Inactive Google Redirect Virus - Windows 7

sketchpimp · 2011/07/12

[Inactive] Google Redirect Virus - Windows 7

Hi,

I really need some help guys, I've tried almost every anti virus tool I can get my hands on and this google redirect just keeps popping up. Undetected by the scanners I use.

Basically when I am in google, no matter if I use mozilla or internet exlorer, I click on a search link and I am redirected to some random site.

It is really annoying, should I have AVG installed? I have it on right now, but it doesn't help at all.

Thanks in advance.

Sam

PeteC · 2011/07/12

Welcome to WindowsBBS

Please read this as indicated at the head of the forum and post the logs requested in this thread.

sketchpimp · 2011/07/12

Hi there

Thanks for the reply!

Anyhow here are the logs:

Mbam log:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7083

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

12/07/2011 6:34:02 PM
mbam-log-2011-07-12 (18-34-02).txt

Scan type: Quick scan
Objects scanned: 159862
Time elapsed: 4 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------
GMER details:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-12 18:58:53
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O
Running: 2vt06imc.exe; Driver: C:\Users\Flipmods\AppData\Local\Temp\awrdakoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9CDB07A0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9CDB0848]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9CDB08E4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9CDB0980]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8345F579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83483F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 8348B9E8 4 Bytes [A0, 07, DB, 9C]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 8348BCB8 4 Bytes [48, 08, DB, 9C] {DEC EAX; OR BL, BL; PUSHF }
.text ntkrnlpa.exe!RtlSidHashLookup + 7BE 8348BCBE 2 Bytes [DB, 9C]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 8348BD2C 4 Bytes [80, 09, DB, 9C] {OR BYTE [ECX], 0xdb; PUSHF }
.text C:\windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8BF1D000, 0x3C849, 0xE8000020]
.dsrt C:\windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8BF62000, 0x3DC, 0x48000040]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[7276] ntdll.dll!LdrLoadDll 776DF585 5 Bytes JMP 00C51410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[7276] WS2_32.dll!closesocket 76D93BED 5 Bytes JMP 0042000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[7276] WS2_32.dll!connect 76D948BE 5 Bytes JMP 0041000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[7276] WS2_32.dll!getaddrinfo 76D96737 5 Bytes JMP 0045000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[7276] WS2_32.dll!send 76D9C4C8 5 Bytes JMP 0043000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[7276] WS2_32.dll!gethostbyname 76DA7133 5 Bytes JMP 0044000A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8028] USER32.dll!SetWindowLongA 755EB1E3 5 Bytes JMP 5E66EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8028] USER32.dll!SetWindowLongW 755F6614 5 Bytes JMP 5E66ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8028] USER32.dll!GetWindowInfo 755F6A82 5 Bytes JMP 5E485451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[8028] USER32.dll!TrackPopupMenu 75614B3B 5 Bytes JMP 5E485A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\Thpdrv \Device\THPDRV1 8790A1ED
Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- Threads - GMER 1.0.15 ----

Thread SYSTEM [4:312] 8790EE7A
Thread SYSTEM [4:316] 87911008

---- EOF - GMER 1.0.15 ----

---------------------------
aswMBR details:

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-12 19:00:32
-----------------------------
19:00:32.306 OS Version: Windows 6.1.7600
19:00:32.306 Number of processors: 2 586 0x170A
19:00:32.308 ComputerName: FLIPMODS-PC UserName: Flipmods
19:00:34.685 Initialize success
19:00:50.435 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:00:50.438 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
19:00:50.505 Disk 0 MBR read successfully
19:00:50.508 Disk 0 MBR scan
19:00:50.511 Disk 0 unknown MBR code
19:00:50.531 Disk 0 scanning sectors +976773120
19:00:50.972 Disk 0 scanning C:\windows\system32\drivers
19:01:26.620 File: C:\windows\system32\drivers\volsnap.sys **SUSPICIOUS**
19:01:28.164 Service scanning
19:01:29.550 Disk 0 trace - called modules:
19:01:29.617 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8790a1ed]<<
19:01:29.622 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x878d9ac8]
19:01:29.629 3 CLASSPNP.SYS[8bfc259e] -> nt!IofCallDriver -> \Device\THPDRV1[0x878d8030]
19:01:29.636 \Driver\Thpdrv[0x87895640] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8790a1ed
19:01:29.642 Scan finished successfully
19:02:21.917 Disk 0 MBR has been saved successfully to "C:\Users\Flipmods\Desktop\MBR.dat "
19:02:21.927 The log file has been saved successfully to "C:\Users\Flipmods\Desktop\aswMBR.txt "

-----------------------------------
DDS details:
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Flipmods at 19:04:52 on 2011-07-12
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3037.1216 [GMT 10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\windows\system32\FsUsbExService.Exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\nvvsvc.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\explorer.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [TRCMan] c:\program files\toshiba\trcman\TRCMan.exe
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\flipmods\appdata\roaming\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{75E5EF38-2FC4-4892-B64D-8B4C9A63F054} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{75E5EF38-2FC4-4892-B64D-8B4C9A63F054} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{75E5EF38-2FC4-4892-B64D-8B4C9A63F054}\24967605F6E646648393636423 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{75E5EF38-2FC4-4892-B64D-8B4C9A63F054}\24967605F6E646648393636423 : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{75E5EF38-2FC4-4892-B64D-8B4C9A63F054}\64C69607D6F64637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{75E5EF38-2FC4-4892-B64D-8B4C9A63F054}\E4544574541425D22343D274 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\flipmods\appdata\roaming\mozilla\firefox\profiles\decmet88.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e1bc2d8&i=23&tp=ab&nt=1&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-7-12 54112]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl815fbca4;MpKsl815fbca4;c:\programdata\microsoft\microsoft antimalware\definition updates\{f2fffbdb-172b-4487-b917-bc68ffd10b65}\MpKsl815fbca4.sys [2011-7-12 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-2-26 233472]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-20 366640]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2011-6-14 4807536]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2009-6-30 59904]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [2009-5-20 11776]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [2008-4-25 5632]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-2-26 36608]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-8-1 116136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-12 22712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-6-27 66080]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2011-2-3 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-2-3 167936]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-2-3 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-11 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-11 135664]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-15 4231680]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-6-14 10752]
.
=============== Created Last 30 ================
.
2011-07-12 08:20:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-12 07:59:09 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0e9cbf08-cfc6-4973-8735-273a8d8af61c}\gapaengine.dll
2011-07-12 07:59:08 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2fffbdb-172b-4487-b917-bc68ffd10b65}\MpKsl815fbca4.sys
2011-07-12 07:59:02 7074640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{f2fffbdb-172b-4487-b917-bc68ffd10b65}\mpengine.dll
2011-07-12 07:52:46 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-12 07:52:33 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-07-12 07:52:33 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-12 03:42:05 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-29 03:39:41 -------- d-----w- c:\program files\ESET
2011-06-26 02:38:18 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-26 02:38:18 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-23 06:23:48 -------- d-----w- c:\program files\CCleaner
2011-06-23 06:21:04 -------- d-----w- C:\!KillBox
2011-06-22 12:00:55 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-22 09:50:15 -------- d-----w- c:\users\flipmods\appdata\roaming\AVG10
2011-06-22 09:49:36 -------- d--h--w- c:\programdata\Common Files
2011-06-22 09:48:13 -------- d-----w- c:\programdata\AVG10
2011-06-22 09:47:24 -------- d-----w- c:\program files\AVG
2011-06-22 09:42:16 -------- d-----w- c:\programdata\MFAData
2011-06-21 11:18:48 -------- d-----w- c:\users\flipmods\appdata\local\temp
2011-06-21 11:11:49 98816 ----a-w- c:\windows\sed.exe
2011-06-21 11:11:49 518144 ----a-w- c:\windows\SWREG.exe
2011-06-21 11:11:49 256512 ----a-w- c:\windows\PEV.exe
2011-06-21 11:11:49 208896 ----a-w- c:\windows\MBR.exe
2011-06-21 04:25:57 -------- d-----w- c:\users\flipmods\appdata\roaming\Vepeog
2011-06-21 04:25:57 -------- d-----w- c:\users\flipmods\appdata\roaming\Cibamo
2011-06-21 02:37:25 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1f8a5f57-ad5e-4ca4-9e3a-1ddcaf8c2144}\mpengine.dll
2011-06-20 06:26:54 -------- d-----w- c:\users\flipmods\appdata\roaming\Malwarebytes
2011-06-20 06:26:45 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-20 06:26:44 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 06:26:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-20 04:46:25 -------- d-----w- c:\users\flipmods\appdata\local\Mozilla
2011-06-20 04:20:17 -------- d-----w- c:\users\flipmods\appdata\local\ElevatedDiagnostics
2011-06-14 03:26:00 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2011-06-14 03:26:00 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2011-06-14 03:26:00 339968 ----a-w- c:\windows\system32\N124UFW.dll
2011-06-14 03:25:56 -------- d-----w- C:\CanoScan
2011-06-14 03:21:01 -------- d-----w- c:\users\flipmods\appdata\roaming\WTablet
2011-06-14 03:20:56 -------- d-----w- c:\program files\TabletPlugins
2011-06-14 03:20:53 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-06-14 03:20:51 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-06-14 03:20:41 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-06-14 03:20:40 644976 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2011-06-14 03:20:40 506736 ----a-w- c:\windows\system32\Wintab32.dll
2011-06-14 03:20:38 -------- d-----w- c:\program files\Tablet
2011-06-14 03:17:38 77824 ------w- c:\windows\system32\brlmw03a.dll
2011-06-14 03:17:38 -------- d-----w- c:\program files\Brownie
2011-06-14 03:17:12 24223 ----a-w- c:\windows\system32\BRLM03A.DLL
2011-06-14 03:17:12 200704 ------w- c:\windows\system32\Pdrvinst.dll
2011-06-14 03:17:12 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
2011-06-14 03:17:12 111928 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2011-06-14 03:17:12 -------- d-----w- c:\program files\Brother
2011-06-14 03:16:58 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iKernel.dll
2011-06-14 03:16:58 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\ctor.dll
2011-06-14 03:16:58 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\DotNetInstaller.exe
2011-06-14 03:16:58 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iscript.dll
2011-06-14 03:16:58 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iGdi.dll
2011-06-14 03:16:58 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\iuser.dll
2011-06-14 03:16:57 303236 ----a-w- c:\program files\common files\installshield\professional\runtime\10\00\intel32\setup.dll
2011-06-13 11:20:57 -------- d-----w- c:\program files\Veetle
2011-06-13 00:48:09 -------- d-----w- c:\program files\common files\Macromedia
2011-06-13 00:48:07 -------- d-----w- c:\program files\Macromedia
2011-06-13 00:35:21 16384 ----a-w- c:\windows\system32\FileOps.exe
2011-06-13 00:35:21 -------- d-----w- c:\windows\system32\Adobe
2011-06-13 00:33:10 -------- d-----w- c:\windows\Adobe Illustrator CS
2011-06-13 00:33:08 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2011-06-13 00:33:08 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2011-06-13 00:33:08 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2011-06-13 00:33:08 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2011-06-13 00:33:08 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2011-06-13 00:33:07 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2011-06-13 00:33:07 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2011-06-13 00:24:42 409600 ------w- c:\program files\common files\installshield\driver\10\intel 32\ISRT.dll
2011-06-13 00:24:42 32768 ------w- c:\program files\common files\installshield\driver\10\intel 32\objpscnv.dll
2011-06-13 00:24:42 266240 ------w- c:\program files\common files\installshield\driver\10\intel 32\IScrCnv.dll
2011-06-13 00:24:42 180224 ------w- c:\program files\common files\installshield\driver\10\intel 32\iGdiCnv.dll
2011-06-13 00:24:42 172032 ------w- c:\program files\common files\installshield\driver\10\intel 32\IUserCnv.dll
2011-06-13 00:24:41 761856 ------w- c:\program files\common files\installshield\driver\10\intel 32\IDriver.exe
2011-06-13 00:24:41 540772 ------w- c:\program files\common files\installshield\driver\10\intel 32\_ISRES1033.dll
2011-06-13 00:20:58 -------- d-----w- c:\windows\WinRAR
2011-06-13 00:18:37 -------- d-----w- c:\program files\common files\Adobe Systems Shared
2011-06-12 23:57:36 -------- d-----w- c:\users\flipmods\appdata\roaming\Python-Eggs
2011-06-12 23:57:34 -------- d-----w- c:\users\flipmods\appdata\roaming\BitLord
2011-06-12 23:55:36 -------- d-----w- c:\program files\BitLord 1.2
.
==================== Find3M ====================
.
2011-06-23 06:27:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-27 05:25:24 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-18 03:18:50 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 03:18:50 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2011-04-14 11:28:30 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
.
============= FINISH: 19:05:39.60 ===============

Attach details:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/02/2011 7:31:30 PM
System Uptime: 12/07/2011 5:54:16 PM (2 hours ago)
.
Motherboard: TOSHIBA | | KSKAA
Processor: Intel(R) Core(TM)2 Duo CPU P7450 @ 2.13GHz | U2E1 | 2133/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 414.363 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP13: 20/06/2011 4:01:25 PM - Safe Point
RP14: 21/06/2011 12:37:09 PM - Windows Update
RP15: 21/06/2011 12:43:46 PM - Windows Update
RP16: 21/06/2011 8:40:38 PM - Windows Modules Installer
RP17: 22/06/2011 7:47:08 PM - Installed AVG 2011
RP18: 22/06/2011 7:47:34 PM - Installed AVG 2011
RP19: 22/06/2011 8:47:37 PM - Removed AVG 2011
RP20: 22/06/2011 8:49:44 PM - Removed AVG 2011
RP21: 22/06/2011 10:03:51 PM - Removed Java(TM) 6 Update 14
RP22: 22/06/2011 10:04:41 PM - Removed Adobe Reader 9.1.
RP23: 22/06/2011 10:13:13 PM - Installed HiJackThis
RP24: 23/06/2011 4:29:06 PM - Removed HiJackThis
RP25: 2/07/2011 9:40:20 AM - Installed Adobe Reader X (10.1.0).
RP26: 12/07/2011 1:41:11 PM - Installed AVG 2011
RP27: 12/07/2011 1:41:36 PM - Installed AVG 2011
RP28: 12/07/2011 5:52:20 PM - Windows Update
RP29: 12/07/2011 5:58:29 PM - Windows Update
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Photoshop CS2
Adobe Reader X (10.1.0)
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
AVG 2011
BitLord 1.2
Bluetooth Stack for Windows by Toshiba
Brother HL-2140
Business Contact Manager for Outlook 2007 SP2
CCleaner
Direct DiscRecorder
Dolby Control Center
DVD MovieFactory for TOSHIBA
ENE CIR Receiver Driver
ESET Online Scanner v3
Google Update Helper
HDMI Control Manager
Intel® Matrix Storage Manager
JMicron Flash Media Controller Driver
Junk Mail filter update
Kies-OutlookAddIn
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
Norton Internet Security
NVIDIA Drivers
NVIDIA PhysX
PlayReady PC Runtime x86
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Skype Toolbars
Skypeâ„¢ 5.0
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Remote Control Manager
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Utility Common Driver
Veetle TV 0.9.18
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
Wacom Tablet
WebTablet IE Plugin
WebTablet Netscape Plugin
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR
.
==== Event Viewer Messages From Past Week ========
.
7/07/2011 8:43:35 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000003, 0x86e6c690, 0x8352bae0, 0x8a36de00). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 070711-24928-01.
.
==== End Of File ===========================

I hope this helps find a solution, its so frustrating!

thanks mate!

PeteC · 2011/07/12

Thanks

One of our trained malware analysts will take a look at your logs ASAP, but it may be a day or so before you get a response as they are always very busy. All logs are dealt with in the order received.

Thank you for your patience.

broni · 2011/07/12

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

sketchpimp · 2011/07/12

TDSKiller log

Hi there, here is the log file:

2011/07/13 14:17:47.0718 5472 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/13 14:17:49.0719 5472 ================================================================================
2011/07/13 14:17:49.0719 5472 SystemInfo:
2011/07/13 14:17:49.0720 5472
2011/07/13 14:17:49.0720 5472 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/13 14:17:49.0720 5472 Product type: Workstation
2011/07/13 14:17:49.0720 5472 ComputerName: FLIPMODS-PC
2011/07/13 14:17:49.0720 5472 UserName: Flipmods
2011/07/13 14:17:49.0720 5472 Windows directory: C:\windows
2011/07/13 14:17:49.0720 5472 System windows directory: C:\windows
2011/07/13 14:17:49.0720 5472 Processor architecture: Intel x86
2011/07/13 14:17:49.0720 5472 Number of processors: 2
2011/07/13 14:17:49.0720 5472 Page size: 0x1000
2011/07/13 14:17:49.0720 5472 Boot type: Normal boot
2011/07/13 14:17:49.0720 5472 ================================================================================
2011/07/13 14:17:50.0534 5472 Initialize success
2011/07/13 14:18:03.0297 6384 ================================================================================
2011/07/13 14:18:03.0297 6384 Scan started
2011/07/13 14:18:03.0298 6384 Mode: Manual;
2011/07/13 14:18:03.0298 6384 ================================================================================
2011/07/13 14:18:04.0590 6384 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
2011/07/13 14:18:05.0031 6384 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
2011/07/13 14:18:05.0486 6384 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
2011/07/13 14:18:06.0088 6384 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
2011/07/13 14:18:06.0550 6384 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
2011/07/13 14:18:07.0074 6384 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
2011/07/13 14:18:07.0536 6384 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\windows\system32\drivers\afd.sys
2011/07/13 14:18:08.0139 6384 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
2011/07/13 14:18:08.0652 6384 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
2011/07/13 14:18:09.0251 6384 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
2011/07/13 14:18:09.0756 6384 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
2011/07/13 14:18:10.0235 6384 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
2011/07/13 14:18:10.0748 6384 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
2011/07/13 14:18:11.0327 6384 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
2011/07/13 14:18:11.0862 6384 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
2011/07/13 14:18:12.0386 6384 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\windows\system32\DRIVERS\amdsata.sys
2011/07/13 14:18:12.0936 6384 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
2011/07/13 14:18:13.0468 6384 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\windows\system32\DRIVERS\amdxata.sys
2011/07/13 14:18:14.0024 6384 AppID (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
2011/07/13 14:18:14.0639 6384 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
2011/07/13 14:18:15.0232 6384 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
2011/07/13 14:18:15.0776 6384 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
2011/07/13 14:18:16.0376 6384 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
2011/07/13 14:18:17.0062 6384 Avgfwfd (d30b785ab801a0e2b0ad922d66f971f3) C:\windows\system32\DRIVERS\avgfwd6x.sys
2011/07/13 14:18:17.0644 6384 AVGIDSDriver (2177e7448c1ecfb35a5db417603d205a) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/07/13 14:18:18.0166 6384 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
2011/07/13 14:18:18.0755 6384 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/07/13 14:18:19.0341 6384 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\windows\system32\DRIVERS\AVGIDSShim.Sys
2011/07/13 14:18:19.0908 6384 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\windows\system32\DRIVERS\avgldx86.sys
2011/07/13 14:18:20.0448 6384 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\windows\system32\DRIVERS\avgmfx86.sys
2011/07/13 14:18:21.0372 6384 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\windows\system32\DRIVERS\avgrkx86.sys
2011/07/13 14:18:21.0899 6384 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\windows\system32\DRIVERS\avgtdix.sys
2011/07/13 14:18:22.0451 6384 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
2011/07/13 14:18:23.0200 6384 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
2011/07/13 14:18:23.0776 6384 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
2011/07/13 14:18:24.0336 6384 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
2011/07/13 14:18:24.0833 6384 bowser (fcafaef6798d7b51ff029f99a9898961) C:\windows\system32\DRIVERS\bowser.sys
2011/07/13 14:18:25.0456 6384 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
2011/07/13 14:18:25.0967 6384 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
2011/07/13 14:18:26.0469 6384 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
2011/07/13 14:18:26.0945 6384 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
2011/07/13 14:18:27.0511 6384 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
2011/07/13 14:18:27.0967 6384 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
2011/07/13 14:18:28.0425 6384 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
2011/07/13 14:18:29.0059 6384 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
2011/07/13 14:18:29.0530 6384 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
2011/07/13 14:18:30.0052 6384 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
2011/07/13 14:18:30.0358 6384 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
2011/07/13 14:18:30.0832 6384 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
2011/07/13 14:18:31.0409 6384 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
2011/07/13 14:18:31.0895 6384 CNG (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
2011/07/13 14:18:32.0353 6384 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
2011/07/13 14:18:32.0833 6384 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
2011/07/13 14:18:33.0333 6384 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
2011/07/13 14:18:33.0802 6384 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\windows\system32\Drivers\dfsc.sys
2011/07/13 14:18:35.0080 6384 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
2011/07/13 14:18:35.0528 6384 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
2011/07/13 14:18:36.0033 6384 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
2011/07/13 14:18:36.0513 6384 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\windows\System32\drivers\dxgkrnl.sys
2011/07/13 14:18:37.0431 6384 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
2011/07/13 14:18:38.0105 6384 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
2011/07/13 14:18:38.0561 6384 enecir (f13c945115b8a8c7c4427d5925f88f23) C:\windows\system32\DRIVERS\enecir.sys
2011/07/13 14:18:39.0195 6384 enecirhid (65bf24816c2814596253f312dd35f171) C:\windows\system32\DRIVERS\enecirhid.sys
2011/07/13 14:18:39.0658 6384 enecirhidma (97d41e2831ac117af9bf8d0d9e9d027f) C:\windows\system32\DRIVERS\enecirhidma.sys
2011/07/13 14:18:40.0115 6384 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
2011/07/13 14:18:40.0630 6384 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
2011/07/13 14:18:41.0101 6384 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
2011/07/13 14:18:41.0612 6384 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
2011/07/13 14:18:42.0146 6384 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
2011/07/13 14:18:42.0614 6384 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
2011/07/13 14:18:43.0040 6384 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
2011/07/13 14:18:43.0489 6384 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
2011/07/13 14:18:44.0008 6384 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
2011/07/13 14:18:44.0289 6384 FsUsbExDisk (cbe5f69a5e5b918225f420ba748f3742) C:\windows\system32\FsUsbExDisk.SYS
2011/07/13 14:18:44.0786 6384 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
2011/07/13 14:18:45.0258 6384 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\windows\system32\DRIVERS\fvevol.sys
2011/07/13 14:18:45.0708 6384 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
2011/07/13 14:18:46.0231 6384 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
2011/07/13 14:18:46.0701 6384 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
2011/07/13 14:18:47.0267 6384 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
2011/07/13 14:18:47.0985 6384 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
2011/07/13 14:18:48.0445 6384 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
2011/07/13 14:18:48.0958 6384 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
2011/07/13 14:18:49.0459 6384 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
2011/07/13 14:18:49.0962 6384 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
2011/07/13 14:18:50.0437 6384 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
2011/07/13 14:18:50.0858 6384 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
2011/07/13 14:18:51.0427 6384 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
2011/07/13 14:18:51.0972 6384 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
2011/07/13 14:18:52.0424 6384 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\windows\system32\DRIVERS\iaStorV.sys
2011/07/13 14:18:52.0892 6384 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
2011/07/13 14:18:53.0489 6384 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
2011/07/13 14:18:53.0959 6384 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
2011/07/13 14:18:54.0427 6384 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
2011/07/13 14:18:54.0885 6384 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
2011/07/13 14:18:55.0332 6384 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
2011/07/13 14:18:55.0764 6384 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
2011/07/13 14:18:56.0223 6384 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
2011/07/13 14:18:56.0694 6384 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
2011/07/13 14:18:57.0185 6384 JMCR (65da9fa42c0972fe5b9b7d6047f06f4c) C:\windows\system32\DRIVERS\jmcr.sys
2011/07/13 14:18:57.0654 6384 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
2011/07/13 14:18:58.0131 6384 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
2011/07/13 14:18:58.0597 6384 KSecDD (e36a061ec11b373826905b21be10948f) C:\windows\system32\Drivers\ksecdd.sys
2011/07/13 14:18:59.0055 6384 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
2011/07/13 14:18:59.0546 6384 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
2011/07/13 14:19:00.0040 6384 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
2011/07/13 14:19:00.0526 6384 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
2011/07/13 14:19:00.0985 6384 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
2011/07/13 14:19:01.0475 6384 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
2011/07/13 14:19:01.0944 6384 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
2011/07/13 14:19:02.0378 6384 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
2011/07/13 14:19:03.0269 6384 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
2011/07/13 14:19:03.0778 6384 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
2011/07/13 14:19:04.0265 6384 mod7700 (8aeeb5397543568860c6f681e2ed6686) C:\windows\system32\Drivers\dvb7700all.sys
2011/07/13 14:19:04.0744 6384 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
2011/07/13 14:19:05.0234 6384 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
2011/07/13 14:19:06.0412 6384 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
2011/07/13 14:19:07.0659 6384 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
2011/07/13 14:19:08.0893 6384 mountmgr (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
2011/07/13 14:19:10.0420 6384 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
2011/07/13 14:19:11.0841 6384 mpio (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
2011/07/13 14:19:12.0566 6384 MpKsl84fc8d25 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2FFFBDB-172B-4487-B917-BC68FFD10B65}\MpKsl84fc8d25.sys
2011/07/13 14:19:13.0982 6384 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
2011/07/13 14:19:15.0208 6384 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
2011/07/13 14:19:16.0266 6384 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
2011/07/13 14:19:16.0747 6384 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\windows\system32\DRIVERS\mrxsmb.sys
2011/07/13 14:19:17.0207 6384 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\windows\system32\DRIVERS\mrxsmb10.sys
2011/07/13 14:19:18.0240 6384 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\windows\system32\DRIVERS\mrxsmb20.sys
2011/07/13 14:19:18.0740 6384 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
2011/07/13 14:19:19.0221 6384 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
2011/07/13 14:19:19.0787 6384 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
2011/07/13 14:19:20.0266 6384 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
2011/07/13 14:19:20.0743 6384 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
2011/07/13 14:19:21.0427 6384 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
2011/07/13 14:19:22.0228 6384 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
2011/07/13 14:19:22.0695 6384 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
2011/07/13 14:19:23.0174 6384 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
2011/07/13 14:19:23.0720 6384 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
2011/07/13 14:19:24.0431 6384 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
2011/07/13 14:19:25.0010 6384 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
2011/07/13 14:19:25.0478 6384 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
2011/07/13 14:19:26.0156 6384 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
2011/07/13 14:19:26.0617 6384 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
2011/07/13 14:19:27.0107 6384 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
2011/07/13 14:19:27.0830 6384 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
2011/07/13 14:19:28.0308 6384 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
2011/07/13 14:19:28.0790 6384 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
2011/07/13 14:19:29.0223 6384 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
2011/07/13 14:19:30.0057 6384 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
2011/07/13 14:19:30.0526 6384 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
2011/07/13 14:19:31.0389 6384 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\windows\system32\DRIVERS\NETw5s32.sys
2011/07/13 14:19:33.0215 6384 netw5v32 (af1ae2e42b03395560b1cde03230205c) C:\windows\system32\DRIVERS\netw5v32.sys
2011/07/13 14:19:34.0280 6384 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
2011/07/13 14:19:35.0277 6384 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
2011/07/13 14:19:35.0939 6384 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
2011/07/13 14:19:36.0478 6384 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
2011/07/13 14:19:36.0967 6384 Ntfs (3795dcd21f740ee799fb7223234215af) C:\windows\system32\drivers\Ntfs.sys
2011/07/13 14:19:37.0442 6384 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
2011/07/13 14:19:37.0925 6384 NVHDA (d2f4c4b22969236382ca853b8daa2d4e) C:\windows\system32\drivers\nvhda32v.sys
2011/07/13 14:19:38.0638 6384 nvlddmkm (f484e314c710b9c297f9ab363ff74370) C:\windows\system32\DRIVERS\nvlddmkm.sys
2011/07/13 14:19:39.0325 6384 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\windows\system32\DRIVERS\nvraid.sys
2011/07/13 14:19:39.0828 6384 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\windows\system32\DRIVERS\nvstor.sys
2011/07/13 14:19:40.0330 6384 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
2011/07/13 14:19:40.0801 6384 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
2011/07/13 14:19:41.0284 6384 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
2011/07/13 14:19:41.0813 6384 partmgr (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
2011/07/13 14:19:42.0252 6384 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
2011/07/13 14:19:42.0879 6384 pci (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
2011/07/13 14:19:43.0436 6384 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
2011/07/13 14:19:43.0874 6384 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
2011/07/13 14:19:44.0319 6384 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
2011/07/13 14:19:44.0750 6384 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
2011/07/13 14:19:45.0214 6384 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
2011/07/13 14:19:45.0739 6384 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
2011/07/13 14:19:46.0199 6384 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
2011/07/13 14:19:46.0692 6384 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
2011/07/13 14:19:47.0183 6384 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
2011/07/13 14:19:48.0089 6384 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
2011/07/13 14:19:48.0555 6384 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
2011/07/13 14:19:48.0977 6384 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
2011/07/13 14:19:49.0510 6384 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
2011/07/13 14:19:49.0981 6384 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
2011/07/13 14:19:50.0449 6384 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
2011/07/13 14:19:50.0897 6384 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
2011/07/13 14:19:51.0355 6384 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
2011/07/13 14:19:51.0848 6384 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
2011/07/13 14:19:52.0279 6384 RDPCDD (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
2011/07/13 14:19:52.0748 6384 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
2011/07/13 14:19:53.0192 6384 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
2011/07/13 14:19:53.0641 6384 RDPWD (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
2011/07/13 14:19:54.0106 6384 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
2011/07/13 14:19:54.0625 6384 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
2011/07/13 14:19:55.0110 6384 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
2011/07/13 14:19:55.0718 6384 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
2011/07/13 14:19:56.0184 6384 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
2011/07/13 14:19:56.0671 6384 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\windows\system32\DRIVERS\sdbus.sys
2011/07/13 14:19:57.0137 6384 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
2011/07/13 14:19:57.0669 6384 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
2011/07/13 14:19:58.0138 6384 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
2011/07/13 14:19:58.0592 6384 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
2011/07/13 14:19:59.0068 6384 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
2011/07/13 14:19:59.0547 6384 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
2011/07/13 14:20:00.0003 6384 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
2011/07/13 14:20:00.0439 6384 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
2011/07/13 14:20:00.0931 6384 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
2011/07/13 14:20:01.0409 6384 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
2011/07/13 14:20:01.0867 6384 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
2011/07/13 14:20:02.0349 6384 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
2011/07/13 14:20:02.0813 6384 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
2011/07/13 14:20:03.0306 6384 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\windows\system32\DRIVERS\srv.sys
2011/07/13 14:20:03.0753 6384 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\windows\system32\DRIVERS\srv2.sys
2011/07/13 14:20:04.0209 6384 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\windows\system32\DRIVERS\srvnet.sys
2011/07/13 14:20:04.0671 6384 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
2011/07/13 14:20:05.0158 6384 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
2011/07/13 14:20:05.0685 6384 SynTP (3f4982de07d89a1084861e9d59f7ebb1) C:\windows\system32\DRIVERS\SynTP.sys
2011/07/13 14:20:06.0264 6384 Tcpip (63170b9ee1d0ef0032f0408605671d1a) C:\windows\system32\drivers\tcpip.sys
2011/07/13 14:20:06.0769 6384 TCPIP6 (63170b9ee1d0ef0032f0408605671d1a) C:\windows\system32\DRIVERS\tcpip.sys
2011/07/13 14:20:07.0222 6384 tcpipreg (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
2011/07/13 14:20:07.0702 6384 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
2011/07/13 14:20:08.0200 6384 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
2011/07/13 14:20:08.0634 6384 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
2011/07/13 14:20:09.0079 6384 tdx (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
2011/07/13 14:20:09.0514 6384 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
2011/07/13 14:20:10.0042 6384 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
2011/07/13 14:20:10.0495 6384 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
2011/07/13 14:20:11.0523 6384 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\windows\system32\DRIVERS\tosrfec.sys
2011/07/13 14:20:11.0979 6384 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
2011/07/13 14:20:12.0516 6384 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
2011/07/13 14:20:12.0974 6384 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
2011/07/13 14:20:13.0508 6384 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2011/07/13 14:20:14.0166 6384 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
2011/07/13 14:20:14.0780 6384 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
2011/07/13 14:20:15.0401 6384 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
2011/07/13 14:20:15.0971 6384 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
2011/07/13 14:20:16.0529 6384 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
2011/07/13 14:20:17.0049 6384 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
2011/07/13 14:20:18.0232 6384 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\windows\system32\DRIVERS\usbccgp.sys
2011/07/13 14:20:19.0412 6384 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
2011/07/13 14:20:20.0580 6384 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\windows\system32\DRIVERS\usbehci.sys
2011/07/13 14:20:21.0774 6384 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\windows\system32\DRIVERS\usbhub.sys
2011/07/13 14:20:23.0064 6384 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\DRIVERS\usbohci.sys
2011/07/13 14:20:24.0260 6384 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
2011/07/13 14:20:25.0332 6384 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
2011/07/13 14:20:26.0473 6384 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\windows\system32\DRIVERS\USBSTOR.SYS
2011/07/13 14:20:27.0562 6384 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\DRIVERS\usbuhci.sys
2011/07/13 14:20:28.0569 6384 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\windows\system32\Drivers\usbvideo.sys
2011/07/13 14:20:29.0623 6384 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
2011/07/13 14:20:30.0824 6384 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
2011/07/13 14:20:31.0801 6384 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
2011/07/13 14:20:32.0406 6384 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
2011/07/13 14:20:32.0882 6384 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
2011/07/13 14:20:33.0319 6384 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
2011/07/13 14:20:34.0227 6384 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
2011/07/13 14:20:34.0691 6384 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
2011/07/13 14:20:35.0152 6384 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
2011/07/13 14:20:35.0950 6384 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/13 14:20:35.0960 6384 Suspicious file (Forged): C:\windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/07/13 14:20:35.0967 6384 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/13 14:20:36.0920 6384 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
2011/07/13 14:20:37.0508 6384 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
2011/07/13 14:20:38.0531 6384 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
2011/07/13 14:20:39.0016 6384 wacmoumonitor (c3b03ed7b06657a3355f620bc02acfb6) C:\windows\system32\DRIVERS\wacmoumonitor.sys
2011/07/13 14:20:39.0569 6384 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys
2011/07/13 14:20:40.0409 6384 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
2011/07/13 14:20:40.0871 6384 wacomvhid (846b58ea44bf8c92e4b59f4e2252c4c0) C:\windows\system32\DRIVERS\wacomvhid.sys
2011/07/13 14:20:41.0421 6384 WANARP (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/13 14:20:41.0515 6384 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
2011/07/13 14:20:42.0300 6384 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
2011/07/13 14:20:42.0809 6384 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
2011/07/13 14:20:43.0763 6384 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
2011/07/13 14:20:44.0396 6384 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
2011/07/13 14:20:45.0401 6384 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
2011/07/13 14:20:46.0319 6384 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
2011/07/13 14:20:46.0808 6384 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
2011/07/13 14:20:47.0354 6384 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
2011/07/13 14:20:48.0078 6384 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
2011/07/13 14:20:48.0186 6384 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
2011/07/13 14:20:48.0211 6384 Boot (0x1200) (e06c675f6b38237784e1193b95ea1ec2) \Device\Harddisk0\DR0\Partition0
2011/07/13 14:20:48.0216 6384 ================================================================================
2011/07/13 14:20:48.0216 6384 Scan finished
2011/07/13 14:20:48.0216 6384 ================================================================================
2011/07/13 14:20:48.0238 4128 Detected object count: 1
2011/07/13 14:20:48.0238 4128 Actual detected object count: 1
2011/07/13 14:21:11.0220 4128 volsnap (7c28b63e4c9e5c3be7ffe53789593619) C:\windows\system32\DRIVERS\volsnap.sys
2011/07/13 14:21:11.0224 4128 Suspicious file (Forged): C:\windows\system32\DRIVERS\volsnap.sys. Real md5: 7c28b63e4c9e5c3be7ffe53789593619, Fake md5: 58df9d2481a56edde167e51b334d44fd
2011/07/13 14:21:12.0790 4128 Backup copy found, using it..
2011/07/13 14:21:12.0837 4128 C:\windows\system32\DRIVERS\volsnap.sys - will be cured after reboot
2011/07/13 14:21:12.0837 4128 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure
2011/07/13 14:21:20.0878 1704 Deinitialize success

.......I am running malware antivirus as well as AVG, but I would like to delete them as they are just trial versions. Is it ok to do so?

broni · 2011/07/12

Good job

How is redirection?

Uninstall AVG using AVG Remover: http://www.avg.com/us-en/utilities
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

====================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

broni · 2011/07/12

Good job

How is redirection?

Uninstall AVG using AVG Remover: http://www.avg.com/us-en/utilities
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

====================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

sketchpimp · 2011/07/13

Hi, here are the logs:

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-13 14:57:01
-----------------------------
14:57:01.325 OS Version: Windows 6.1.7600
14:57:01.326 Number of processors: 2 586 0x170A
14:57:01.328 ComputerName: FLIPMODS-PC UserName: Flipmods
14:57:02.599 Initialize success
14:57:02.741 AVAST engine defs: 11071201
14:57:04.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:57:04.183 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
14:57:04.198 Disk 0 MBR read successfully
14:57:04.202 Disk 0 MBR scan
14:57:04.208 Disk 0 unknown MBR code
14:57:04.216 Disk 0 scanning sectors +976773120
14:57:04.546 Disk 0 scanning C:\windows\system32\drivers
14:57:09.649 Service scanning
14:57:11.152 Disk 0 trace - called modules:
14:57:11.166
14:57:12.166 AVAST engine scan C:\windows
15:10:44.386 Disk 0 Windows 601 MBR fixed successfully
15:12:01.120 Disk 0 MBR has been saved successfully to "C:\Users\Flipmods\Desktop\MBR.dat "
15:12:01.190 The log file has been saved successfully to "C:\Users\Flipmods\Desktop\aswMBR.txt "

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-13 14:57:01
-----------------------------
14:57:01.325 OS Version: Windows 6.1.7600
14:57:01.326 Number of processors: 2 586 0x170A
14:57:01.328 ComputerName: FLIPMODS-PC UserName: Flipmods
14:57:02.599 Initialize success
14:57:02.741 AVAST engine defs: 11071201
14:57:04.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:57:04.183 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
14:57:04.198 Disk 0 MBR read successfully
14:57:04.202 Disk 0 MBR scan
14:57:04.208 Disk 0 unknown MBR code
14:57:04.216 Disk 0 scanning sectors +976773120
14:57:04.546 Disk 0 scanning C:\windows\system32\drivers
14:57:09.649 Service scanning
14:57:11.152 Disk 0 trace - called modules:
14:57:11.166
14:57:12.166 AVAST engine scan C:\windows
15:10:44.386 Disk 0 Windows 601 MBR fixed successfully
15:12:01.120 Disk 0 MBR has been saved successfully to "C:\Users\Flipmods\Desktop\MBR.dat "
15:12:01.190 The log file has been saved successfully to "C:\Users\Flipmods\Desktop\aswMBR.txt "
15:26:11.888 AVAST engine scan C:\Users\Flipmods
15:30:30.443 AVAST engine scan C:\ProgramData
15:32:12.525 Scan finished successfully
15:42:15.075 Disk 0 MBR has been saved successfully to "C:\Users\Flipmods\Desktop\MBR.dat "
15:42:15.179 The log file has been saved successfully to "C:\Users\Flipmods\Desktop\aswMBR.txt "

ComboFix 11-07-12.09 - Flipmods 13/07/2011 16:08:50.4.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3037.1997 [GMT 10:00]
Running from: c:\users\Flipmods\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Flipmods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
c:\users\Flipmods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Uninstall Windows 7 Repair.lnk
c:\users\Flipmods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Windows 7 Repair.lnk
c:\windows\system32\no
c:\windows\system32\no\ThpProp.exe.mui
c:\windows\system32\no\ThpSrv.exe.mui
c:\windows\system32\SV
c:\windows\system32\SV\ThpProp.exe.mui
c:\windows\system32\SV\ThpSrv.exe.mui
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-07-13 06:13 . 2011-07-13 06:13 -------- d-----w- c:\users\Flipmods\AppData\Local\temp
2011-07-13 06:13 . 2011-07-13 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-13 05:44 . 2011-07-13 06:01 -------- d-----w- C:\## aswSnx private storage
2011-07-13 04:53 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-13 04:53 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-07-13 04:53 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-13 04:53 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-13 04:53 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-13 04:53 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-13 04:53 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-07-13 04:52 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-13 04:52 . 2011-07-13 04:52 -------- d-----w- c:\programdata\AVAST Software
2011-07-13 04:52 . 2011-07-13 04:52 -------- d-----w- c:\program files\AVAST Software
2011-07-13 01:48 . 2011-07-13 01:48 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-12 08:23 . 2011-04-09 05:56 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-07-12 07:59 . 2011-07-12 07:58 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E9CBF08-CFC6-4973-8735-273A8D8AF61C}\gapaengine.dll
2011-07-12 07:59 . 2011-06-06 22:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2FFFBDB-172B-4487-B917-BC68FFD10B65}\mpengine.dll
2011-07-12 07:52 . 2011-07-12 07:52 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-12 07:52 . 2010-04-09 07:24 1285000 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-07-12 07:52 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2011-06-29 03:39 . 2011-06-29 03:39 -------- d-----w- c:\program files\ESET
2011-06-23 06:23 . 2011-06-23 06:23 -------- d-----w- c:\program files\CCleaner
2011-06-23 06:21 . 2011-06-23 06:21 -------- d-----w- C:\!KillBox
2011-06-22 09:50 . 2011-06-22 09:50 -------- d-----w- c:\users\Flipmods\AppData\Roaming\AVG10
2011-06-22 09:49 . 2011-06-22 09:49 -------- d--h--w- c:\programdata\Common Files
2011-06-22 09:48 . 2011-07-13 04:44 -------- d-----w- c:\programdata\AVG10
2011-06-22 09:47 . 2011-06-22 09:47 -------- d-----w- c:\program files\AVG
2011-06-22 09:42 . 2011-07-13 04:42 -------- d-----w- c:\programdata\MFAData
2011-06-21 04:25 . 2011-06-21 04:31 -------- d-----w- c:\users\Flipmods\AppData\Roaming\Cibamo
2011-06-21 04:25 . 2011-06-21 04:29 -------- d-----w- c:\users\Flipmods\AppData\Roaming\Vepeog
2011-06-21 02:37 . 2011-05-24 09:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1F8A5F57-AD5E-4CA4-9E3A-1DDCAF8C2144}\mpengine.dll
2011-06-20 06:26 . 2011-06-20 06:26 -------- d-----w- c:\users\Flipmods\AppData\Roaming\Malwarebytes
2011-06-20 06:26 . 2011-06-20 06:26 -------- d-----w- c:\programdata\Malwarebytes
2011-06-20 04:46 . 2011-06-20 04:46 -------- d-----w- c:\users\Flipmods\AppData\Local\Mozilla
2011-06-20 04:20 . 2011-06-20 04:20 -------- d-----w- c:\users\Flipmods\AppData\Local\ElevatedDiagnostics
2011-06-14 04:50 . 2011-07-05 06:36 -------- d-----w- c:\users\Flipmods\AppData\Roaming\Canon
2011-06-14 03:26 . 2003-09-17 07:36 339968 ----a-w- c:\windows\system32\N124UFW.dll
2011-06-14 03:26 . 2002-09-11 15:07 36864 ----a-w- c:\windows\system32\CNQU70.DLL
2011-06-14 03:26 . 2002-05-23 17:04 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2011-06-14 03:25 . 2011-06-14 03:26 -------- d-----w- C:\CanoScan
2011-06-14 03:21 . 2011-06-14 03:21 -------- d-----w- c:\users\Flipmods\AppData\Roaming\WTablet
2011-06-14 03:20 . 2010-11-02 06:07 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-06-14 03:20 . 2010-10-25 00:59 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-06-14 03:20 . 2010-10-25 00:59 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-06-14 03:20 . 2010-11-15 01:08 644976 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2011-06-14 03:20 . 2010-11-15 01:08 506736 ----a-w- c:\windows\system32\Wintab32.dll
2011-06-14 03:20 . 2011-06-16 05:30 -------- d-----w- c:\program files\Tablet
2011-06-14 03:17 . 2011-06-14 03:17 -------- d-----w- c:\program files\Brownie
2011-06-14 03:17 . 2004-08-09 14:42 77824 ------w- c:\windows\system32\brlmw03a.dll
2011-06-14 03:17 . 2011-06-14 03:17 -------- d-----w- c:\program files\Brother
2011-06-14 03:17 . 2009-12-02 01:37 200704 ------w- c:\windows\system32\Pdrvinst.dll
2011-06-14 03:17 . 2009-05-20 15:00 111928 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2011-06-14 03:17 . 2007-01-15 15:00 24223 ----a-w- c:\windows\system32\BRLM03A.DLL
2011-06-14 03:17 . 2006-12-21 02:23 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
2011-06-14 03:16 . 2011-06-14 03:16 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2011-06-14 03:16 . 2004-04-18 13:42 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2011-06-14 03:16 . 2004-04-18 13:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2011-06-14 03:16 . 2004-04-18 13:39 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2011-06-14 03:16 . 2004-04-18 13:39 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2011-06-14 03:16 . 2004-04-18 13:39 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2011-06-14 03:16 . 2011-06-14 03:16 303236 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2011-06-13 11:20 . 2011-06-13 11:20 -------- d-----w- c:\program files\Veetle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-13 04:22 . 2009-07-13 23:11 245328 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-23 06:27 . 2011-06-06 10:36 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-27 05:25 . 2011-04-27 05:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-18 03:18 . 2011-04-18 03:18 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 03:18 . 2011-04-18 03:18 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2011-06-26 02:38 . 2011-06-21 11:24 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@= "{472083B0-C522-11CF-8763-00608CC02F24} "
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper "= "c:\program files\Samsung\Kies\KiesHelper.exe" [2011-01-29 888120]
"KiesTrayAgent "= "c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv "= "c:\windows\system32\thpsrv" [X]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
"SVPWUTIL "= "c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup "= "c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify "= "c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain "= "c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"HSON "= "c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView "= "c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain "= "c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-03 7625248]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-17 1549608]
"ITSecMng "= "c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TUSBSleepChargeSrv "= "c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-07-02 252288]
"SmartFaceVWatcher "= "c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"Teco "= "c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-10 1324384]
"TosSENotify "= "c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"ToshibaServiceStation "= "c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"HDMICtrlMan "= "c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2009-08-03 832856]
"TRCMan "= "c:\program files\TOSHIBA\TRCMan\TRCMan.exe" [2009-07-21 701752]
"TosWaitSrv "= "c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"TWebCamera "= "c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"TosNC "= "c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-08-06 466792]
"TosReelTimeMonitor "= "c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-08-06 29528]
"KiesTrayAgent "= "c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-01-29 3372856]
"BrStsWnd "= "c:\program files\Brownie\BrstsWnd.exe" [2009-08-19 3618104]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"MSC "= "c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\users\Flipmods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@= "Service "
.
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-07-18 181616]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-05-28 233472]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-10 135664]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2010-11-15 4807536]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-10 181616]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-05-28 36608]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-02-10 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-01 116136]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-14 4231680]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2010-11-02 10752]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 13120]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 59904]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 11776]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 5632]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-10 18:02]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-10 18:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSAU&bmod=TSAU
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{75E5EF38-2FC4-4892-B64D-8B4C9A63F054}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{75E5EF38-2FC4-4892-B64D-8B4C9A63F054}\24967605F6E646648393636423: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Flipmods\AppData\Roaming\Mozilla\Firefox\Profiles\decmet88.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e1bc2d8&i=23&tp=ab&nt=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-14953062.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-13 16:14:42
ComboFix-quarantined-files.txt 2011-07-13 06:14
ComboFix2.txt 2011-06-22 12:01
ComboFix3.txt 2011-06-22 11:53
ComboFix4.txt 2011-06-21 11:18
.
Pre-Run: 446,905,380,864 bytes free
Post-Run: 446,534,516,736 bytes free
.
- - End Of File - - 047EDBE914CA3E742AF465AA976226A5

Hope things are well.

broni · 2011/07/13

You didn't say if redirection is still present.

Combofix log looks good.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Log in or Sign up

Inactive Google Redirect Virus - Windows 7

sketchpimp Inactive Thread Starter

PeteC SuperGeek Staff

sketchpimp Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

sketchpimp Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

sketchpimp Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Google Redirect Virus - Windows 7

sketchpimp Inactive Thread Starter

PeteC SuperGeek Staff

sketchpimp Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

sketchpimp Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

sketchpimp Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches