Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zeroaccess.B virus on my computer.


  • This topic is locked This topic is locked
33 replies to this topic

#1 ljra101808

ljra101808

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 08 January 2012 - 12:36 AM

I also attached the aswMBR log to this post.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514

BrowserJavaVersion: 1.6.0_30
Run by Loren Janina at 22:25:49 on 2012-01-07
Microsoft Windows 7 Home Premium

6.1.7601.1.1252.2.1033.18.3964.2448 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-

9100-186D-2187-8DC619EFD8BF}
SP: Norton 360 *Enabled/Updated* {D8BEB080-

B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935

-0AD8-24F3E73C9FC4}
.
============== Running Processes

===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k

LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k

LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k

NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile

Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k

LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k

LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton 360\Engine

\4.4.0.12\ccSvcHst.exe
C:\Program Files (x86)\Seagate\Seagate

Dashboard\SeagateDashboardService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver

\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared

\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine

\4.4.0.12\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver

\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView

\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards

\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ReelTime

\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\BulletinBoard

\TosNcCore.exe
C:\Program Files (x86)\Google

\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ViiKiiDesktopPlugin

\ViiKiiDesktopPlugin.exe
C:\Program Files (x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe
C:\Program Files\Synaptics\SynTP

\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Research In

Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java

Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe
C:\Program Files (x86)\Seagate\Seagate

Dashboard\MemeoDashboard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree

\NDSTray.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree

\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree

\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD

Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD

Alert\TosSENotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamservice.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player

\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree

\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-

container.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report

===============
.
uStart Page = about:blank
uWindow Title = Presented by TOSHIBA Leading

Innovation >>>
uDefault_Page_URL =

hxxp://www.toshiba.ca/welcome
mDefault_Page_URL =

hxxp://www.toshiba.ca/welcome
mStart Page = hxxp://www.toshiba.ca/welcome
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-

4283-a596-fa578c2ebdc3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-

8aa1-95dac4dfa408} - C:\Program Files

(x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-

6aae-4787-aeee-f4628f01010c} - C:\Program Files

(x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-

30c5-4d22-b7f9-0bbc1d38a37e} - C:

\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-

d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files

(x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-

4c02-4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper:

{9fdde16b-836f-4806-ab1f-1455cbeff289} - C:

\Program Files (x86)\Windows Live\Companion

\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-

4d91-8333-cf10577473f7} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-

4ed4-8f7b-f1f7851a4497} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58

-4638-b6fa-ce66b5ad205d} - C:\Program Files

(x86)\Google\GoogleToolbarNotifier

\5.7.7018.1622\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-

0e21-4959-ba22-42b3008e02ff} - C:

\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-

a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694

-effa-4d78-b409-54b7b2535b14} - C:\Program Files

(x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-

ffb09d4b49ca} - C:\Program Files (x86)\Norton

360\Engine\4.4.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-

009027a5cd4f} - C:\Program Files (x86)\Google

\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google

\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "C:

\Program Files (x86)\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files

(x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files

(x86)\Common Files\Research In Motion\USB

Drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files

(x86)\Common Files\Apple\Apple Application

Support\APSDaemon.exe"
mRun: [Seagate Dashboard] C:\Program Files

(x86)\Seagate\Seagate Dashboard

\MemeoLauncher.exe --silent --no_ui
mRun: [BCSSync] "C:\Program Files

(x86)\Microsoft Office\Office14\BCSSync.exe"

/DelayServices
mRun: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files

(x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program

Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe" /starttray
StartupFolder: C:\Users\LORENJ~1\AppData

\Roaming\MICROS~1\Windows

\STARTM~1\Programs\Startup\VIIKII~1.LNK - C:

\Program Files (x86)\ViiKiiDesktopPlugin

\ViiKiiDesktopPlugin.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin

= 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser =

3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0

(0x0)
IE: E&xport to Microsoft Excel - C:

\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:

\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} -

{B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} -

C:\Program Files (x86)\Windows Live\Companion

\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}

- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -

C:\Program Files (x86)\Windows Live\Writer

\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} -

{48E73304-E1D6-4330-914C-F5F514E3486C} - C:

\Program Files (x86)\Microsoft Office

\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}

- {FFFDC614-B694-4AE6-AB38-5D6374584B52} -

C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-

00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30

-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-

ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30

-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-

ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30

-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-

444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwav

e/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F2DBCE5F-27E0-4B2E-9BD6-

69FE163CCA4C} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F2DBCE5F-27E0-4B2E-9BD6-

69FE163CCA4C}\34C6F65746 : DhcpNameServer

= 205.233.109.39 205.233.109.40
TCP: Interfaces\{F2DBCE5F-27E0-4B2E-9BD6-

69FE163CCA4C}\4756C65737835454 :

DhcpNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-

00B0D022E945} - C:\Program Files (x86)\Common

Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-

4E58-B298-07617B9B86A8} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-

83F89B8E6324} - C:\Program Files (x86)\Windows

Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190

-dda6-4420-b3ba-52453494e6cd} - C:

\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-

E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-

4AFF-4217-8AA1-95DAC4DFA408} - C:\Program

Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention:

{6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\Program Files (x86)\Norton 360\Engine

\4.4.0.12\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No

File
BHO-X64: Groove GFS Browser Helper: {72853161

-30C5-4D22-B7F9-0BBC1D38A37E} - C:

\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Java™ Plug-In SSV Helper:

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper:

{9030D464-4C02-4ABF-8ECC-5164760863C6} -

C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion

Helper: {9FDDE16B-836F-4806-AB1F-

1455CBEFF289} - C:\Program Files (x86)\Windows

Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-

01DD-4d91-8333-CF10577473F7} - C:\Program

Files (x86)\Google\Google Toolbar

\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-

2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO:

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -

C:\Program Files (x86)\Google

\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: Office Document Cache Handler:

{B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:

\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper:

{DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in:

{F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:

\Program Files (x86)\TOSHIBA\TOSHIBA Media

Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-

98D2-FFB09D4B49CA} - C:\Program Files

(x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-

9B18-009027A5CD4F} - C:\Program Files

(x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Adobe Reader Speed Launcher] "C:

\Program Files (x86)\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files

(x86)\Common Files\Adobe\ARM

\1.0\AdobeARM.exe"
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program

Files (x86)\Common Files\Research In Motion\USB

Drivers\RIMBBLaunchAgent.exe
mRun-x64: [QuickTime Task] "C:\Program Files

(x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files

(x86)\Common Files\Apple\Apple Application

Support\APSDaemon.exe"
mRun-x64: [Seagate Dashboard] C:\Program Files

(x86)\Seagate\Seagate Dashboard

\MemeoLauncher.exe --silent --no_ui
mRun-x64: [BCSSync] "C:\Program Files

(x86)\Microsoft Office\Office14\BCSSync.exe"

/DelayServices
mRun-x64: [iTunesHelper] "C:\Program Files

(x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program

Files (x86)\Common Files\Java\Java Update

\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:

\Program Files (x86)\Malwarebytes' Anti-Malware

\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook:

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -

C:

\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX

===================
.
FF - ProfilePath - C:\Users\Loren Janina\AppData

\Roaming\Mozilla\Firefox\Profiles\lai8qbt5.default\
FF - prefs.js: browser.startup.homepage -

hxxp://www.odb.org/
FF - component: C:\ProgramData\Norton

\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\N360_4.0.0.127\coFFPlgn

\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton

\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\N360_4.0.0.127\IPSFFPlgn

\components\IPSFFPl.dll
FF - plugin: C:

\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:

\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader

9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files

\Research In Motion\BBWebSLLauncher

\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS

Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update

\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin

\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft

Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox

\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live

\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed

\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS

===============
.
R0 SymDS;Symantec Data Store;C:\windows

\system32\drivers\N360x64\0404000.00C

\SYMDS64.SYS --> C:\windows\system32\drivers

\N360x64\0404000.00C\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:

\windows\system32\drivers\N360x64\0404000.00C

\SYMEFA64.SYS --> C:\windows\system32\drivers

\N360x64\0404000.00C\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton

\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\N360_4.0.0.127\Definitions

\BASHDefs\20111221.003\BHDrvx64.sys [2011-12-

21 1156216]
R1 ccHP;Symantec Hash Provider;C:\windows

\system32\drivers\N360x64\0404000.00C

\ccHPx64.sys --> C:\windows\system32\drivers

\N360x64\0404000.00C\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton

\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\N360_4.0.0.127\Definitions

\IPSDefs\20120106.002\IDSviA64.sys [2012-1-6

488568]
R1 SymIRON;Symantec Iron Driver;C:\windows

\system32\drivers\N360x64\0404000.00C

\Ironx64.SYS --> C:\windows\system32\drivers

\N360x64\0404000.00C\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch

Driver;C:\windows\system32\Drivers

\N360x64\0404000.00C\SYMTDIV.SYS --> C:

\windows\system32\Drivers\N360x64\0404000.00C

\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows

\system32\DRIVERS\vwififlt.sys --> C:\windows

\system32\DRIVERS\vwififlt.sys [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:

\Program Files (x86)\Toshiba\ConfigFree

\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:

\Program Files (x86)\Toshiba\ConfigFree

\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;C:\Program Files

(x86)\Malwarebytes' Anti-Malware\mbamservice.exe

[2012-1-5 652872]
R2 N360;Norton 360;C:\Program Files (x86)\Norton

360\Engine\4.4.0.12\ccsvchst.exe [2011-10-12

126400]
R2 SeagateDashboardService;Seagate Dashboard

Service;C:\Program Files (x86)\Seagate\Seagate

Dashboard\SeagateDashboardService.exe [2010-7

-6 14088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:

\Program Files (x86)\Common Files\Symantec

Shared\EENGINE\EraserUtilRebootDrv.sys [2011-

11-9 138360]
R3 FwLnk;FwLnk Driver;C:\windows

\system32\DRIVERS\FwLnk.sys --> C:\windows

\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros

AR813x/AR815x PCI-E Ethernet Controller;C:

\windows\system32\DRIVERS\L1C62x64.sys -->

C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows

\system32\drivers\mbam.sys --> C:\windows

\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows

\system32\DRIVERS\pgeffect.sys --> C:\windows

\system32\DRIVERS\pgeffect.sys [?]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA

HDD SSD Alert Service;C:\Program Files\TOSHIBA

\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-

2-5 137560]
R3 vwifimp;Microsoft Virtual WiFi Miniport

Service;C:\windows\system32\DRIVERS

\vwifimp.sys --> C:\windows\system32\DRIVERS

\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET

Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET

Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-

18 138576]
S2 gupdate;Google Update Service (gupdate);C:

\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2010-12-25 135664]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS

\fssfltr.sys --> C:\windows\system32\DRIVERS

\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:

\Program Files (x86)\Windows Live\Family Safety

\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service

(gupdatem);C:\Program Files (x86)\Google\Update

\GoogleUpdate.exe [2010-12-25 135664]
S3 Microsoft SharePoint Workspace Audit

Service;Microsoft SharePoint Workspace Audit

Service;C:\Program Files (x86)\Microsoft Office

\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:

\Program Files\Common Files\Microsoft Shared

\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

[2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card

Reader;C:\windows\system32\Drivers\RtsUStor.sys

--> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files

(x86)\Toshiba\TOSHIBA Service Station

\TMachInfo.exe [2010-10-10 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows

\system32\drivers\tsusbflt.sys --> C:\windows

\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:

\windows\system32\Drivers\usbaapl64.sys --> C:

\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies

Service;C:\windows\system32\Wat

\WatAdminSvc.exe --> C:\windows\system32\Wat

\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote

connections service;C:\Program Files\Windows

Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30

================
.
2012-01-05 21:44:18 -------- d-----w-

C:\Users\Loren Janina\AppData\Roaming

\Malwarebytes
2012-01-05 21:44:06 -------- d-----w-

C:\ProgramData\Malwarebytes
2012-01-05 21:44:03 23152 ----a-w-

C:\windows\System32\drivers\mbam.sys
2012-01-05 21:44:03 -------- d-----w-

C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-03 10:18:07 -------- d-----w-

C:\NBRT
2012-01-03 03:57:54 34152 ----a-w-

C:\windows\System32\drivers\GEARAspiWDM.sys
2012-01-03 03:57:04 -------- d-----w-

C:\windows\System32\drivers

\NBRTWizardx64\0401000.00F
2012-01-03 03:57:04 -------- d-----w-

C:\windows\System32\drivers\NBRTWizardx64
2012-01-03 03:57:00 -------- d-----w-

C:\Program Files (x86)\Norton Bootable Recovery

Tool Wizard
2012-01-03 03:35:56 -------- d-----w-

C:\Users\Loren Janina\AppData\Local\NPE
2012-01-02 00:02:20 -------- d-----w-

C:\Users\Loren Janina\AppData\Local\{F61DAE57-

A830-48C5-8BCD-445CADE78B99}
2012-01-02 00:02:08 -------- d-----w-

C:\Users\Loren Janina\AppData\Local\{ABF35C61

-BA1D-4933-B22D-4FEFE368A616}
2012-01-01 21:25:37 -------- d-----w-

C:\Users\Loren Janina\AppData\Local\{A36105E8-

4175-4F28-857B-C2C1E74B3D3C}
2012-01-01 21:25:24 -------- d-----w-

C:\Users\Loren Janina\AppData\Local\{1C1A4F77-

0C81-43B4-B06B-6F12D498AC0C}
2011-12-21 22:31:42 -------- d-----w-

C:\Program Files\iTunes
2011-12-21 22:31:42 -------- d-----w-

C:\Program Files\iPod
2011-12-21 22:31:42 -------- d-----w-

C:\Program Files (x86)\iTunes
2011-12-15 19:59:17 3145216 ----a-w-

C:\windows\System32\win32k.sys
2011-12-15 19:59:16 723456 ----a-w-

C:\windows\System32\EncDec.dll
2011-12-15 19:59:16 534528 ----a-w-

C:\windows\SysWow64\EncDec.dll
2011-12-15 19:59:09 2048 ----a-w-

C:\windows\SysWow64\tzres.dll
2011-12-15 19:59:09 2048 ----a-w-

C:\windows\System32\tzres.dll
.
==================== Find3M

====================
.
2012-01-03 11:45:34 54272 ----a-w-

C:\windows\System32\consrv.dll
2012-01-02 23:10:21 414368 ----a-w-

C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-10 12:54:13 472808 ----a-w-

C:\windows\SysWow64\deployJava1.dll
2011-11-05 05:41:43 1188864 ----a-w-

C:\windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w-

C:\windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w-

C:\windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w-

C:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w-

C:\windows\System32\csrsrv.dll
.
============= FINISH: 22:29:14.43

===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 AM

Posted 09 January 2012 - 11:55 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 10 January 2012 - 12:17 AM

Hi, before I ran Combofix I disabled my Norton Antivirus 360, however Combofix still says that it is still active. Also, I have Malwarebytes Anti-Malware and I don't know if I'm also to disable it?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 AM

Posted 10 January 2012 - 12:37 AM

go ahead and run it



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 10 January 2012 - 01:28 AM

ComboFix 12-01-09.07 - Loren Janina 09/01/2012 22:42:01.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3964.2564 [GMT -7:00]
Running from: c:\users\Loren Janina\Desktop\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Loren Janina\AppData\Roaming\Local
c:\users\Loren Janina\videos\ahjsplit.exe
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 05:56 . 2012-01-10 05:56 -------- d-----w- c:\users\Lois Jeremi\AppData\Local\temp
2012-01-10 05:56 . 2012-01-10 05:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-05 21:44 . 2012-01-05 21:44 -------- d-----w- c:\users\Loren Janina\AppData\Roaming\Malwarebytes
2012-01-05 21:44 . 2012-01-05 21:44 -------- d-----w- c:\programdata\Malwarebytes
2012-01-05 21:44 . 2012-01-05 21:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-05 21:44 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 10:18 . 2012-01-03 10:18 -------- d-----w- C:\NBRT
2012-01-03 03:57 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-01-03 03:57 . 2012-01-03 03:57 -------- d-----w- c:\windows\system32\drivers\NBRTWizardx64
2012-01-03 03:57 . 2012-01-03 03:57 -------- d-----w- c:\program files (x86)\Norton Bootable Recovery Tool Wizard
2012-01-03 03:35 . 2012-01-03 03:50 -------- d-----w- c:\users\Loren Janina\AppData\Local\NPE
2012-01-02 23:40 . 2012-01-02 23:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-21 22:31 . 2011-12-21 22:32 -------- d-----w- c:\program files\iTunes
2011-12-21 22:31 . 2011-12-21 22:32 -------- d-----w- c:\program files (x86)\iTunes
2011-12-21 22:31 . 2011-12-21 22:31 -------- d-----w- c:\program files\iPod
2011-12-15 19:59 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 19:59 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 19:59 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 19:59 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 19:59 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-03 11:45 . 2009-07-13 23:31 54272 ----a-w- c:\windows\system32\consrv.dll
2012-01-02 23:10 . 2011-11-26 05:41 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-19 19:37 . 2011-04-09 00:35 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-11-19 19:37 . 2011-04-09 00:35 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-11-19 19:37 . 2011-04-02 23:06 573760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-11-10 12:54 . 2011-01-03 04:19 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-07-06 79112]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
c:\users\Loren Janina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2011-10-19 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111223.001\BHDrvx64.sys [2011-12-01 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120107.001\IDSvia64.sys [2011-08-23 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-07-06 14088]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-09 138360]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 09:20]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-25 09:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.toshiba.ca/welcome
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Loren Janina\AppData\Roaming\Mozilla\Firefox\Profiles\lai8qbt5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.odb.org/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3017790401-2291089053-199566039-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3017790401-2291089053-199566039-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-01-09 23:19:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 06:19
.
Pre-Run: 136,454,180,864 bytes free
Post-Run: 139,047,993,344 bytes free
.
- - End Of File - - 51D9ECB9F058C7627AE3231762F25704

I don't know if my computer's all good. Is there any way to check?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 AM

Posted 10 January 2012 - 09:26 AM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 10 January 2012 - 08:44 PM

Hi, I dragged the text to the Combofix and when it opened it said that there was an update so I updated it. However, after it restarted, it was showing the extraction of files and the warning that my Norton was still active, which I pressed ok to, and nothing has happened. I waited a couple of minutes and I didn't see the blue screen of the Combofix so I dragged the text into it again, and nothing has happened still.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 AM

Posted 10 January 2012 - 09:00 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 10 January 2012 - 09:39 PM

19:37:18.0230 4340 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
19:37:18.0899 4340 ============================================================
19:37:18.0899 4340 Current date / time: 2012/01/10 19:37:18.0899
19:37:18.0899 4340 SystemInfo:
19:37:18.0899 4340
19:37:18.0900 4340 OS Version: 6.1.7601 ServicePack: 1.0
19:37:18.0900 4340 Product type: Workstation
19:37:18.0900 4340 ComputerName: LORENJANINA-PC
19:37:18.0900 4340 UserName: Loren Janina
19:37:18.0900 4340 Windows directory: C:\windows
19:37:18.0900 4340 System windows directory: C:\windows
19:37:18.0900 4340 Running under WOW64
19:37:18.0900 4340 Processor architecture: Intel x64
19:37:18.0900 4340 Number of processors: 2
19:37:18.0900 4340 Page size: 0x1000
19:37:18.0900 4340 Boot type: Normal boot
19:37:18.0900 4340 ============================================================
19:37:20.0273 4340 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
19:37:20.0393 4340 Initialize success
19:37:22.0676 5032 ============================================================
19:37:22.0676 5032 Scan started
19:37:22.0676 5032 Mode: Manual;
19:37:22.0676 5032 ============================================================
19:37:24.0073 5032 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:37:24.0418 5032 1394ohci - ok
19:37:24.0599 5032 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:37:24.0604 5032 ACPI - ok
19:37:24.0859 5032 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:37:24.0860 5032 AcpiPmi - ok
19:37:25.0618 5032 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:37:25.0623 5032 adp94xx - ok
19:37:25.0783 5032 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:37:25.0788 5032 adpahci - ok
19:37:25.0987 5032 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:37:25.0990 5032 adpu320 - ok
19:37:26.0131 5032 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys
19:37:26.0139 5032 AFD - ok
19:37:26.0287 5032 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:37:26.0288 5032 agp440 - ok
19:37:27.0102 5032 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:37:27.0103 5032 aliide - ok
19:37:27.0261 5032 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:37:27.0262 5032 amdide - ok
19:37:27.0392 5032 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:37:27.0393 5032 AmdK8 - ok
19:37:28.0206 5032 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:37:28.0207 5032 AmdPPM - ok
19:37:28.0552 5032 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:37:28.0554 5032 amdsata - ok
19:37:28.0737 5032 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:37:28.0739 5032 amdsbs - ok
19:37:29.0036 5032 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:37:29.0036 5032 amdxata - ok
19:37:29.0827 5032 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:37:29.0828 5032 AppID - ok
19:37:30.0706 5032 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:37:30.0708 5032 arc - ok
19:37:30.0976 5032 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:37:30.0978 5032 arcsas - ok
19:37:31.0128 5032 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:37:31.0129 5032 AsyncMac - ok
19:37:31.0442 5032 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:37:31.0443 5032 atapi - ok
19:37:32.0348 5032 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\windows\system32\DRIVERS\athrx.sys
19:37:32.0391 5032 athr - ok
19:37:32.0630 5032 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:37:32.0637 5032 b06bdrv - ok
19:37:33.0400 5032 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:37:33.0404 5032 b57nd60a - ok
19:37:33.0583 5032 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:37:33.0584 5032 Beep - ok
19:37:34.0016 5032 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20111223.001\BHDrvx64.sys
19:37:34.0028 5032 BHDrvx64 - ok
19:37:34.0197 5032 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:37:34.0198 5032 blbdrive - ok
19:37:34.0993 5032 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:37:34.0995 5032 bowser - ok
19:37:35.0186 5032 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:37:35.0187 5032 BrFiltLo - ok
19:37:35.0920 5032 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:37:35.0921 5032 BrFiltUp - ok
19:37:36.0090 5032 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:37:36.0092 5032 BridgeMP - ok
19:37:36.0325 5032 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:37:36.0330 5032 Brserid - ok
19:37:36.0554 5032 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:37:36.0555 5032 BrSerWdm - ok
19:37:36.0887 5032 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:37:36.0888 5032 BrUsbMdm - ok
19:37:37.0654 5032 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:37:37.0655 5032 BrUsbSer - ok
19:37:37.0898 5032 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:37:37.0899 5032 BTHMODEM - ok
19:37:38.0694 5032 catchme - ok
19:37:39.0000 5032 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\windows\system32\drivers\N360x64\0404000.00C\ccHPx64.sys
19:37:39.0008 5032 ccHP - ok
19:37:39.0288 5032 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:37:39.0290 5032 cdfs - ok
19:37:39.0518 5032 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:37:39.0521 5032 cdrom - ok
19:37:40.0369 5032 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:37:40.0370 5032 circlass - ok
19:37:40.0513 5032 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:37:40.0519 5032 CLFS - ok
19:37:41.0524 5032 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:37:41.0525 5032 CmBatt - ok
19:37:41.0821 5032 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:37:41.0822 5032 cmdide - ok
19:37:42.0117 5032 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys
19:37:42.0125 5032 CNG - ok
19:37:42.0908 5032 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\windows\system32\drivers\CHDRT64.sys
19:37:42.0940 5032 CnxtHdAudService - ok
19:37:43.0213 5032 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:37:43.0214 5032 Compbatt - ok
19:37:43.0952 5032 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:37:43.0953 5032 CompositeBus - ok
19:37:44.0167 5032 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:37:44.0167 5032 crcdisk - ok
19:37:44.0530 5032 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:37:44.0532 5032 DfsC - ok
19:37:44.0744 5032 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:37:44.0745 5032 discache - ok
19:37:45.0533 5032 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:37:45.0535 5032 Disk - ok
19:37:45.0755 5032 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:37:45.0756 5032 drmkaud - ok
19:37:46.0639 5032 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:37:46.0672 5032 DXGKrnl - ok
19:37:46.0981 5032 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:37:47.0072 5032 ebdrv - ok
19:37:47.0343 5032 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:37:47.0349 5032 eeCtrl - ok
19:37:48.0189 5032 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:37:48.0197 5032 elxstor - ok
19:37:48.0336 5032 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:37:48.0339 5032 EraserUtilRebootDrv - ok
19:37:48.0492 5032 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:37:48.0492 5032 ErrDev - ok
19:37:49.0237 5032 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:37:49.0240 5032 exfat - ok
19:37:49.0460 5032 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:37:49.0462 5032 fastfat - ok
19:37:49.0556 5032 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:37:49.0557 5032 fdc - ok
19:37:49.0797 5032 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:37:49.0798 5032 FileInfo - ok
19:37:50.0081 5032 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:37:50.0082 5032 Filetrace - ok
19:37:50.0773 5032 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:37:50.0774 5032 flpydisk - ok
19:37:51.0007 5032 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:37:51.0011 5032 FltMgr - ok
19:37:51.0842 5032 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:37:51.0843 5032 FsDepends - ok
19:37:51.0998 5032 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
19:37:51.0999 5032 fssfltr - ok
19:37:52.0213 5032 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:37:52.0214 5032 Fs_Rec - ok
19:37:52.0413 5032 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:37:52.0417 5032 fvevol - ok
19:37:53.0533 5032 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
19:37:53.0534 5032 FwLnk - ok
19:37:53.0739 5032 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:37:53.0740 5032 gagp30kx - ok
19:37:54.0590 5032 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:37:54.0591 5032 GEARAspiWDM - ok
19:37:55.0054 5032 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:37:55.0055 5032 hcw85cir - ok
19:37:55.0341 5032 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:37:55.0346 5032 HdAudAddService - ok
19:37:55.0502 5032 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:37:55.0504 5032 HDAudBus - ok
19:37:56.0287 5032 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:37:56.0288 5032 HidBatt - ok
19:37:57.0424 5032 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:37:57.0426 5032 HidBth - ok
19:37:57.0661 5032 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:37:57.0662 5032 HidIr - ok
19:37:57.0827 5032 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
19:37:57.0829 5032 HidUsb - ok
19:37:58.0056 5032 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:37:58.0058 5032 HpSAMD - ok
19:37:58.0789 5032 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:37:58.0800 5032 HTTP - ok
19:37:59.0055 5032 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:37:59.0056 5032 hwpolicy - ok
19:37:59.0805 5032 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:37:59.0807 5032 i8042prt - ok
19:37:59.0953 5032 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
19:37:59.0958 5032 iaStor - ok
19:38:00.0151 5032 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:38:00.0157 5032 iaStorV - ok
19:38:00.0487 5032 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120110.002\IDSvia64.sys
19:38:00.0492 5032 IDSVia64 - ok
19:38:01.0554 5032 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
19:38:01.0774 5032 igfx - ok
19:38:02.0553 5032 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:38:02.0554 5032 iirsp - ok
19:38:02.0704 5032 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:38:02.0705 5032 intelide - ok
19:38:02.0807 5032 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:38:02.0808 5032 intelppm - ok
19:38:02.0895 5032 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:38:02.0897 5032 IpFilterDriver - ok
19:38:02.0983 5032 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:38:02.0985 5032 IPMIDRV - ok
19:38:03.0082 5032 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:38:03.0085 5032 IPNAT - ok
19:38:03.0209 5032 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:38:03.0210 5032 IRENUM - ok
19:38:03.0294 5032 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:38:03.0295 5032 isapnp - ok
19:38:03.0966 5032 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:38:03.0970 5032 iScsiPrt - ok
19:38:04.0078 5032 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
19:38:04.0079 5032 kbdclass - ok
19:38:04.0170 5032 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:38:04.0172 5032 kbdhid - ok
19:38:04.0342 5032 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys
19:38:04.0344 5032 KSecDD - ok
19:38:05.0115 5032 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys
19:38:05.0117 5032 KSecPkg - ok
19:38:05.0208 5032 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:38:05.0209 5032 ksthunk - ok
19:38:05.0306 5032 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys
19:38:05.0309 5032 L1C - ok
19:38:05.0403 5032 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:38:05.0404 5032 lltdio - ok
19:38:05.0512 5032 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:38:05.0514 5032 LSI_FC - ok
19:38:05.0622 5032 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:38:05.0624 5032 LSI_SAS - ok
19:38:05.0716 5032 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:38:05.0718 5032 LSI_SAS2 - ok
19:38:05.0809 5032 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:38:05.0811 5032 LSI_SCSI - ok
19:38:05.0907 5032 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:38:05.0909 5032 luafv - ok
19:38:06.0711 5032 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
19:38:06.0712 5032 MBAMProtector - ok
19:38:06.0810 5032 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:38:06.0811 5032 megasas - ok
19:38:06.0895 5032 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:38:06.0899 5032 MegaSR - ok
19:38:07.0022 5032 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:38:07.0023 5032 Modem - ok
19:38:07.0683 5032 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:38:07.0684 5032 monitor - ok
19:38:07.0780 5032 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
19:38:07.0781 5032 mouclass - ok
19:38:07.0879 5032 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:38:07.0880 5032 mouhid - ok
19:38:07.0967 5032 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:38:07.0969 5032 mountmgr - ok
19:38:08.0062 5032 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:38:08.0065 5032 mpio - ok
19:38:08.0150 5032 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:38:08.0152 5032 mpsdrv - ok
19:38:08.0240 5032 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:38:08.0243 5032 MRxDAV - ok
19:38:08.0346 5032 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:38:08.0349 5032 mrxsmb - ok
19:38:08.0459 5032 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:38:08.0466 5032 mrxsmb10 - ok
19:38:09.0226 5032 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:38:09.0228 5032 mrxsmb20 - ok
19:38:09.0309 5032 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:38:09.0310 5032 msahci - ok
19:38:09.0407 5032 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:38:09.0410 5032 msdsm - ok
19:38:09.0509 5032 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:38:09.0510 5032 Msfs - ok
19:38:09.0590 5032 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:38:09.0591 5032 mshidkmdf - ok
19:38:10.0223 5032 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:38:10.0224 5032 msisadrv - ok
19:38:10.0378 5032 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:38:10.0379 5032 MSKSSRV - ok
19:38:10.0487 5032 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:38:10.0488 5032 MSPCLOCK - ok
19:38:10.0593 5032 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:38:10.0594 5032 MSPQM - ok
19:38:10.0725 5032 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:38:10.0730 5032 MsRPC - ok
19:38:10.0914 5032 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:38:10.0915 5032 mssmbios - ok
19:38:11.0006 5032 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:38:11.0007 5032 MSTEE - ok
19:38:11.0100 5032 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:38:11.0101 5032 MTConfig - ok
19:38:11.0774 5032 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:38:11.0775 5032 Mup - ok
19:38:11.0900 5032 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:38:11.0905 5032 NativeWifiP - ok
19:38:12.0078 5032 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120110.017\ENG64.SYS
19:38:12.0079 5032 NAVENG - ok
19:38:12.0879 5032 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120110.017\EX64.SYS
19:38:12.0898 5032 NAVEX15 - ok
19:38:13.0076 5032 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:38:13.0090 5032 NDIS - ok
19:38:13.0213 5032 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:38:13.0215 5032 NdisCap - ok
19:38:13.0302 5032 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:38:13.0303 5032 NdisTapi - ok
19:38:13.0404 5032 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:38:13.0405 5032 Ndisuio - ok
19:38:13.0493 5032 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:38:13.0496 5032 NdisWan - ok
19:38:13.0576 5032 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:38:13.0577 5032 NDProxy - ok
19:38:13.0666 5032 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:38:13.0667 5032 NetBIOS - ok
19:38:13.0749 5032 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:38:13.0754 5032 NetBT - ok
19:38:14.0437 5032 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:38:14.0438 5032 nfrd960 - ok
19:38:14.0539 5032 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:38:14.0540 5032 Npfs - ok
19:38:14.0633 5032 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:38:14.0634 5032 nsiproxy - ok
19:38:14.0793 5032 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:38:14.0815 5032 Ntfs - ok
19:38:15.0528 5032 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:38:15.0529 5032 Null - ok
19:38:15.0621 5032 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:38:15.0623 5032 nvraid - ok
19:38:15.0711 5032 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:38:15.0714 5032 nvstor - ok
19:38:15.0806 5032 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:38:15.0808 5032 nv_agp - ok
19:38:15.0899 5032 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:38:15.0900 5032 ohci1394 - ok
19:38:16.0019 5032 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:38:16.0021 5032 Parport - ok
19:38:16.0121 5032 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
19:38:16.0123 5032 partmgr - ok
19:38:16.0204 5032 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:38:16.0207 5032 pci - ok
19:38:16.0291 5032 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:38:16.0292 5032 pciide - ok
19:38:16.0932 5032 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:38:16.0936 5032 pcmcia - ok
19:38:17.0017 5032 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:38:17.0018 5032 pcw - ok
19:38:17.0114 5032 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:38:17.0124 5032 PEAUTH - ok
19:38:17.0224 5032 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
19:38:17.0226 5032 PGEffect - ok
19:38:17.0351 5032 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:38:17.0353 5032 PptpMiniport - ok
19:38:17.0445 5032 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:38:17.0447 5032 Processor - ok
19:38:18.0117 5032 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:38:18.0119 5032 Psched - ok
19:38:18.0237 5032 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:38:18.0260 5032 ql2300 - ok
19:38:18.0349 5032 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:38:18.0352 5032 ql40xx - ok
19:38:18.0439 5032 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:38:18.0441 5032 QWAVEdrv - ok
19:38:18.0527 5032 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:38:18.0528 5032 RasAcd - ok
19:38:18.0635 5032 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:38:18.0636 5032 RasAgileVpn - ok
19:38:18.0782 5032 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:38:18.0785 5032 Rasl2tp - ok
19:38:18.0887 5032 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:38:18.0889 5032 RasPppoe - ok
19:38:19.0552 5032 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:38:19.0554 5032 RasSstp - ok
19:38:19.0674 5032 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:38:19.0679 5032 rdbss - ok
19:38:19.0764 5032 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:38:19.0765 5032 rdpbus - ok
19:38:19.0849 5032 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:38:19.0850 5032 RDPCDD - ok
19:38:19.0941 5032 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:38:19.0942 5032 RDPENCDD - ok
19:38:20.0032 5032 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:38:20.0033 5032 RDPREFMP - ok
19:38:20.0706 5032 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys
19:38:20.0709 5032 RDPWD - ok
19:38:20.0809 5032 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:38:20.0812 5032 rdyboost - ok
19:38:20.0935 5032 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:38:20.0937 5032 RimUsb - ok
19:38:21.0059 5032 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
19:38:21.0060 5032 RimVSerPort - ok
19:38:21.0157 5032 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\windows\system32\Drivers\RootMdm.sys
19:38:21.0158 5032 ROOTMODEM - ok
19:38:21.0277 5032 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:38:21.0278 5032 rspndr - ok
19:38:21.0385 5032 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
19:38:21.0389 5032 RSUSBSTOR - ok
19:38:21.0482 5032 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:38:21.0484 5032 sbp2port - ok
19:38:22.0125 5032 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:38:22.0126 5032 scfilter - ok
19:38:22.0252 5032 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:38:22.0253 5032 secdrv - ok
19:38:22.0384 5032 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:38:22.0385 5032 Serenum - ok
19:38:22.0475 5032 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:38:22.0477 5032 Serial - ok
19:38:22.0564 5032 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:38:22.0565 5032 sermouse - ok
19:38:23.0225 5032 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:38:23.0226 5032 sffdisk - ok
19:38:23.0316 5032 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:38:23.0317 5032 sffp_mmc - ok
19:38:23.0404 5032 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:38:23.0405 5032 sffp_sd - ok
19:38:23.0487 5032 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:38:23.0488 5032 sfloppy - ok
19:38:23.0595 5032 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:38:23.0597 5032 SiSRaid2 - ok
19:38:23.0692 5032 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:38:23.0693 5032 SiSRaid4 - ok
19:38:23.0789 5032 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:38:23.0791 5032 Smb - ok
19:38:23.0897 5032 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:38:23.0898 5032 spldr - ok
19:38:24.0069 5032 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\windows\System32\Drivers\N360x64\0404000.00C\SRTSP64.SYS
19:38:24.0076 5032 SRTSP - ok
19:38:24.0799 5032 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\windows\system32\drivers\N360x64\0404000.00C\SRTSPX64.SYS
19:38:24.0800 5032 SRTSPX - ok
19:38:24.0943 5032 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:38:24.0950 5032 srv - ok
19:38:25.0041 5032 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:38:25.0047 5032 srv2 - ok
19:38:25.0129 5032 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:38:25.0132 5032 srvnet - ok
19:38:25.0214 5032 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:38:25.0215 5032 stexstor - ok
19:38:25.0848 5032 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:38:25.0849 5032 swenum - ok
19:38:26.0006 5032 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\windows\system32\drivers\N360x64\0404000.00C\SYMDS64.SYS
19:38:26.0012 5032 SymDS - ok
19:38:26.0157 5032 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\windows\system32\drivers\N360x64\0404000.00C\SYMEFA64.SYS
19:38:26.0161 5032 SymEFA - ok
19:38:26.0278 5032 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
19:38:26.0281 5032 SymEvent - ok
19:38:26.0477 5032 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\windows\system32\drivers\N360x64\0404000.00C\Ironx64.SYS
19:38:26.0479 5032 SymIRON - ok
19:38:26.0655 5032 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\windows\System32\Drivers\N360x64\0404000.00C\SYMTDIV.SYS
19:38:26.0662 5032 SYMTDIv - ok
19:38:27.0352 5032 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
19:38:27.0357 5032 SynTP - ok
19:38:27.0511 5032 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
19:38:27.0534 5032 Tcpip - ok
19:38:27.0681 5032 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
19:38:27.0694 5032 TCPIP6 - ok
19:38:27.0790 5032 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:38:27.0791 5032 tcpipreg - ok
19:38:28.0445 5032 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:38:28.0446 5032 tdcmdpst - ok
19:38:28.0530 5032 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:38:28.0531 5032 TDPIPE - ok
19:38:28.0623 5032 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:38:28.0624 5032 TDTCP - ok
19:38:28.0715 5032 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:38:28.0718 5032 tdx - ok
19:38:28.0810 5032 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:38:28.0812 5032 TermDD - ok
19:38:29.0004 5032 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:38:29.0006 5032 tssecsrv - ok
19:38:29.0105 5032 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:38:29.0107 5032 TsUsbFlt - ok
19:38:29.0202 5032 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:38:29.0205 5032 tunnel - ok
19:38:29.0320 5032 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:38:29.0321 5032 TVALZ - ok
19:38:29.0951 5032 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:38:29.0952 5032 uagp35 - ok
19:38:30.0047 5032 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:38:30.0052 5032 udfs - ok
19:38:30.0161 5032 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:38:30.0163 5032 uliagpkx - ok
19:38:30.0254 5032 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
19:38:30.0255 5032 umbus - ok
19:38:30.0337 5032 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:38:30.0338 5032 UmPass - ok
19:38:31.0012 5032 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:38:31.0014 5032 USBAAPL64 - ok
19:38:31.0091 5032 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:38:31.0093 5032 usbccgp - ok
19:38:31.0198 5032 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:38:31.0200 5032 usbcir - ok
19:38:31.0285 5032 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:38:31.0286 5032 usbehci - ok
19:38:31.0391 5032 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:38:31.0396 5032 usbhub - ok
19:38:31.0485 5032 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:38:31.0486 5032 usbohci - ok
19:38:31.0591 5032 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:38:31.0592 5032 usbprint - ok
19:38:31.0685 5032 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:38:31.0686 5032 usbscan - ok
19:38:31.0775 5032 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:38:31.0777 5032 USBSTOR - ok
19:38:31.0866 5032 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
19:38:31.0867 5032 usbuhci - ok
19:38:32.0547 5032 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
19:38:32.0550 5032 usbvideo - ok
19:38:32.0670 5032 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:38:32.0672 5032 vdrvroot - ok
19:38:32.0770 5032 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:38:32.0771 5032 vga - ok
19:38:32.0857 5032 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:38:32.0858 5032 VgaSave - ok
19:38:32.0946 5032 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:38:32.0950 5032 vhdmp - ok
19:38:33.0582 5032 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:38:33.0583 5032 viaide - ok
19:38:33.0678 5032 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:38:33.0680 5032 volmgr - ok
19:38:33.0770 5032 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:38:33.0776 5032 volmgrx - ok
19:38:33.0862 5032 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:38:33.0867 5032 volsnap - ok
19:38:33.0969 5032 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:38:33.0972 5032 vsmraid - ok
19:38:34.0068 5032 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:38:34.0069 5032 vwifibus - ok
19:38:34.0173 5032 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:38:34.0175 5032 vwififlt - ok
19:38:34.0284 5032 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
19:38:34.0285 5032 vwifimp - ok
19:38:34.0403 5032 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:38:34.0404 5032 WacomPen - ok
19:38:35.0092 5032 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:38:35.0094 5032 WANARP - ok
19:38:35.0114 5032 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:38:35.0116 5032 Wanarpv6 - ok
19:38:35.0219 5032 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:38:35.0220 5032 Wd - ok
19:38:35.0328 5032 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:38:35.0351 5032 Wdf01000 - ok
19:38:35.0478 5032 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:38:35.0479 5032 WfpLwf - ok
19:38:36.0115 5032 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:38:36.0116 5032 WIMMount - ok
19:38:36.0266 5032 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:38:36.0267 5032 WinUsb - ok
19:38:36.0385 5032 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:38:36.0386 5032 WmiAcpi - ok
19:38:36.0599 5032 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:38:36.0600 5032 ws2ifsl - ok
19:38:36.0727 5032 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:38:36.0730 5032 WudfPf - ok
19:38:36.0825 5032 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:38:36.0828 5032 WUDFRd - ok
19:38:36.0883 5032 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:38:36.0944 5032 \Device\Harddisk0\DR0 - ok
19:38:36.0957 5032 Boot (0x1200) (8c0f726bbb61dcb9c75ebbeb93e7b670) \Device\Harddisk0\DR0\Partition0
19:38:36.0959 5032 \Device\Harddisk0\DR0\Partition0 - ok
19:38:36.0959 5032 ============================================================
19:38:36.0959 5032 Scan finished
19:38:36.0959 5032 ============================================================
19:38:36.0978 2876 Detected object count: 0
19:38:36.0978 2876 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 AM

Posted 10 January 2012 - 09:50 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.6

and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]



TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 11 January 2012 - 12:26 PM

For HijackThis, it said that it was denied access to the Hosts file and that I need to edit the file myself.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 AM

Posted 11 January 2012 - 01:46 PM

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 11 January 2012 - 02:19 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Loren Janina :: LORENJANINA-PC [administrator]

Protection: Enabled

11/01/2012 10:13:08 AM
mbam-log-2012-01-11 (10-13-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198346
Time elapsed: 5 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:53 PM, on 11/01/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: ViiKiiDesktopPlugin.lnk = C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.4.0.12\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12080 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:59 AM

Posted 11 January 2012 - 02:39 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - Startup: ViiKiiDesktopPlugin.lnk = C:\Program Files (x86)\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo

Edited by gringo_pr, 11 January 2012 - 02:39 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ljra101808

ljra101808
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:06:59 AM

Posted 11 January 2012 - 07:03 PM

It says that I have my Norton Antivirus active, even though it's not, and also it says I have Microsoft Windows Defender still on as well.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users