ArthurOPlasty

Members
  • Content Count

    57
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ArthurOPlasty

  • Rank
    Advanced Member
  1. i think everything is working okay now. Many thanks for all your efforts Cecilia, very much appreciated. Keep up the good work. How should I go about learning to resolve malware issues for others?
  2. 1) What should I do with some of the end-of-life programs with no updates? should I just uninstall them? 2) Do I still need to make those internet explorer security changes eventhough I only use mozilla? 3) I sometimes keep my computer running for several days or a week before restarting, is this okay?
  3. aswMBR and ESET online scanner are the tools still left on my computer. About to get a new antivirus and then update with secunia.
  4. We have a winner. Bluetooth File Extenstion Yes Context Menu TosBtShell 1.02.10.US TOSHIBA CORPORATION TOSHIBA No No No No No No C:\Windows\system32\TosBtShell.dll {6BEF3D0B-53F0-4b0d-B91C-C19ED3D4C9D1} 23/01/2007 9:17:30 AM 19/10/2008 10:33:16 PM No *, directory A 569,344 No Should I just leave it disabled?
  5. Event type - error, Event ID 1001, Source - Windows Error Reporting, Log - Application Details: [b]EventData[/b] 2304315733 1 APPCRASH None 0 Explorer.exe 6.0.6001.18164 4907e242 StackHash_349d 6.0.6001.18538 4cb733dc c0000374 000b0dbc C:\Users\Roop\AppData\Local\temp\WER2F6.tmp.version.txt C:\Users\Roop\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report1ad6265d Event type - Information, Event ID 1000, Source - Application Error, Log - Application Details: [b]EventData[/b] Explorer.exe 6.0.6001.18164 4907e242 ntdll.dll 6.0.6001.18538 4cb733dc c0000374 000b0dbc 47c 01ccfe07be2e7710
  6. I've uninstalled a few programs that are no longer used, but there's some I'm unable to get rid of because it says the uninstaller has been moved. I can't find a listing of those programs in the add/remove programs in control panel either. I just ran the combofix removal and updated mozilla, but now every time I right click on on icon it says windows explorer is restarting, then it closes everything.
  7. 09:41:58.0779 3532 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39 09:41:59.0513 3532 ============================================================ 09:41:59.0513 3532 Current date / time: 2012/03/08 09:41:59.0513 09:41:59.0513 3532 SystemInfo: 09:41:59.0513 3532 09:41:59.0513 3532 OS Version: 6.0.6001 ServicePack: 1.0 09:41:59.0513 3532 Product type: Workstation 09:41:59.0513 3532 ComputerName: COMMODORE64 09:41:59.0514 3532 UserName: Roop 09:41:59.0514 3532 Windows directory: C:\Windows 09:41:59.0514 3532 System windows directory: C:\Windows 09:41:59.0514 3532 Processor architecture: Intel x86 09:41:59.0514 3532 Number of processors: 2 09:41:59.0514 3532 Page size: 0x1000 09:41:59.0514 3532 Boot type: Normal boot 09:41:59.0514 3532 ============================================================ 09:42:00.0095 3532 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 09:42:00.0097 3532 \Device\Harddisk0\DR0: 09:42:00.0098 3532 MBR used 09:42:00.0098 3532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C4ED800 09:42:00.0134 3532 Initialize success 09:42:00.0134 3532 ============================================================ 09:42:15.0862 4648 ============================================================ 09:42:15.0862 4648 Scan started 09:42:15.0862 4648 Mode: Manual; 09:42:15.0862 4648 ============================================================ 09:42:17.0148 4648 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 09:42:17.0203 4648 ACPI - ok 09:42:17.0578 4648 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 09:42:17.0601 4648 adp94xx - ok 09:42:17.0656 4648 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 09:42:17.0664 4648 adpahci - ok 09:42:17.0773 4648 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 09:42:17.0776 4648 adpu160m - ok 09:42:17.0878 4648 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 09:42:17.0883 4648 adpu320 - ok 09:42:17.0974 4648 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys 09:42:17.0982 4648 AFD - ok 09:42:18.0198 4648 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys 09:42:18.0244 4648 AgereSoftModem - ok 09:42:18.0325 4648 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 09:42:18.0328 4648 agp440 - ok 09:42:18.0389 4648 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 09:42:18.0394 4648 aic78xx - ok 09:42:18.0518 4648 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 09:42:18.0521 4648 aliide - ok 09:42:18.0577 4648 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 09:42:18.0581 4648 amdagp - ok 09:42:18.0650 4648 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 09:42:18.0652 4648 amdide - ok 09:42:18.0713 4648 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 09:42:18.0717 4648 AmdK7 - ok 09:42:18.0839 4648 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 09:42:18.0842 4648 AmdK8 - ok 09:42:18.0978 4648 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 09:42:18.0982 4648 arc - ok 09:42:19.0059 4648 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 09:42:19.0063 4648 arcsas - ok 09:42:19.0226 4648 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 09:42:19.0229 4648 AsyncMac - ok 09:42:19.0308 4648 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 09:42:19.0311 4648 atapi - ok 09:42:19.0401 4648 athrusb (9dab3b4d046d88d14c2aa3ba79ca0570) C:\Windows\system32\DRIVERS\athrusb.sys 09:42:19.0423 4648 athrusb - ok 09:42:19.0634 4648 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 09:42:19.0636 4648 Beep - ok 09:42:19.0682 4648 blbdrive - ok 09:42:19.0768 4648 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys 09:42:19.0772 4648 bowser - ok 09:42:19.0858 4648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 09:42:19.0862 4648 BrFiltLo - ok 09:42:19.0977 4648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 09:42:19.0980 4648 BrFiltUp - ok 09:42:20.0076 4648 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 09:42:20.0080 4648 Brserid - ok 09:42:20.0142 4648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 09:42:20.0146 4648 BrSerWdm - ok 09:42:20.0232 4648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 09:42:20.0235 4648 BrUsbMdm - ok 09:42:20.0340 4648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 09:42:20.0343 4648 BrUsbSer - ok 09:42:20.0410 4648 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys 09:42:20.0412 4648 BthEnum - ok 09:42:20.0492 4648 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 09:42:20.0495 4648 BTHMODEM - ok 09:42:20.0554 4648 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys 09:42:20.0559 4648 BthPan - ok 09:42:20.0672 4648 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys 09:42:20.0680 4648 BTHPORT - ok 09:42:20.0804 4648 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys 09:42:20.0808 4648 BTHUSB - ok 09:42:20.0936 4648 catchme - ok 09:42:21.0121 4648 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 09:42:21.0125 4648 cdfs - ok 09:42:21.0198 4648 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 09:42:21.0202 4648 cdrom - ok 09:42:21.0290 4648 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 09:42:21.0293 4648 circlass - ok 09:42:21.0425 4648 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 09:42:21.0434 4648 CLFS - ok 09:42:21.0560 4648 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 09:42:21.0563 4648 CmBatt - ok 09:42:21.0629 4648 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 09:42:21.0632 4648 cmdide - ok 09:42:21.0735 4648 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\Windows\system32\Drivers\COH_Mon.sys 09:42:21.0737 4648 COH_Mon - ok 09:42:21.0842 4648 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 09:42:21.0845 4648 Compbatt - ok 09:42:21.0899 4648 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 09:42:21.0902 4648 crcdisk - ok 09:42:21.0961 4648 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 09:42:21.0964 4648 Crusoe - ok 09:42:22.0149 4648 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys 09:42:22.0161 4648 CSC - ok 09:42:22.0286 4648 DELL_A02 (8a87352d9fb9597511c34d0c8c0e7223) C:\Windows\system32\DRIVERS\PRISMA02.sys 09:42:22.0298 4648 DELL_A02 - ok 09:42:22.0381 4648 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys 09:42:22.0386 4648 DfsC - ok 09:42:22.0548 4648 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 09:42:22.0551 4648 disk - ok 09:42:22.0617 4648 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 09:42:22.0619 4648 drmkaud - ok 09:42:22.0710 4648 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 09:42:22.0744 4648 DXGKrnl - ok 09:42:22.0878 4648 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 09:42:22.0886 4648 E1G60 - ok 09:42:22.0970 4648 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 09:42:22.0976 4648 Ecache - ok 09:42:23.0172 4648 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 09:42:23.0195 4648 eeCtrl - ok 09:42:23.0331 4648 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 09:42:23.0354 4648 elxstor - ok 09:42:23.0436 4648 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys 09:42:23.0440 4648 epmntdrv - ok 09:42:23.0607 4648 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 09:42:23.0609 4648 EraserUtilRebootDrv - ok 09:42:23.0704 4648 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys 09:42:23.0706 4648 EuGdiDrv - ok 09:42:23.0843 4648 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 09:42:23.0846 4648 exfat - ok 09:42:23.0933 4648 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 09:42:23.0937 4648 fastfat - ok 09:42:24.0032 4648 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 09:42:24.0033 4648 fdc - ok 09:42:24.0183 4648 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 09:42:24.0186 4648 FileInfo - ok 09:42:24.0258 4648 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 09:42:24.0260 4648 Filetrace - ok 09:42:24.0318 4648 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 09:42:24.0319 4648 flpydisk - ok 09:42:24.0440 4648 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 09:42:24.0445 4648 FltMgr - ok 09:42:24.0513 4648 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 09:42:24.0515 4648 Fs_Rec - ok 09:42:24.0567 4648 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 09:42:24.0570 4648 gagp30kx - ok 09:42:24.0631 4648 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\Drivers\GEARAspiWDM.sys 09:42:24.0633 4648 GEARAspiWDM - ok 09:42:24.0822 4648 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 09:42:24.0829 4648 HdAudAddService - ok 09:42:24.0883 4648 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 09:42:24.0886 4648 HDAudBus - ok 09:42:24.0934 4648 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 09:42:24.0937 4648 HidBth - ok 09:42:24.0986 4648 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 09:42:24.0989 4648 HidIr - ok 09:42:25.0116 4648 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 09:42:25.0119 4648 HidUsb - ok 09:42:25.0197 4648 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 09:42:25.0200 4648 HpCISSs - ok 09:42:25.0292 4648 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 09:42:25.0315 4648 HTTP - ok 09:42:25.0460 4648 hwdatacard (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys 09:42:25.0465 4648 hwdatacard - ok 09:42:25.0551 4648 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 09:42:25.0555 4648 i2omp - ok 09:42:25.0636 4648 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 09:42:25.0639 4648 i8042prt - ok 09:42:25.0771 4648 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys 09:42:25.0776 4648 iaStor - ok 09:42:25.0832 4648 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 09:42:25.0841 4648 iaStorV - ok 09:42:25.0995 4648 IDSvix86 (b147ccf3b7a42b64af8ec0520b4b15e3) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20110929.001\IDSvix86.sys 09:42:26.0005 4648 IDSvix86 - ok 09:42:26.0182 4648 igfx (75577d903d8f90e7985f5cddd7dd1e2d) C:\Windows\system32\DRIVERS\igdkmd32.sys 09:42:26.0250 4648 igfx - ok 09:42:26.0327 4648 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 09:42:26.0330 4648 iirsp - ok 09:42:26.0496 4648 IntcAzAudAddService (76c7728ae966ec10da79df69e284910f) C:\Windows\system32\drivers\RTKVHDA.sys 09:42:26.0565 4648 IntcAzAudAddService - ok 09:42:26.0701 4648 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 09:42:26.0704 4648 intelide - ok 09:42:26.0798 4648 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 09:42:26.0801 4648 intelppm - ok 09:42:26.0883 4648 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:42:26.0887 4648 IpFilterDriver - ok 09:42:26.0927 4648 IpInIp - ok 09:42:27.0062 4648 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 09:42:27.0066 4648 IPMIDRV - ok 09:42:27.0151 4648 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 09:42:27.0156 4648 IPNAT - ok 09:42:27.0244 4648 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 09:42:27.0248 4648 IRENUM - ok 09:42:27.0299 4648 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 09:42:27.0302 4648 isapnp - ok 09:42:27.0443 4648 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 09:42:27.0449 4648 iScsiPrt - ok 09:42:27.0513 4648 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 09:42:27.0517 4648 iteatapi - ok 09:42:27.0565 4648 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 09:42:27.0569 4648 iteraid - ok 09:42:27.0631 4648 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 09:42:27.0635 4648 kbdclass - ok 09:42:27.0749 4648 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 09:42:27.0752 4648 kbdhid - ok 09:42:27.0858 4648 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 09:42:27.0881 4648 KSecDD - ok 09:42:27.0970 4648 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys 09:42:27.0972 4648 Lbd - ok 09:42:28.0107 4648 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 09:42:28.0109 4648 lltdio - ok 09:42:28.0163 4648 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 09:42:28.0166 4648 LSI_FC - ok 09:42:28.0224 4648 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 09:42:28.0226 4648 LSI_SAS - ok 09:42:28.0281 4648 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 09:42:28.0283 4648 LSI_SCSI - ok 09:42:28.0368 4648 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 09:42:28.0370 4648 luafv - ok 09:42:28.0501 4648 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 09:42:28.0503 4648 megasas - ok 09:42:28.0590 4648 mod7700 (f37a8070f1e6d0a1feac34ebb846fd05) C:\Windows\system32\Drivers\dvb7700all.sys 09:42:28.0613 4648 mod7700 - ok 09:42:28.0689 4648 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 09:42:28.0691 4648 Modem - ok 09:42:28.0754 4648 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 09:42:28.0756 4648 monitor - ok 09:42:28.0863 4648 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 09:42:28.0865 4648 mouclass - ok 09:42:28.0902 4648 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 09:42:28.0904 4648 mouhid - ok 09:42:28.0978 4648 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 09:42:28.0981 4648 MountMgr - ok 09:42:29.0069 4648 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 09:42:29.0073 4648 mpio - ok 09:42:29.0217 4648 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 09:42:29.0219 4648 mpsdrv - ok 09:42:29.0272 4648 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 09:42:29.0275 4648 Mraid35x - ok 09:42:29.0355 4648 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 09:42:29.0359 4648 MRxDAV - ok 09:42:29.0423 4648 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys 09:42:29.0427 4648 mrxsmb - ok 09:42:29.0552 4648 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:42:29.0559 4648 mrxsmb10 - ok 09:42:29.0610 4648 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:42:29.0613 4648 mrxsmb20 - ok 09:42:29.0667 4648 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 09:42:29.0670 4648 msahci - ok 09:42:29.0725 4648 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 09:42:29.0728 4648 msdsm - ok 09:42:29.0854 4648 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 09:42:29.0857 4648 Msfs - ok 09:42:30.0006 4648 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 09:42:30.0008 4648 msisadrv - ok 09:42:30.0082 4648 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 09:42:30.0085 4648 MSKSSRV - ok 09:42:30.0177 4648 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 09:42:30.0180 4648 MSPCLOCK - ok 09:42:30.0274 4648 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 09:42:30.0276 4648 MSPQM - ok 09:42:30.0358 4648 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 09:42:30.0365 4648 MsRPC - ok 09:42:30.0450 4648 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 09:42:30.0452 4648 mssmbios - ok 09:42:30.0534 4648 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 09:42:30.0537 4648 MSTEE - ok 09:42:30.0615 4648 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 09:42:30.0619 4648 Mup - ok 09:42:30.0757 4648 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 09:42:30.0764 4648 NativeWifiP - ok 09:42:30.0851 4648 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111002.004\NAVENG.SYS 09:42:30.0856 4648 NAVENG - ok 09:42:30.0942 4648 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20111002.004\NAVEX15.SYS 09:42:31.0000 4648 NAVEX15 - ok 09:42:31.0118 4648 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 09:42:31.0142 4648 NDIS - ok 09:42:31.0285 4648 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 09:42:31.0288 4648 NdisTapi - ok 09:42:31.0361 4648 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 09:42:31.0364 4648 Ndisuio - ok 09:42:31.0440 4648 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 09:42:31.0445 4648 NdisWan - ok 09:42:31.0513 4648 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 09:42:31.0516 4648 NDProxy - ok 09:42:31.0614 4648 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 09:42:31.0617 4648 NetBIOS - ok 09:42:31.0698 4648 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 09:42:31.0705 4648 netbt - ok 09:42:31.0885 4648 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys 09:42:31.0955 4648 NETw3v32 - ok 09:42:32.0154 4648 NETw4v32 (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys 09:42:32.0234 4648 NETw4v32 - ok 09:42:32.0280 4648 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 09:42:32.0284 4648 nfrd960 - ok 09:42:32.0382 4648 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 09:42:32.0385 4648 Npfs - ok 09:42:32.0474 4648 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 09:42:32.0477 4648 nsiproxy - ok 09:42:32.0636 4648 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 09:42:32.0682 4648 Ntfs - ok 09:42:32.0740 4648 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 09:42:32.0743 4648 ntrigdigi - ok 09:42:32.0789 4648 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 09:42:32.0791 4648 Null - ok 09:42:32.0833 4648 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 09:42:32.0837 4648 nvraid - ok 09:42:32.0892 4648 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 09:42:32.0895 4648 nvstor - ok 09:42:33.0003 4648 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 09:42:33.0009 4648 nv_agp - ok 09:42:33.0050 4648 NwlnkFlt - ok 09:42:33.0084 4648 NwlnkFwd - ok 09:42:33.0149 4648 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 09:42:33.0152 4648 ohci1394 - ok 09:42:33.0326 4648 PalmUSBD (945da25e897eeb2c64861c3cada00d3a) C:\Windows\system32\drivers\PalmUSBD.sys 09:42:33.0329 4648 PalmUSBD - ok 09:42:33.0393 4648 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 09:42:33.0398 4648 Parport - ok 09:42:33.0475 4648 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 09:42:33.0478 4648 partmgr - ok 09:42:33.0528 4648 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 09:42:33.0531 4648 Parvdm - ok 09:42:33.0672 4648 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 09:42:33.0679 4648 pci - ok 09:42:33.0737 4648 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 09:42:33.0740 4648 pciide - ok 09:42:33.0798 4648 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 09:42:33.0805 4648 pcmcia - ok 09:42:33.0916 4648 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 09:42:33.0951 4648 PEAUTH - ok 09:42:34.0167 4648 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 09:42:34.0171 4648 PptpMiniport - ok 09:42:34.0238 4648 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 09:42:34.0242 4648 Processor - ok 09:42:34.0337 4648 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 09:42:34.0341 4648 PSched - ok 09:42:34.0444 4648 QIOMem (674eba70a52c02696e503b0a57ae6372) C:\Windows\system32\DRIVERS\QIOMem.sys 09:42:34.0446 4648 QIOMem - ok 09:42:34.0543 4648 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 09:42:34.0578 4648 ql2300 - ok 09:42:34.0672 4648 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 09:42:34.0677 4648 ql40xx - ok 09:42:34.0821 4648 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 09:42:34.0825 4648 QWAVEdrv - ok 09:42:34.0873 4648 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 09:42:34.0876 4648 RasAcd - ok 09:42:34.0974 4648 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 09:42:34.0979 4648 Rasl2tp - ok 09:42:35.0109 4648 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 09:42:35.0110 4648 RasPppoe - ok 09:42:35.0272 4648 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 09:42:35.0313 4648 RasSstp - ok 09:42:35.0518 4648 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 09:42:35.0541 4648 rdbss - ok 09:42:35.0835 4648 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 09:42:35.0837 4648 RDPCDD - ok 09:42:35.0937 4648 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys 09:42:35.0959 4648 rdpdr - ok 09:42:36.0124 4648 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 09:42:36.0126 4648 RDPENCDD - ok 09:42:36.0215 4648 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 09:42:36.0228 4648 RDPWD - ok 09:42:36.0331 4648 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys 09:42:36.0347 4648 RFCOMM - ok 09:42:36.0747 4648 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 09:42:36.0777 4648 rimmptsk - ok 09:42:36.0985 4648 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 09:42:36.0988 4648 rimsptsk - ok 09:42:37.0025 4648 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 09:42:37.0028 4648 rismxdp - ok 09:42:37.0106 4648 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys 09:42:37.0109 4648 ROOTMODEM - ok 09:42:37.0281 4648 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 09:42:37.0308 4648 rspndr - ok 09:42:37.0666 4648 RTL8169 (71b7026d61293c1e91145bdad11c53bf) C:\Windows\system32\DRIVERS\Rtlh86.sys 09:42:37.0709 4648 RTL8169 - ok 09:42:37.0980 4648 RTL8187B (318f4f327190b2aee7aae9cafd19bb19) C:\Windows\system32\DRIVERS\wg111v3.sys 09:42:37.0991 4648 RTL8187B - ok 09:42:38.0036 4648 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys 09:42:38.0039 4648 RtlProt - ok 09:42:38.0111 4648 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 09:42:38.0115 4648 sbp2port - ok 09:42:38.0340 4648 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 09:42:38.0397 4648 sdbus - ok 09:42:38.0552 4648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 09:42:38.0556 4648 secdrv - ok 09:42:38.0704 4648 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 09:42:38.0706 4648 Serenum - ok 09:42:38.0765 4648 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 09:42:38.0767 4648 Serial - ok 09:42:38.0826 4648 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 09:42:38.0828 4648 sermouse - ok 09:42:38.0910 4648 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 09:42:38.0912 4648 sffdisk - ok 09:42:39.0015 4648 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 09:42:39.0016 4648 sffp_mmc - ok 09:42:39.0062 4648 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 09:42:39.0064 4648 sffp_sd - ok 09:42:39.0106 4648 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 09:42:39.0107 4648 sfloppy - ok 09:42:39.0165 4648 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 09:42:39.0166 4648 sisagp - ok 09:42:39.0224 4648 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 09:42:39.0226 4648 SiSRaid2 - ok 09:42:39.0275 4648 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 09:42:39.0278 4648 SiSRaid4 - ok 09:42:39.0414 4648 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 09:42:39.0417 4648 Smb - ok 09:42:39.0531 4648 SPBBCDrv (dc4dc886d3779c446f9b0e9d6b006e72) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 09:42:39.0553 4648 SPBBCDrv - ok 09:42:39.0697 4648 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 09:42:39.0699 4648 spldr - ok 09:42:39.0810 4648 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS 09:42:39.0818 4648 SRTSP - ok 09:42:39.0889 4648 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS 09:42:39.0898 4648 SRTSPL - ok 09:42:40.0033 4648 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS 09:42:40.0035 4648 SRTSPX - ok 09:42:40.0134 4648 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys 09:42:40.0157 4648 srv - ok 09:42:40.0232 4648 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys 09:42:40.0236 4648 srv2 - ok 09:42:40.0274 4648 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys 09:42:40.0277 4648 srvnet - ok 09:42:40.0411 4648 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 09:42:40.0414 4648 swenum - ok 09:42:40.0475 4648 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 09:42:40.0477 4648 Symc8xx - ok 09:42:40.0540 4648 SYMDNS (fe9f8b3a8bc22d85332b42e92308ddf9) C:\Windows\System32\Drivers\SYMDNS.SYS 09:42:40.0542 4648 SYMDNS - ok 09:42:40.0625 4648 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS 09:42:40.0628 4648 SymEvent - ok 09:42:40.0724 4648 SYMFW (a0ea9d273889e53cfaabf2444692ccbf) C:\Windows\System32\Drivers\SYMFW.SYS 09:42:40.0727 4648 SYMFW - ok 09:42:40.0782 4648 SymIM (8eab28dd6cd25355b951ae460fa86b48) C:\Windows\system32\DRIVERS\SymIMv.sys 09:42:40.0783 4648 SymIM - ok 09:42:40.0816 4648 SymIMMP - ok 09:42:40.0882 4648 SYMNDISV (c94eaca4b522012ee0691f1e79c42a7d) C:\Windows\System32\Drivers\SYMNDISV.SYS 09:42:40.0884 4648 SYMNDISV - ok 09:42:40.0930 4648 SYMREDRV (7c6505ea598e58099d3b7e1f70426864) C:\Windows\System32\Drivers\SYMREDRV.SYS 09:42:40.0932 4648 SYMREDRV - ok 09:42:40.0973 4648 SYMTDI (e6ff7ace71d07ca90119f2c6ab592ba4) C:\Windows\System32\Drivers\SYMTDI.SYS 09:42:40.0977 4648 SYMTDI - ok 09:42:41.0104 4648 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 09:42:41.0105 4648 Sym_hi - ok 09:42:41.0157 4648 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 09:42:41.0159 4648 Sym_u3 - ok 09:42:41.0242 4648 SynTP (2d2c815364a878c7e358d5f549711197) C:\Windows\system32\DRIVERS\SynTP.sys 09:42:41.0247 4648 SynTP - ok 09:42:41.0343 4648 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 09:42:41.0378 4648 Tcpip - ok 09:42:41.0510 4648 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 09:42:41.0520 4648 Tcpip6 - ok 09:42:41.0580 4648 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 09:42:41.0583 4648 tcpipreg - ok 09:42:41.0626 4648 TcUsb (009aede9fe870c247014450dc1e01d5d) C:\Windows\system32\Drivers\tcusb.sys 09:42:41.0629 4648 TcUsb - ok 09:42:41.0686 4648 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys 09:42:41.0688 4648 tdcmdpst - ok 09:42:41.0760 4648 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 09:42:41.0762 4648 TDPIPE - ok 09:42:41.0883 4648 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 09:42:41.0885 4648 TDTCP - ok 09:42:41.0963 4648 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 09:42:41.0967 4648 tdx - ok 09:42:42.0035 4648 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 09:42:42.0037 4648 TermDD - ok 09:42:42.0196 4648 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys 09:42:42.0198 4648 tosporte - ok 09:42:42.0264 4648 tosrfbd (266df087a8c24da34ff40cf3df86ccfb) C:\Windows\system32\DRIVERS\tosrfbd.sys 09:42:42.0267 4648 tosrfbd - ok 09:42:42.0305 4648 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys 09:42:42.0307 4648 tosrfbnp - ok 09:42:42.0409 4648 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys 09:42:42.0411 4648 Tosrfcom - ok 09:42:42.0466 4648 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys 09:42:42.0468 4648 tosrfec - ok 09:42:42.0560 4648 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys 09:42:42.0562 4648 Tosrfhid - ok 09:42:42.0627 4648 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys 09:42:42.0628 4648 tosrfnds - ok 09:42:42.0757 4648 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys 09:42:42.0759 4648 TosRfSnd - ok 09:42:42.0830 4648 Tosrfusb (cdda265c7617a2745b48e0de572012a6) C:\Windows\system32\DRIVERS\tosrfusb.sys 09:42:42.0832 4648 Tosrfusb - ok 09:42:42.0884 4648 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys 09:42:42.0891 4648 tos_sps32 - ok 09:42:42.0966 4648 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 09:42:42.0968 4648 tssecsrv - ok 09:42:43.0090 4648 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 09:42:43.0092 4648 tunmp - ok 09:42:43.0142 4648 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys 09:42:43.0144 4648 tunnel - ok 09:42:43.0197 4648 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS 09:42:43.0199 4648 TVALZ - ok 09:42:43.0256 4648 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 09:42:43.0259 4648 uagp35 - ok 09:42:43.0415 4648 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 09:42:43.0422 4648 udfs - ok 09:42:43.0472 4648 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 09:42:43.0475 4648 uliagpkx - ok 09:42:43.0537 4648 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 09:42:43.0543 4648 uliahci - ok 09:42:43.0610 4648 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 09:42:43.0614 4648 UlSata - ok 09:42:43.0737 4648 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 09:42:43.0742 4648 ulsata2 - ok 09:42:43.0791 4648 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 09:42:43.0794 4648 umbus - ok 09:42:43.0896 4648 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\Windows\system32\Drivers\usbaapl.sys 09:42:43.0898 4648 USBAAPL - ok 09:42:43.0960 4648 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 09:42:43.0964 4648 usbccgp - ok 09:42:44.0084 4648 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 09:42:44.0088 4648 usbcir - ok 09:42:44.0159 4648 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 09:42:44.0162 4648 usbehci - ok 09:42:44.0226 4648 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 09:42:44.0249 4648 usbhub - ok 09:42:44.0293 4648 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 09:42:44.0295 4648 usbohci - ok 09:42:44.0428 4648 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 09:42:44.0430 4648 usbprint - ok 09:42:44.0519 4648 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 09:42:44.0523 4648 usbscan - ok 09:42:44.0585 4648 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:42:44.0589 4648 USBSTOR - ok 09:42:44.0650 4648 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 09:42:44.0654 4648 usbuhci - ok 09:42:44.0804 4648 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 09:42:44.0810 4648 usbvideo - ok 09:42:44.0890 4648 usb_rndisx (ee181a08e09db23cf4a49b46a1e66bb8) C:\Windows\system32\DRIVERS\usb8023x.sys 09:42:44.0894 4648 usb_rndisx - ok 09:42:44.0971 4648 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS 09:42:44.0974 4648 UVCFTR - ok 09:42:45.0111 4648 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 09:42:45.0114 4648 vga - ok 09:42:45.0194 4648 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 09:42:45.0198 4648 VgaSave - ok 09:42:45.0259 4648 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 09:42:45.0263 4648 viaagp - ok 09:42:45.0308 4648 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 09:42:45.0310 4648 ViaC7 - ok 09:42:45.0351 4648 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 09:42:45.0353 4648 viaide - ok 09:42:45.0491 4648 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 09:42:45.0493 4648 volmgr - ok 09:42:45.0578 4648 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 09:42:45.0584 4648 volmgrx - ok 09:42:45.0649 4648 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 09:42:45.0654 4648 volsnap - ok 09:42:45.0766 4648 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 09:42:45.0769 4648 vsmraid - ok 09:42:45.0845 4648 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 09:42:45.0846 4648 WacomPen - ok 09:42:45.0931 4648 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 09:42:45.0933 4648 Wanarp - ok 09:42:45.0943 4648 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 09:42:45.0945 4648 Wanarpv6 - ok 09:42:45.0994 4648 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 09:42:45.0996 4648 Wd - ok 09:42:46.0135 4648 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 09:42:46.0146 4648 Wdf01000 - ok 09:42:46.0278 4648 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 09:42:46.0279 4648 WmiAcpi - ok 09:42:46.0367 4648 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 09:42:46.0369 4648 WpdUsb - ok 09:42:46.0491 4648 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 09:42:46.0493 4648 ws2ifsl - ok 09:42:46.0609 4648 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 09:42:46.0612 4648 WUDFRd - ok 09:42:46.0700 4648 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0 09:42:46.0755 4648 \Device\Harddisk0\DR0 - ok 09:42:46.0760 4648 Boot (0x1200) (042313d59330c218f82a98681bde1d1c) \Device\Harddisk0\DR0\Partition0 09:42:46.0761 4648 \Device\Harddisk0\DR0\Partition0 - ok 09:42:46.0762 4648 ============================================================ 09:42:46.0763 4648 Scan finished 09:42:46.0763 4648 ============================================================ 09:42:46.0776 0964 Detected object count: 0 09:42:46.0776 0964 Actual detected object count: 0 09:47:06.0477 5960 Deinitialize success aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software Run date: 2012-03-08 09:47:25 ----------------------------- 09:47:25.720 OS Version: Windows 6.0.6001 Service Pack 1 09:47:25.721 Number of processors: 2 586 0xF0B 09:47:25.722 ComputerName: COMMODORE64 UserName: Roop 09:48:00.747 Initialize success 09:49:55.338 AVAST engine defs: 12030701 09:50:42.257 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 09:50:42.261 Disk 0 Vendor: FUJITSU_ 0040 Size: 238475MB BusType: 3 09:50:42.283 Disk 0 MBR read successfully 09:50:42.289 Disk 0 MBR scan 09:50:42.303 Disk 0 Windows VISTA default MBR code 09:50:42.310 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048 09:50:42.337 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 231899 MB offset 3074048 09:50:42.376 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 5075 MB offset 478003200 09:50:42.394 Disk 0 scanning sectors +488396800 09:50:42.458 Disk 0 scanning C:\Windows\system32\drivers 09:50:58.139 Service scanning 09:51:36.418 Modules scanning 09:51:49.013 Disk 0 trace - called modules: 09:51:49.398 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 09:51:49.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8614a140] 09:51:49.413 3 CLASSPNP.SYS[88afe745] -> nt!IofCallDriver -> [0x85b42b18] 09:51:49.420 5 acpi.sys[836366a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8562b030] 09:51:51.103 AVAST engine scan C:\Windows 09:51:56.067 AVAST engine scan C:\Windows\system32 09:55:56.474 AVAST engine scan C:\Windows\system32\drivers 09:56:20.055 AVAST engine scan C:\Users\Roop 10:52:16.840 AVAST engine scan C:\ProgramData 11:07:53.847 Scan finished successfully 11:17:36.633 Disk 0 MBR has been saved successfully to "C:\Users\Roop\Desktop\MBR.dat" 11:17:36.644 The log file has been saved successfully to "C:\Users\Roop\Desktop\aswMBR.txt"
  8. Okay the restart worked. But the computer has gone back to being a bit sluggish and with a lot of items still in the start tray (18 items), as opposed to only the 3 or 4 that were there after the first combofix was run a couple of days ago. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_23 Run by Roop at 23:15:42 on 2012-03-07 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.61.1033.18.2038.748 [GMT 11:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Protector Suite QL\upeksvr.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\RtHDVCpl.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\MyTomTom 3\MyTomTomSA.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Program Files\PostgreSQL\8.3\bin\postgres.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ninemsn.com.au/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe uRun: [MyTomTomSA.exe] "c:\program files\mytomtom 3\MyTomTomSA.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe mPolicies-system: DisableCAD = 1 (0x1) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000 IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe IE: {49783ED4-258D-4f9f-BE11-137C18D3E543} - c:\poker\titan poker\casino.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partypoker\partypoker\RunApp.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab TCP: DhcpNameServer = 10.0.0.138 TCP: Interfaces\{16847BB1-5FB8-4030-AE27-6C1650EAADD2} : DhcpNameServer = 10.1.1.1 TCP: Interfaces\{643C18ED-D32C-4164-B72A-E14C6CBBBC32} : DhcpNameServer = 10.0.0.138 TCP: Interfaces\{77368327-EAD8-44F4-B188-54C20067CC3E} : DhcpNameServer = 129.94.153.11 TCP: Interfaces\{BAC343C6-A813-4583-BF08-B66E0360DB7A} : DhcpNameServer = 172.16.1.42 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll Notify: psfus - c:\windows\system32\psqlpwd.dll LSA: Notification Packages = scecli psqlpwd . ================= FIREFOX =================== . FF - ProfilePath - c:\users\roop\appdata\roaming\mozilla\firefox\profiles\b9r4obh8.default\ FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-3-4 64512] R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20110929.001\IDSvix86.sys [2011-9-30 287792] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 25896] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152] R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-12-4 149352] R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-30 105592] R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192] R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2009-5-25 451072] S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-31 23888] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-25 14216] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-25 8456] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-7-6 289280] S3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-6 1251720] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664] S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 135664] . =============== Created Last 30 ================ . 2012-03-07 11:30:55 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-07 11:27:01 -------- d-----w- c:\users\roop\appdata\local\temp 2012-03-07 11:10:22 -------- d-----w- C:\ComboFix 2012-03-06 14:30:49 -------- d-----w- c:\program files\ESET 2012-03-06 12:17:44 98816 ----a-w- c:\windows\sed.exe 2012-03-06 12:17:44 518144 ----a-w- c:\windows\SWREG.exe 2012-03-04 22:11:12 16432 ----a-w- c:\windows\system32\lsdelete.exe 2012-03-04 12:18:29 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2012-03-04 12:18:12 -------- d-----w- c:\program files\Lavasoft 2012-02-21 07:27:14 -------- d-----w- c:\users\roop\appdata\local\DDMSettings . ==================== Find3M ==================== . 2012-01-04 00:48:42 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl . ============= FINISH: 23:17:22.05 ===============
  9. I also can't run DDS because of similar messages
  10. got a problem now, combofix said it was restoring an infected system file and restarted the computer. I can't open mozilla now, it says an illegal operation attempted on a registry key that has been marked for deletion. Same for when I right click on the desktop to go to my graphics properties it says 'c:\windows\system32\igfxcfg.exe illegal operation attempted on reg key that has been marked for deletion' also. ComboFix 12-03-04.02 - Roop 07/03/2012 22:15:29.3.2 - x86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.61.1033.18.2038.1092 [GMT 11:00] Running from: c:\users\Roop\Desktop\ComboFix.exe Command switches used :: c:\users\Roop\Desktop\CFScript.txt SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} * Created a new restore point . FILE :: "c:\windows\System32\mseuncermm.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\System32\mseuncermm.dll . Infected copy of c:\windows\system32\userinit.exe was found and disinfected Restored copy from - c:\combofix\HarddiskVolumeShadowCopy5_!Windows!System32!userinit.exe . . ((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 ))))))))))))))))))))))))))))))) . . 2012-03-07 11:27 . 2012-03-07 11:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-07 11:27 . 2012-03-07 11:31 -------- d-----w- c:\users\Roop\AppData\Local\temp 2012-03-07 11:27 . 2012-03-07 11:27 -------- d-----w- c:\users\postgres\AppData\Local\temp 2012-03-06 14:30 . 2012-03-06 14:30 -------- d-----w- c:\program files\ESET 2012-03-04 22:11 . 2012-03-04 12:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2012-03-04 12:18 . 2011-12-22 20:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2012-03-04 12:18 . 2012-03-04 12:18 -------- d-----w- c:\program files\Lavasoft 2012-02-21 07:27 . 2012-02-21 07:27 -------- d-----w- c:\users\Roop\AppData\Local\DDMSettings . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-04-20 430080] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264] "MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-04-26 375768] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912] "NDSTray.exe"="NDSTray.exe" [BU] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-11 413696] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-04 49168] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-19 4472832] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-28 2756608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-12-04 00:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Roop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\users\Roop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-10-14 10:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 01:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2009-06-20 16:51 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-07-13 04:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder . 2012-03-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-22 12:28] . 2012-03-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-08 17:35] . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 10:38] . 2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 10:38] . 2012-03-05 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Roop.job - c:\program files\Norton AntiVirus\Navw32.exe [2007-08-26 19:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ninemsn.com.au/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.138 DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab FF - ProfilePath - c:\users\Roop\AppData\Roaming\Mozilla\Firefox\Profiles\b9r4obh8.default\ FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-07 22:34 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????|[email protected]???h???????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3184531960-3555862301-1856031694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,{*Nc[]*] @Class="Shell" . [HKEY_USERS\S-1-5-21-3184531960-3555862301-1856031694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,{*Nc[]*\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-3184531960-3555862301-1856031694-1000_Classes\CLSID\{2b72a2aa-d783-4f34-a337-3843e783ad63}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000002d "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,a8,d7,e1,c9,cd,8a,a4,d8,f2,eb,74,d8,95,3b,\ . [HKEY_USERS\S-1-5-21-3184531960-3555862301-1856031694-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):3a,8c,41,c2,3f,91,10,1f,72,db,2c,f3,39,45,ed,8a,6a,4e,7b,17,5d, 0d,7b,8f,7c,be,81,47,cd,5d,42,98,2f,f4,d2,45,f3,89,43,29,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(864) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infra.dll . - - - - - - - > 'Explorer.exe'(4232) c:\program files\Protector Suite QL\farchns.dll c:\program files\Protector Suite QL\infra.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Protector Suite QL\upeksvr.exe c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\system32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\windows\system32\WUDFHost.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\program files\PostgreSQL\8.3\bin\postgres.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Lavasoft\Ad-Aware\AAWTray.exe c:\windows\system32\WerCon.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe . ************************************************************************** . Completion time: 2012-03-07 22:42:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-03-07 11:41 ComboFix2.txt 2012-03-06 12:37 . Pre-Run: 2,385,973,248 bytes free Post-Run: 1,224,634,368 bytes free . - - End Of File - - 9DDBB64F495D99B63922E418A5D69996
  11. Doing the scan as we speak. Computer is behaving well, haven't seen that fake antivirus for a few days now. Just uninstalled the above programs, but will keep adobe. What about all of those other findings from the ESET scan, like the java things. I always suspected that may be something unusual, since it always asks me to update every time I restart. Also could you suggest a good free antivirus to install once the cleaning process is finished. Many thanks. combofix at stage 32 atm
  12. [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6f2213c85aab7f42bebd958dde7fa495 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-06 05:51:23 # local_time=2012-03-07 04:51:23 (+1000, AUS Eastern Daylight Time) # country="Australia" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=512 16777215 100 0 63633395 63633395 0 0 # compatibility_mode=3584 16777215 100 0 0 0 0 0 # compatibility_mode=5892 16776574 100 100 45848720 168573542 0 0 # compatibility_mode=8192 67108863 100 0 191 191 0 0 # scanned=313297 # found=22 # cleaned=0 # scan_time=11844 C:\Program Files\Red Kawa\Video Converter App\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I C:\Qoobox\Quarantine\C\Users\Roop\AppData\Local\vilzst.exe.vir a variant of Win32/Kryptik.ABWS trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\2ba7df00-6773314e Java/Exploit.CVE-2010-0844.A trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\3d726d4b-3d479d1c a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5f583a0f-42025bfa probably a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\29a77082-4c038d5f Java/Exploit.CVE-2009-3867.AL trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6e433856-2d1afae6 Java/Exploit.CVE-2009-3867.AL trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\63425c18-31e4031f probably a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1febdf59-2d00a741 Java/Exploit.CVE-2009-3867.AL trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2b854b99-341bdfe9 a variant of Java/TrojanDownloader.OpenStream.NBF trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\10733803-6defd5f7 a variant of Java/Exploit.CVE-2011-3544.AW trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\31cee7a0-544c4368 probably a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\6ccf05e7-77882dbb probably a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\f0cf627-39572f6e multiple threats (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\41925e2a-3a653f41 a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4ba1196c-668ccb1d a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1baeccbb-3888baeb Java/Exploit.CVE-2009-3867.AL trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\fea4bbe-3293e2cb a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\Documents\Adobe CS3\ACS3MCD1.iso a variant of Win32/Keygen.BR application (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\Downloads\SoftonicDownloader_for_sopcast.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I C:\Users\Roop\Downloads\Programs\ps3video9-408-setup.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I C:\Windows\System32\mseuncermm.dll a variant of Win32/Spy.KeyLogger.NOB trojan (unable to clean) 00000000000000000000000000000000 I
  13. ComboFix Log ComboFix 12-03-04.02 - Roop 06/03/2012 23:21:20.2.2 - x86 Microsoft® Windows Vista™ Business 6.0.6001.1.1252.61.1033.18.2038.1069 [GMT 11:00] Running from: c:\users\Roop\Desktop\ComboFix.exe SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini c:\users\Roop\AppData\Local\vilzst.exe c:\users\Roop\Documents\~WRL0010.tmp c:\users\Roop\Documents\~WRL0857.tmp c:\users\Roop\Documents\~WRL1774.tmp c:\users\Roop\Documents\~WRL2546.tmp c:\users\Roop\Documents\~WRL2632.tmp c:\users\Roop\Documents\~WRL3409.tmp c:\users\Roop\Documents\~WRL3693.tmp . . ((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 ))))))))))))))))))))))))))))))) . . 2012-03-06 12:32 . 2012-03-06 12:32 -------- d-----w- c:\users\postgres\AppData\Local\temp 2012-03-06 12:32 . 2012-03-06 12:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-04 22:11 . 2012-03-04 12:29 16432 ----a-w- c:\windows\system32\lsdelete.exe 2012-03-04 12:18 . 2011-12-22 20:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2012-03-04 12:18 . 2012-03-04 12:18 -------- d-----w- c:\program files\Lavasoft 2012-02-21 07:27 . 2012-02-21 07:27 -------- d-----w- c:\users\Roop\AppData\Local\DDMSettings . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2006-12-04 01:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-04-20 430080] "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-04-15 1291264] "MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2011-04-26 375768] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912] "NDSTray.exe"="NDSTray.exe" [BU] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-27 538744] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-11 413696] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-04 49168] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-19 4472832] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-2-28 2756608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2006-12-04 00:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli psqlpwd . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WG111v3 Smart Wizard.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Roop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\users\Roop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-10-14 10:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 01:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] 2009-06-20 16:51 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2009-07-13 04:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-09-04 14:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ . Contents of the 'Scheduled Tasks' folder . 2012-03-06 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-08 17:35] . 2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 10:38] . 2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 10:38] . 2012-03-05 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Roop.job - c:\program files\Norton AntiVirus\Navw32.exe [2007-08-26 19:49] . . ------- Supplementary Scan ------- . uStart Page = hxxp://ninemsn.com.au/ uInternet Settings,ProxyOverride = *.local IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.138 DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab FF - ProfilePath - c:\users\Roop\AppData\Roaming\Mozilla\Firefox\Profiles\b9r4obh8.default\ FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Edit Cookies: {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} - %profile%\extensions\{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99} . - - - - ORPHANS REMOVED - - - - . HKLM-Run-NWEReboot - (no file) MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe MSConfigStartUp-IDMan - c:\program files\Internet Download Manager\IDMan.exe AddRemove-Mansion Poker - c:\poker\MansionPoker\_MansionPoker.exe AddRemove-Titan Poker - c:\poker\Titan Poker\_SetupPoker[1].exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-06 23:32 Windows 6.0.6001 Service Pack 1 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????|[email protected]???h???????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3184531960-3555862301-1856031694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,{*Nc[]*] @Class="Shell" . [HKEY_USERS\S-1-5-21-3184531960-3555862301-1856031694-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*,{*Nc[]*\OpenWithList] @Class="Shell" . [HKEY_USERS\S-1-5-21-3184531960-3555862301-1856031694-1000_Classes\CLSID\{2b72a2aa-d783-4f34-a337-3843e783ad63}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:0000002d "Therad"=dword:00000020 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,a8,d7,e1,c9,cd,8a,a4,d8,f2,eb,74,d8,95,3b,\ . [HKEY_USERS\S-1-5-21-3184531960-3555862301-1856031694-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):3a,8c,41,c2,3f,91,10,1f,72,db,2c,f3,39,45,ed,8a,6a,4e,7b,17,5d, 0d,7b,8f,7c,be,81,47,cd,5d,42,98,2f,f4,d2,45,f3,89,43,29,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(804) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\homefus2.dll c:\program files\Protector Suite QL\infra.dll . Completion time: 2012-03-06 23:37:04 ComboFix-quarantined-files.txt 2012-03-06 12:36 . Pre-Run: 1,233,887,232 bytes free Post-Run: 1,840,734,208 bytes free . - - End Of File - - 36556563203E16B3D679E488728828FC
  14. Hi Cecilia, Many thanks for getting back to me. here is the link to the scan report: https://www.virustotal.com/file/2481b9ec36736465040069eeada1b2099aafe1dabaa7392710f6c5a0d3a0c31f/analysis/1330992534/ I have Norton protection center 2008, the three year subscription expired a couple of months ago. I want to uninstall norton but have heard you need to do it a special way to completely uninstall it and i'm not sure exactly how. I would like to get another antivirus. Are you aware of any good ones that are available for free and offer realtime protection?