21:53:47.0531 2980 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2011/09/06 21:53:47.0594 2980 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
2011/09/06 21:53:47.0641 2980 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
2011/09/06 21:53:47.0703 2980 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/06 21:53:47.0781 2980 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/09/06 21:53:47.0812 2980 RTSTOR (108729909ce285a352a1d1cb96bb1b2e) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/09/06 21:53:47.0890 2980 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/09/06 21:53:47.0906 2980 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/09/06 21:53:47.0953 2980 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/06 21:53:48.0031 2980 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/06 21:53:48.0093 2980 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/09/06 21:53:48.0124 2980 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/09/06 21:53:48.0171 2980 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/09/06 21:53:48.0218 2980 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/09/06 21:53:48.0249 2980 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/06 21:53:48.0280 2980 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/06 21:53:48.0311 2980 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/09/06 21:53:48.0358 2980 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/09/06 21:53:48.0389 2980 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/09/06 21:53:48.0467 2980 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/09/06 21:53:48.0545 2980 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/09/06 21:53:48.0608 2980 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/09/06 21:53:48.0655 2980 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/06 21:53:48.0701 2980 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/06 21:53:48.0748 2980 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/06 21:53:48.0811 2980 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/09/06 21:53:48.0842 2980 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/09/06 21:53:48.0873 2980 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/09/06 21:53:48.0935 2980 SynTP (d8edb37f6e235a47e12f1eafd85c2b6f) C:\Windows\system32\DRIVERS\SynTP.sys
2011/09/06 21:53:49.0045 2980 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
2011/09/06 21:53:49.0154 2980 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/06 21:53:49.0217 2980 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/06 21:53:49.0248 2980 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2011/09/06 21:53:49.0295 2980 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/09/06 21:53:49.0342 2980 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/09/06 21:53:49.0373 2980 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/06 21:53:49.0420 2980 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/06 21:53:49.0545 2980 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
2011/09/06 21:53:49.0638 2980 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/06 21:53:49.0654 2980 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/06 21:53:49.0701 2980 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/06 21:53:49.0748 2980 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/09/06 21:53:49.0794 2980 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/09/06 21:53:49.0857 2980 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/06 21:53:49.0919 2980 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/06 21:53:49.0966 2980 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/09/06 21:53:50.0013 2980 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/09/06 21:53:50.0060 2980 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/09/06 21:53:50.0106 2980 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/06 21:53:50.0169 2980 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/09/06 21:53:50.0216 2980 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/06 21:53:50.0262 2980 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/09/06 21:53:50.0325 2980 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/06 21:53:50.0387 2980 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/06 21:53:50.0418 2980 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/09/06 21:53:50.0481 2980 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/06 21:53:50.0528 2980 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/06 21:53:50.0559 2980 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/06 21:53:50.0606 2980 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/06 21:53:50.0699 2980 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/09/06 21:53:50.0762 2980 UVCFTR (060b7863943625e0193a3575c0c59e52) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2011/09/06 21:53:50.0808 2980 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/06 21:53:50.0840 2980 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/09/06 21:53:50.0886 2980 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/09/06 21:53:50.0933 2980 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/09/06 21:53:50.0996 2980 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/09/06 21:53:51.0058 2980 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/09/06 21:53:51.0105 2980 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/09/06 21:53:51.0167 2980 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/09/06 21:53:51.0245 2980 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/06 21:53:51.0261 2980 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/06 21:53:51.0308 2980 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/09/06 21:53:51.0386 2980 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/06 21:53:51.0542 2980 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/06 21:53:51.0620 2980 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/06 21:53:51.0666 2980 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/06 21:53:51.0729 2980 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/06 21:53:51.0776 2980 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/09/06 21:53:51.0807 2980 Boot (0x1200) (3f2369c179dcb579b20afeea438172a3) \Device\Harddisk0\DR0\Partition0
2011/09/06 21:53:51.0822 2980 ================================================================================
2011/09/06 21:53:51.0822 2980 Scan finished
2011/09/06 21:53:51.0822 2980 ================================================================================
2011/09/06 21:53:51.0838 4284 Detected object count: 0
2011/09/06 21:53:51.0838 4284 Actual detected object count: 0
  • 0

#7
kaos_1971

kaos_1971

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ron,
This is the last one. FIXMBR is enabled. And yes, I do use comcast.
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-06 21:56:24
-----------------------------
21:56:24.607 OS Version: Windows x64 6.0.6002 Service Pack 2
21:56:24.607 Number of processors: 2 586 0x170A
21:56:24.607 ComputerName: JOE-PC UserName: Joe
21:56:25.886 Initialize success
21:56:26.011 AVAST engine defs: 11090601
21:56:45.137 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:56:45.152 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:56:45.168 Disk 0 MBR read successfully
21:56:45.183 Disk 0 MBR scan
21:56:45.183 Disk 0 Windows VISTA default MBR code
21:56:45.183 Service scanning
21:56:46.634 Modules scanning
21:56:46.634 Scan finished successfully
21:57:44.021 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\GeekstoGO\MBR.dat"
21:57:44.037 The log file has been saved successfully to "C:\Users\Joe\Desktop\GeekstoGO\aswMBR.txt"
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Logs are clear. I think Comcast is blowing smoke.

You can contact their customer services and ask them if they "still" see any bot activity from your PC but I think they will say that there is nothing there now.

Ron
  • 0

#9
kaos_1971

kaos_1971

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for the help! Thought I had gotten everything until I received the email from comcast!
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)


If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP