Jump to content


Photo
- - - - -

Malware removal assistance needed


  • This topic is locked This topic is locked
20 replies to this topic

#1 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 07 December 2010 - 11:25 PM

Hi

I have a recurrent pop up antivirus... malware. Browser is diasabled wont run programs etc...

Thanks for any help.

MB Anti-Malware software found no virus.

Ran Defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:54 on 07/12/2010 (Eric)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

GMER found nothing no log to post



DDS would not run, need program to run PEV.DAT file

Hijack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:10:41 PM, on 12/7/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Users\Jennifer\Desktop\dds.pif
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E43KP892\HijackThis[1].exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr
C:\windows\SysWOW64\cmd.exe
C:\Users\Jennifer\Desktop\dds.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MyTOSHIBA] "C:\Program Files (x86)\Toshiba\My Toshiba\MyToshiba.exe" /AUTO
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternati...-ie/alttiff.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://dot.pima.gov/...65/mgaxctrl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebo...oUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-31-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://remoteaccess...SetupClient.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxdu_device - Unknown owner - C:\windows\system32\lxducoms.exe (file missing)
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19319 bytes

#2 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 09 December 2010 - 12:25 PM

:)

Please don't attach the scan results, use Copy/Paste


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:
Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.
  • Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
please post the contents of that log TDSSKiller log.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 09 December 2010 - 11:28 PM

:lol:

Please don't attach the scan results, use Copy/Paste


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.


Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Stay with this topic until I give you the all clean post.

You might want to print these instructions out.


Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.


It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:
Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.
  • Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
  • A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
please post the contents of that log TDSSKiller log.




Ran ATF Cleaner
Ran GoodeFix, no log or cure option
Ran TDSSKiller.exe No Log generated

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 10 December 2010 - 07:44 AM

A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 10 December 2010 - 02:10 PM

A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".



Found it

2010/12/09 21:16:17.0033 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/09 21:16:17.0033 ================================================================================
2010/12/09 21:16:17.0034 SystemInfo:
2010/12/09 21:16:17.0034
2010/12/09 21:16:17.0034 OS Version: 6.1.7600 ServicePack: 0.0
2010/12/09 21:16:17.0034 Product type: Workstation
2010/12/09 21:16:17.0034 ComputerName: ERIC-PC
2010/12/09 21:16:17.0034 UserName: Eric
2010/12/09 21:16:17.0034 Windows directory: C:\windows
2010/12/09 21:16:17.0035 System windows directory: C:\windows
2010/12/09 21:16:17.0035 Running under WOW64
2010/12/09 21:16:17.0035 Processor architecture: Intel x64
2010/12/09 21:16:17.0035 Number of processors: 2
2010/12/09 21:16:17.0035 Page size: 0x1000
2010/12/09 21:16:17.0035 Boot type: Normal boot
2010/12/09 21:16:17.0035 ================================================================================
2010/12/09 21:16:17.0035 Utility is running under WOW64
2010/12/09 21:16:17.0489 Initialize success
2010/12/09 21:16:23.0535 ================================================================================
2010/12/09 21:16:23.0535 Scan started
2010/12/09 21:16:23.0535 Mode: Manual;
2010/12/09 21:16:23.0535 ================================================================================
2010/12/09 21:16:25.0652 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
2010/12/09 21:16:25.0779 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
2010/12/09 21:16:25.0911 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
2010/12/09 21:16:26.0071 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
2010/12/09 21:16:26.0233 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
2010/12/09 21:16:26.0378 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
2010/12/09 21:16:26.0570 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys
2010/12/09 21:16:26.0747 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
2010/12/09 21:16:26.0894 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
2010/12/09 21:16:27.0040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
2010/12/09 21:16:27.0165 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
2010/12/09 21:16:27.0285 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
2010/12/09 21:16:27.0414 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
2010/12/09 21:16:27.0579 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys
2010/12/09 21:16:27.0722 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
2010/12/09 21:16:27.0952 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys
2010/12/09 21:16:28.0098 androidusb (d69f1e9a944a5f46a494af901ed41118) C:\windows\system32\Drivers\motoandroid.sys
2010/12/09 21:16:28.0279 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
2010/12/09 21:16:28.0448 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
2010/12/09 21:16:28.0573 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
2010/12/09 21:16:28.0717 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
2010/12/09 21:16:28.0842 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
2010/12/09 21:16:29.0149 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\windows\system32\DRIVERS\atikmdag.sys
2010/12/09 21:16:29.0443 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
2010/12/09 21:16:29.0573 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
2010/12/09 21:16:29.0717 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
2010/12/09 21:16:29.0895 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
2010/12/09 21:16:30.0017 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys
2010/12/09 21:16:30.0146 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
2010/12/09 21:16:30.0258 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
2010/12/09 21:16:30.0405 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
2010/12/09 21:16:30.0534 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
2010/12/09 21:16:30.0657 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
2010/12/09 21:16:30.0773 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
2010/12/09 21:16:30.0923 BTCFilterService (ff7c57973eead140062238c5a0b7d455) C:\windows\system32\DRIVERS\motfilt.sys
2010/12/09 21:16:31.0044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
2010/12/09 21:16:31.0184 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
2010/12/09 21:16:31.0304 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
2010/12/09 21:16:31.0465 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
2010/12/09 21:16:31.0572 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
2010/12/09 21:16:31.0727 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
2010/12/09 21:16:31.0839 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
2010/12/09 21:16:31.0999 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
2010/12/09 21:16:32.0148 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
2010/12/09 21:16:32.0268 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
2010/12/09 21:16:32.0419 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
2010/12/09 21:16:32.0600 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys
2010/12/09 21:16:32.0743 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
2010/12/09 21:16:32.0872 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
2010/12/09 21:16:33.0030 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
2010/12/09 21:16:33.0158 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys
2010/12/09 21:16:33.0374 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
2010/12/09 21:16:33.0652 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
2010/12/09 21:16:33.0778 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
2010/12/09 21:16:33.0937 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
2010/12/09 21:16:34.0080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
2010/12/09 21:16:34.0209 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
2010/12/09 21:16:34.0343 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
2010/12/09 21:16:34.0464 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
2010/12/09 21:16:34.0588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
2010/12/09 21:16:34.0717 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
2010/12/09 21:16:34.0851 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
2010/12/09 21:16:34.0973 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
2010/12/09 21:16:35.0140 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
2010/12/09 21:16:35.0292 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
2010/12/09 21:16:35.0416 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
2010/12/09 21:16:35.0554 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/09 21:16:35.0693 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\windows\system32\drivers\grmnusb.sys
2010/12/09 21:16:35.0845 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
2010/12/09 21:16:36.0011 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
2010/12/09 21:16:36.0148 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
2010/12/09 21:16:36.0266 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
2010/12/09 21:16:36.0381 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
2010/12/09 21:16:36.0499 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
2010/12/09 21:16:36.0642 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
2010/12/09 21:16:36.0803 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
2010/12/09 21:16:36.0959 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
2010/12/09 21:16:37.0088 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
2010/12/09 21:16:37.0222 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
2010/12/09 21:16:37.0385 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
2010/12/09 21:16:37.0571 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys
2010/12/09 21:16:37.0936 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
2010/12/09 21:16:38.0231 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
2010/12/09 21:16:38.0415 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
2010/12/09 21:16:38.0550 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
2010/12/09 21:16:38.0682 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
2010/12/09 21:16:38.0807 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
2010/12/09 21:16:38.0940 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
2010/12/09 21:16:39.0051 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
2010/12/09 21:16:39.0184 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
2010/12/09 21:16:39.0315 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
2010/12/09 21:16:39.0442 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
2010/12/09 21:16:39.0579 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
2010/12/09 21:16:39.0690 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
2010/12/09 21:16:39.0827 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
2010/12/09 21:16:39.0940 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
2010/12/09 21:16:40.0061 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
2010/12/09 21:16:40.0277 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
2010/12/09 21:16:40.0433 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
2010/12/09 21:16:40.0602 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
2010/12/09 21:16:40.0768 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
2010/12/09 21:16:40.0945 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
2010/12/09 21:16:41.0178 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
2010/12/09 21:16:41.0338 lvpopf64 (b2085e335f2b57077b0cbadb6f1245cd) C:\windows\system32\DRIVERS\lvpopf64.sys
2010/12/09 21:16:41.0484 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\windows\system32\DRIVERS\LVPr2M64.sys
2010/12/09 21:16:41.0528 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\windows\system32\DRIVERS\LVPr2M64.sys
2010/12/09 21:16:41.0679 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\windows\system32\DRIVERS\lvrs64.sys
2010/12/09 21:16:42.0113 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\windows\system32\DRIVERS\lvuvc64.sys
2010/12/09 21:16:42.0469 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
2010/12/09 21:16:42.0645 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
2010/12/09 21:16:42.0827 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
2010/12/09 21:16:43.0019 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
2010/12/09 21:16:43.0353 motccgpfl (d51e009baeda07ebc107d49d224c2414) C:\windows\system32\DRIVERS\motccgpfl.sys
2010/12/09 21:16:43.0642 MotoSwitchService (ebd05f60cafc5bba2602b8d7101082d3) C:\windows\system32\DRIVERS\motswch.sys
2010/12/09 21:16:43.0799 Motousbnet (87701078c3f720ac7a028e937994cc49) C:\windows\system32\DRIVERS\Motousbnet.sys
2010/12/09 21:16:43.0971 motusbdevice (307727f9829fb46ff4be0e4d1dac5002) C:\windows\system32\DRIVERS\motusbdevice.sys
2010/12/09 21:16:44.0115 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
2010/12/09 21:16:44.0260 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
2010/12/09 21:16:44.0387 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
2010/12/09 21:16:44.0516 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
2010/12/09 21:16:44.0669 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
2010/12/09 21:16:44.0823 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
2010/12/09 21:16:44.0944 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys
2010/12/09 21:16:45.0203 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys
2010/12/09 21:16:45.0366 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys
2010/12/09 21:16:45.0524 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
2010/12/09 21:16:45.0709 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
2010/12/09 21:16:45.0934 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
2010/12/09 21:16:46.0137 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
2010/12/09 21:16:46.0345 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
2010/12/09 21:16:46.0542 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
2010/12/09 21:16:46.0688 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
2010/12/09 21:16:46.0981 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
2010/12/09 21:16:47.0141 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
2010/12/09 21:16:47.0264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
2010/12/09 21:16:47.0404 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
2010/12/09 21:16:47.0530 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
2010/12/09 21:16:47.0728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
2010/12/09 21:16:47.0929 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
2010/12/09 21:16:48.0082 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
2010/12/09 21:16:48.0211 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
2010/12/09 21:16:48.0363 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
2010/12/09 21:16:48.0518 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
2010/12/09 21:16:48.0633 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
2010/12/09 21:16:48.0751 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
2010/12/09 21:16:48.0785 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
2010/12/09 21:16:48.0903 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
2010/12/09 21:16:49.0060 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
2010/12/09 21:16:49.0209 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
2010/12/09 21:16:49.0329 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
2010/12/09 21:16:49.0489 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys
2010/12/09 21:16:49.0692 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
2010/12/09 21:16:49.0837 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys
2010/12/09 21:16:49.0987 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys
2010/12/09 21:16:50.0112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
2010/12/09 21:16:50.0277 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
2010/12/09 21:16:50.0421 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
2010/12/09 21:16:50.0545 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
2010/12/09 21:16:50.0700 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
2010/12/09 21:16:50.0860 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
2010/12/09 21:16:51.0003 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
2010/12/09 21:16:51.0136 PCTCore (60f19af0a9a26851ad9bc2d981afbac6) C:\windows\system32\drivers\PCTCore64.sys
2010/12/09 21:16:51.0252 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
2010/12/09 21:16:51.0373 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
2010/12/09 21:16:51.0529 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
2010/12/09 21:16:51.0701 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
2010/12/09 21:16:51.0826 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
2010/12/09 21:16:51.0997 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
2010/12/09 21:16:52.0333 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\windows\system32\Drivers\PxHlpa64.sys
2010/12/09 21:16:52.0536 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
2010/12/09 21:16:52.0945 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
2010/12/09 21:16:53.0079 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
2010/12/09 21:16:53.0162 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
2010/12/09 21:16:53.0356 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
2010/12/09 21:16:53.0509 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
2010/12/09 21:16:53.0640 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
2010/12/09 21:16:53.0776 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
2010/12/09 21:16:53.0910 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
2010/12/09 21:16:54.0069 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
2010/12/09 21:16:54.0244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
2010/12/09 21:16:54.0373 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
2010/12/09 21:16:54.0496 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
2010/12/09 21:16:54.0534 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
2010/12/09 21:16:54.0689 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
2010/12/09 21:16:54.0891 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
2010/12/09 21:16:55.0025 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\windows\system32\Drivers\RtsUStor.sys
2010/12/09 21:16:55.0152 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\windows\system32\DRIVERS\Rt64win7.sys
2010/12/09 21:16:55.0291 RTL8187Se (3ec7911ed886dc5d8a9f70129254679c) C:\windows\system32\DRIVERS\RTL8187Se.sys
2010/12/09 21:16:55.0431 rtl8192se (a9ede191b5478d18f0a1bff3b822f7a5) C:\windows\system32\DRIVERS\rtl8192se.sys
2010/12/09 21:16:55.0568 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
2010/12/09 21:16:55.0698 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
2010/12/09 21:16:55.0843 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
2010/12/09 21:16:56.0023 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
2010/12/09 21:16:56.0189 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
2010/12/09 21:16:56.0319 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
2010/12/09 21:16:56.0473 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
2010/12/09 21:16:56.0597 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
2010/12/09 21:16:56.0749 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
2010/12/09 21:16:56.0879 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
2010/12/09 21:16:57.0045 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
2010/12/09 21:16:57.0181 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
2010/12/09 21:16:57.0288 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
2010/12/09 21:16:57.0471 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
2010/12/09 21:16:57.0613 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\windows\system32\DRIVERS\srv.sys
2010/12/09 21:16:57.0739 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\windows\system32\DRIVERS\srv2.sys
2010/12/09 21:16:57.0924 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\windows\system32\DRIVERS\srvnet.sys
2010/12/09 21:16:58.0074 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
2010/12/09 21:16:58.0248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
2010/12/09 21:16:58.0421 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
2010/12/09 21:16:58.0652 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys
2010/12/09 21:16:58.0898 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys
2010/12/09 21:16:59.0051 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
2010/12/09 21:16:59.0185 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
2010/12/09 21:16:59.0292 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
2010/12/09 21:16:59.0405 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
2010/12/09 21:16:59.0522 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
2010/12/09 21:16:59.0652 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
2010/12/09 21:16:59.0819 tmactmon (73aaffdd2ac3c8814b26c440e5dd9dd4) C:\windows\system32\DRIVERS\tmactmon.sys
2010/12/09 21:16:59.0983 tmcomm (360e61217d4e1e333583d0c721057f70) C:\windows\system32\DRIVERS\tmcomm.sys
2010/12/09 21:17:00.0130 tmevtmgr (699d34eb7c670139ca23a65372bd5743) C:\windows\system32\DRIVERS\tmevtmgr.sys
2010/12/09 21:17:00.0254 tmtdi (262198efb734012bfcd17e7479ae4a09) C:\windows\system32\DRIVERS\tmtdi.sys
2010/12/09 21:17:00.0487 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
2010/12/09 21:17:00.0653 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
2010/12/09 21:17:00.0869 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
2010/12/09 21:17:00.0966 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
2010/12/09 21:17:01.0104 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
2010/12/09 21:17:01.0233 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
2010/12/09 21:17:01.0272 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
2010/12/09 21:17:01.0457 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
2010/12/09 21:17:01.0577 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
2010/12/09 21:17:01.0616 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
2010/12/09 21:17:01.0683 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
2010/12/09 21:17:01.0810 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys
2010/12/09 21:17:01.0983 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
2010/12/09 21:17:02.0060 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys
2010/12/09 21:17:02.0185 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys
2010/12/09 21:17:02.0305 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys
2010/12/09 21:17:02.0446 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
2010/12/09 21:17:02.0601 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
2010/12/09 21:17:02.0719 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS
2010/12/09 21:17:02.0760 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys
2010/12/09 21:17:02.0908 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
2010/12/09 21:17:03.0051 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
2010/12/09 21:17:03.0185 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
2010/12/09 21:17:03.0289 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
2010/12/09 21:17:03.0401 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
2010/12/09 21:17:03.0512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
2010/12/09 21:17:03.0623 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
2010/12/09 21:17:03.0728 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
2010/12/09 21:17:03.0836 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
2010/12/09 21:17:03.0956 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
2010/12/09 21:17:04.0068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
2010/12/09 21:17:04.0186 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
2010/12/09 21:17:04.0239 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
2010/12/09 21:17:04.0357 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2010/12/09 21:17:04.0399 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
2010/12/09 21:17:04.0547 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
2010/12/09 21:17:04.0674 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
2010/12/09 21:17:04.0832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
2010/12/09 21:17:04.0928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
2010/12/09 21:17:05.0148 winusb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUSB.SYS
2010/12/09 21:17:05.0268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
2010/12/09 21:17:05.0425 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
2010/12/09 21:17:05.0600 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
2010/12/09 21:17:05.0723 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
2010/12/09 21:17:05.0802 ================================================================================
2010/12/09 21:17:05.0802 Scan finished
2010/12/09 21:17:05.0802 ================================================================================
2010/12/09 21:17:17.0088 Deinitialize success

#6 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 10 December 2010 - 02:54 PM

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 11 December 2010 - 12:17 AM

Vista and Windows 7 users:
1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.


Computer seems to be running normal. I do have a warning that I need to change my security settings.

ComboFix 10-12-09.04 - Eric 12/10/2010 16:59:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2112 [GMT -7:00]
Running from: c:\users\Jennifer\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Eric\.COMMgr
c:\users\Eric\AppData\Local\{707DEC27-9DED-40AC-9B38-271B9A741BBD}
c:\users\Eric\AppData\Local\{707DEC27-9DED-40AC-9B38-271B9A741BBD}\chrome.manifest
c:\users\Eric\AppData\Local\{707DEC27-9DED-40AC-9B38-271B9A741BBD}\chrome\content\_cfg.js
c:\users\Eric\AppData\Local\{707DEC27-9DED-40AC-9B38-271B9A741BBD}\chrome\content\overlay.xul
c:\users\Eric\AppData\Local\{707DEC27-9DED-40AC-9B38-271B9A741BBD}\install.rdf
c:\users\Jennifer\Desktop\Internet Explorer.lnk
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete

.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 04:22 . 2010-12-11 04:22 -------- d-----w- c:\users\Jennifer\AppData\Local\Apple Computer
2010-12-11 04:18 . 2010-12-11 04:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-10 19:54 . 2010-12-10 19:54 -------- d-----w- c:\users\Jennifer\AppData\Local\Threat Expert
2010-12-10 17:37 . 2010-12-10 20:00 -------- d-----w- c:\users\Jennifer\AppData\Local\Adobe
2010-12-10 04:23 . 2010-12-10 05:55 139776 ----a-w- c:\users\Eric\AppData\Roaming\dwm.exe
2010-12-10 04:04 . 2010-12-10 04:04 -------- d-----w- c:\programdata\WinZipSE
2010-12-10 04:04 . 2010-12-10 04:04 -------- d-----w- c:\program files (x86)\WinZip Self-Extractor
2010-12-08 04:50 . 2010-12-08 04:47 105552 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-12-08 04:50 . 2010-12-08 04:47 90704 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-12-08 04:50 . 2010-12-08 04:47 67664 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-12-08 04:50 . 2010-12-08 04:47 144464 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-12-08 04:42 . 2010-12-08 04:41 232272 ----a-w- c:\windows\TmNSCIns.dll
2010-12-08 04:42 . 2010-12-08 04:41 525792 ----a-w- c:\windows\DIFxAPI.dll
2010-12-08 04:38 . 2010-12-08 04:38 -------- d-----w- c:\users\Jennifer\AppData\Roaming\PCMM2009
2010-12-08 04:32 . 2010-12-08 04:48 -------- d-----w- C:\temp
2010-12-08 04:09 . 2010-12-08 04:09 388096 ----a-r- c:\users\Jennifer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-08 04:09 . 2010-12-08 04:09 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-08 03:05 . 2010-12-08 03:05 -------- d-----w- c:\programdata\ParetoLogic
2010-12-08 03:05 . 2010-12-08 03:05 -------- d-----w- c:\programdata\FileCure
2010-12-08 03:05 . 2010-12-08 03:05 -------- d-----w- c:\program files (x86)\Common Files\ParetoLogic
2010-12-08 03:05 . 2010-12-08 03:05 -------- d-----w- c:\program files (x86)\ParetoLogic
2010-12-08 03:01 . 2010-12-08 03:01 -------- d-----w- c:\users\Eric\AppData\Roaming\licenses
2010-12-08 03:01 . 2010-12-08 03:03 -------- d-----w- c:\users\Eric\AppData\Roaming\PCMM2009
2010-12-08 03:01 . 2010-12-08 03:01 -------- d-----w- c:\users\Eric\AppData\Roaming\PCMM2010
2010-12-08 03:00 . 2010-12-08 03:01 -------- d-----w- c:\program files (x86)\PC MightyMax 2010
2010-12-08 02:59 . 2010-12-08 02:59 -------- d-----w- c:\program files (x86)\RegWork
2010-12-07 02:57 . 2010-12-08 04:49 -------- d-----w- c:\program files\Trend Micro
2010-12-02 17:22 . 2010-12-02 17:22 -------- d-----w- c:\programdata\V CAST Media Manager
2010-12-02 17:18 . 2010-12-02 17:29 -------- d-----w- c:\users\Eric\AppData\Roaming\vlc
2010-12-02 17:18 . 2010-12-02 17:18 -------- d-----w- c:\programdata\Verizon
2010-12-02 17:17 . 2010-12-02 17:48 -------- d-----w- c:\users\Eric\AppData\Local\V CAST Media Manager
2010-12-02 17:16 . 2010-12-02 17:16 -------- d-----w- c:\program files\Motorola Inc
2010-12-02 17:15 . 2008-12-18 02:22 57344 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2010-12-02 17:15 . 2008-12-11 20:26 60273 ----a-w- c:\windows\SysWow64\pthreadGC2.dll
2010-12-02 17:15 . 2010-12-02 17:15 -------- d-----w- c:\program files (x86)\ffdshow
2010-12-02 17:14 . 2010-12-02 17:18 -------- d-----w- c:\program files\Verizon V CAST Media Manager
2010-11-23 22:43 . 2010-10-19 08:47 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-23 22:43 . 2010-10-19 08:10 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-30 00:42 . 2010-07-23 20:03 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\Toshiba\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-04 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-05-14 26192168]
"HLBackupScheduler"="c:\program files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe" [2010-11-18 5251720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-02-16 141608]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-18 177472]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"ISTray"="c:\program files (x86)\Spyware Doctor\pctsTray.exe" [2010-07-23 1287120]
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-08-08 202256]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

c:\users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]
PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-12-6 333088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 135664]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 31744]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-30 6144]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2009-01-30 9216]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 26624]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2010-01-26 10240]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-07-23 233488]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-10-24 53488]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 MotoConnect Service;MotoConnect Service;c:\program files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-12-08 67664]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-08-27 942080]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]


--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver64

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\Toshiba\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-11 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-07-01 22:10]

2010-12-08 c:\windows\Tasks\FileCure Default.job
- c:\program files (x86)\ParetoLogic\FileCure\FileCure.exe [2010-10-12 17:21]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 02:14]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-07 02:14]

2010-12-11 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

2010-12-10 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]
"PC MightyMax 2010 Tray Icon"="c:\program files (x86)\PC MightyMax 2010\TrayIcon.exe" [2010-01-24 122368]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-12-08 192008]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2010-12-08 1062224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"000_TmTdiUninstall"="c:\windows\TmNSCIns.dll" [2010-12-08 232272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?hl=en
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:43902
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://remoteaccess.caremark.com/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Spyware Doctor\pctsSvc.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\Motorola\MotoConnectService\MotoConnect.exe
.
**************************************************************************
.
Completion time: 2010-12-10 21:31:00 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-11 04:30

Pre-Run: 244,517,253,120 bytes free
Post-Run: 244,716,597,248 bytes free

- - End Of File - - 6E96C6823B77A9DAFCF8065ADD80B926

#8 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 12 December 2010 - 07:11 AM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:43902

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#9 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 12 December 2010 - 10:16 PM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:43902

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.


Followed instructions above. No log created. Computer seem normal however I cannot run my normal antivirus software for protection.

#10 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 13 December 2010 - 06:31 AM

Run a new combofix scan
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#11 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 13 December 2010 - 05:37 PM

Run a new combofix scan


When I try to run Combofix again I get a warning that I have a corrupt version. I tried to re-load the software from both sources and got the same warning when I try to launch it.

#12 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 13 December 2010 - 07:05 PM

Uninstall it and try downloading it again

For XP:
  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7
  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#13 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 14 December 2010 - 11:48 AM

finally got the Combofix to run. Nothing to report. Got the blue screen then nothing happened and it closed itself. No log. Everything seems to be working normal except for a pop up antivirus that slides up from the task bar. I can exit it and it goes away for a few hours. Doesnt seem to affect computer. It may be from one of the many antivirus apps I have downloaded.

I am still unable to turn on my Trend antivirus software for future protection.


Eric

#14 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 14 December 2010 - 12:05 PM

We need to get rid of that ProxyServer
uInternet Settings,ProxyServer = http=127.0.0.1:43902


Internet Explorer (Windows)
1. Click "Tools", then click "Internet Options". This will bring up the Internet Options window.

2. Click the "Connections" tab, then click the "LAN Settings" button.

3. Uncheck the box labeled "Use a proxy server for your LAN". Click "OK", and click "OK" in the previous window. This will remove the proxy server settings in Internet Explorer.



Firefox (Windows)
1. Click "Tools", then click "Options" to bring up the Options window.

2. Click the "Advanced" button, then click the "Network" tab.

3. Click the "Settings" button, located next to "Configure how Firefox connects to the Internet".

4. Click the radio button labeled "No proxy". Click "OK" twice. This will remove the proxy server settings in Firefox.



Disable Internet Explorer Proxy Settings and Reset TCP/IP and Winsock

Disable Internet Explorer Proxy Settings and Reset TCP/IP

It is very important that these steps be carried out exactly as shown otherwise the fix will not work.
If you have any questions please ask before moving on.
  • Please start Notepad and using your mouse make sure you select and copy all the information below in the Code box into your new document.
  • Then save the file as "fixme.bat" to your Desktop
  • In the drop down box for Save as type: make sure you select All Files (*.*) and keep the quotes on the name as well. Then close the new file.
    @ECHO OFF
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyOverride /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable  /t REG_DWORD /d 0 /f
    reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v GlobalUserOffline /t REG_DWORD /d 0 /f
    netsh int ip reset resetlog.txt
    netsh winsock reset catalog
  • On Windows XP you can double-click the file to run it.
  • On Vista/Win7 you need to Right click the file and choose Run as administrator to run it. With User Account Control on it should ask permission to run it. Click Yes
  • This will flash a black DOS box very quickly and go away, this is normal.
  • Restart your computer now.
  • Launch Internet Explorer and see if you can connect to the Internet.
  • Launch MBAM and check for Updates

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#15 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 14 December 2010 - 11:28 PM

Performed all steps. Proxy server was not active.

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5315

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/14/2010 9:19:13 PM
mbam-log-2010-12-14 (21-19-13).txt

Scan type: Full scan (C:\|)
Objects scanned: 299095
Time elapsed: 51 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3f6555c4-0a24-11dc-8314-0800200c9a66} (Rogue.PcMightyMax) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Eric\AppData\Roaming\dwm.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.

Still not able to run Trend Antivirus protection

Thanks for all the help

Eric

#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 15 December 2010 - 07:36 AM

http://www.eset.eu/online-scanner
Go here to run an online scannner from ESET.
Click the green ESET Online Scanner button.
Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
Click on the Start button next to it.
You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
A new window will appear asking "Do you want to install this software?"".
Answer Yes to download and install the ActiveX controls that allows the scan to run.
Click Start.
Check Remove found threats and Scan potentially unwanted applications.
Click Scan to begin.
If offered the option to get information or buy software. Just close the window.
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 17 December 2010 - 10:33 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

#18 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 17 December 2010 - 10:39 AM

Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#19 Droolsport

Droolsport

    New Member

  • Members
  • Pip
  • 10 posts

Posted 17 December 2010 - 07:01 PM

ran it again same results

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

#20 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 17 December 2010 - 07:20 PM

I suggest you contact Trend for help with your anti-virus
http://esupport.tren...om/default.aspx
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users