Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL4@MBR


  • This topic is locked This topic is locked
20 replies to this topic

#1 FireFighter254

FireFighter254

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:40 AM

Posted 11 January 2012 - 08:11 PM

Here is the link to the initial "Am I infected?" post:

http://www.bleepingcomputer.com/forums/topic437160.html

Included in that post are/were the problems I was experiencing. Since then, I have not experienced it again. The initial GMER scan revealed the TDL4@MBR rootkit, now it seems it is not.

I have included the logs that Cryptodan has asked me to post.

Thank you

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 13 January 2012 - 02:40 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 FireFighter254

FireFighter254
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:40 AM

Posted 14 January 2012 - 01:49 PM

Hi Gringo and thank you.

I ran ComboFix and did not experience any errors during the run. It did give me the pop-up warning about N360 running even though I disabled it.


I have not experienced the initial problem. I have purchased MBAM and have been checking the logs, the TDL4@MBR hasn't tried connecting to any websites since cryptodan had me do what he needed. So, not sure if it's just hiding dormany, etc.

ComboFix Log:


ComboFix 12-01-13.05 - NGSP2007 01/14/2012 13:04:13.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1216 [GMT -5:00]
Running from: c:\users\NGSP2007\Downloads\BlpPC\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 18:19 . 2012-01-14 18:20 -------- d-----w- c:\users\NGSP2007\AppData\Local\temp
2012-01-14 18:19 . 2012-01-14 18:19 -------- d-----w- c:\users\postgres\AppData\Local\temp
2012-01-14 18:19 . 2012-01-14 18:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-12 01:22 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 01:22 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-12 01:22 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-12 01:21 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-12 01:21 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-12 01:21 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-12 01:21 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-12 01:21 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-12 01:21 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 01:21 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-12 01:21 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-12 01:21 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-12 01:20 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 01:20 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 18:19 . 2012-01-11 18:19 -------- d-----w- c:\programdata\NTIReg
2012-01-11 18:08 . 2009-05-05 21:46 15360 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys
2012-01-11 18:08 . 2009-05-05 21:46 14336 ----a-w- c:\windows\system32\drivers\UBHelper.sys
2012-01-11 18:06 . 2012-01-11 18:07 -------- d-----w- c:\windows\system32\drivers\nti
2012-01-11 18:05 . 2012-01-11 18:05 -------- d-----w- c:\program files\NTI
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:22 . 2012-01-03 13:22 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-27 03:56 . 2011-12-27 03:56 -------- d-----w- c:\programdata\YouTube Downloader
2011-12-27 03:56 . 2011-12-27 03:56 -------- d-----w- c:\program files\YouTube Downloader
2011-12-22 14:25 . 2011-11-23 13:37 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-22 14:25 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-22 14:25 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-22 14:25 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-22 14:23 . 2011-11-08 14:42 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-22 14:23 . 2011-10-25 15:56 49152 ----a-w- c:\windows\system32\csrsrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 20:24 . 2010-05-27 05:47 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 00:06 . 2011-05-24 15:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-04-01 02:47 . 2008-07-22 04:58 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"BackupNowEZtray"="c:\program files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" [2011-09-24 580632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-09-12 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 11:58 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2006-11-06 18:58 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-28 06:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 07:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-09-12 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\HPCeeScheduleForNGSP2007.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2006-12-18 00:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://hp-laptop.aol.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: paypal.com\www
TCP: DhcpNameServer = 192.168.0.1 198.6.1.3
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://216.19.6.155/activex/AMC.cab
FF - ProfilePath - c:\users\NGSP2007\AppData\Roaming\Mozilla\Firefox\Profiles\uny8s6zm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://hp-laptop.aol.com/
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-klmdb.sys
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\NGSP2007\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 13:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\NGSP2007\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-14 13:30:32
ComboFix-quarantined-files.txt 2012-01-14 18:30
.
Pre-Run: 8,000,999,424 bytes free
Post-Run: 8,033,968,128 bytes free
.
- - End Of File - - 6C18FA0FF5CB677CC1B8A951A813CD7D

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 14 January 2012 - 09:47 PM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 FireFighter254

FireFighter254
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:40 AM

Posted 15 January 2012 - 02:34 PM

Here is the scan log as requested:

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-15 14:30:24
-----------------------------
14:30:24.981 OS Version: Windows 6.0.6002 Service Pack 2
14:30:24.981 Number of processors: 2 586 0xE08
14:30:24.984 ComputerName: NGSP2007-OFF-PC UserName: NGSP2007
14:30:54.161 Initialize success
14:31:14.692 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
14:31:14.695 Disk 0 Vendor: TOSHIBA_MK8034GSX AH301H Size: 76319MB BusType: 3
14:31:14.724 Disk 0 MBR read successfully
14:31:14.728 Disk 0 MBR scan
14:31:14.730 Disk 0 unknown MBR code
14:31:14.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 69978 MB offset 63
14:31:14.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6338 MB offset 143315865
14:31:14.789 Disk 0 scanning sectors +156296385
14:31:15.034 Disk 0 scanning C:\Windows\system32\drivers
14:31:34.997 Service scanning
14:31:39.264 Modules scanning
14:32:11.620 Disk 0 trace - called modules:
14:32:11.641 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
14:32:11.647 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e0d3e8]
14:32:11.998 3 CLASSPNP.SYS[887aa8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8560daa8]
14:32:12.005 Scan finished successfully
14:32:26.367 Disk 0 MBR has been saved successfully to "C:\Users\NGSP2007\Desktop\MBR.dat"
14:32:26.374 The log file has been saved successfully to "C:\Users\NGSP2007\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 15 January 2012 - 03:56 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.5.0
Java™ 6 Update 23


and click on remove

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 FireFighter254

FireFighter254
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:40 AM

Posted 15 January 2012 - 05:56 PM

Hi Gringo,

Here are the requested logs and I performed everything you asked in your last post. I have only seen one IP block happen from MBAM, I included that information at the very end of this post. When I restarted after TFC, I get a Windows Mail pop-up in which I have never used this program before, that has been happening ever since this original problem started with the rootkit. Not sure if this means anything.


MBAM:

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.15.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
NGSP2007 :: NGSP2007-OFF-PC [administrator]

Protection: Enabled

1/15/2012 5:31:19 PM
mbam-log-2012-01-15 (17-31-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205539
Time elapsed: 12 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:51:35 PM, on 1/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-laptop.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: (no name) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BackupNowEZtray] "C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZtray.exe" -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: RPM Poker - {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\NGSP2007\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} (AudioClient Control) - http://strawberryweathercam.viewnetcam.com:5000/SysCamInst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - http://216.19.6.155/activex/AMC.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: B-Service - Unknown owner - C:\Users\NGSP2007\AppData\Roaming\Mikogo\B-Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360 Premier Edition\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: NTI BackupNowEZSvr - NTI Corporation - C:\Program Files\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8475 bytes

2012/01/15 04:07:56 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Executing scheduled update: Daily
2012/01/15 04:08:08 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Scheduled update executed successfully: database updated from version v2012.01.14.03 to version v2012.01.15.01
2012/01/15 04:08:08 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Starting database refresh
2012/01/15 04:08:08 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Stopping IP protection
2012/01/15 04:08:25 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE IP Protection stopped
2012/01/15 04:09:11 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Database refreshed successfully
2012/01/15 04:09:11 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Starting IP protection
2012/01/15 04:09:15 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE IP Protection started successfully
2012/01/15 12:57:28 -0500 NGSP2007-OFF-PC NGSP2007 IP-BLOCK 79.137.226.87 (Type: outgoing, Port: 49875, Process: iexplore.exe)
2012/01/15 17:28:27 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Starting protection
2012/01/15 17:28:32 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Protection started successfully
2012/01/15 17:28:35 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Starting IP protection
2012/01/15 17:28:37 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE IP Protection started successfully
2012/01/15 17:31:05 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Starting database refresh
2012/01/15 17:31:05 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Stopping IP protection
2012/01/15 17:31:07 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE IP Protection stopped
2012/01/15 17:31:10 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Database refreshed successfully
2012/01/15 17:31:10 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE Starting IP protection
2012/01/15 17:31:13 -0500 NGSP2007-OFF-PC NGSP2007 MESSAGE IP Protection started successfully

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 15 January 2012 - 08:49 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard and paste the results here in this topic
  • you may also find here C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 FireFighter254

FireFighter254
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:40 AM

Posted 16 January 2012 - 03:33 PM

Sorry, I tried doing this last night but ESET couldn't produce a log. Got it for you today. Thank you for the start up info!



C:\Users\NGSP2007\Downloads\Geeks2Go\siw-all\siw\Multilanguage With Installer\siw-setup.exe Win32/OpenCandy application

Edited by FireFighter254, 16 January 2012 - 03:34 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 16 January 2012 - 09:03 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\NGSP2007\Downloads\Geeks2Go\siw-all\siw\Multilanguage With Installer\siw-setup.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 FireFighter254

FireFighter254
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:40 AM

Posted 16 January 2012 - 10:12 PM

Hi Gringo and thank you. So, did I actually have the TDL4 rootkit?

Also, when I rebooted after OTC, I am still receiving this windows mail pop-up and have no clue why or how to stop it.

Posted Image

Posted Image

And one svchost.exe memory hogging for about 5 minutes but then settled down, I will keep an eye on it.

The anti-spyware prog's you suggested, I should add those to the MBAM Pro, etc I already have and run them all at the same time? Just confirming.

Edited by FireFighter254, 16 January 2012 - 10:16 PM.


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 16 January 2012 - 10:23 PM

Hello

I haven't seen any sign of it yet

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 FireFighter254

FireFighter254
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:40 AM

Posted 17 January 2012 - 01:08 AM

I apologize, I was in a hurry and posted the wrong screenshot, the only one that should have been included in my last post was the "Windows Mail" pop-up, not the svchost.exe. Did you still want me to run the TDSSkiller?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:40 AM

Posted 17 January 2012 - 08:26 AM

yes lets go ahead and run it anyway


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 FireFighter254

FireFighter254
  • Topic Starter

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:40 AM

Posted 17 January 2012 - 01:00 PM

Here you go:

12:57:01.0508 2824 TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
12:57:02.0315 2824 ============================================================
12:57:02.0315 2824 Current date / time: 2012/01/17 12:57:02.0314
12:57:02.0315 2824 SystemInfo:
12:57:02.0315 2824
12:57:02.0315 2824 OS Version: 6.0.6002 ServicePack: 2.0
12:57:02.0315 2824 Product type: Workstation
12:57:02.0315 2824 ComputerName: NGSP2007-OFF-PC
12:57:02.0315 2824 UserName: NGSP2007
12:57:02.0315 2824 Windows directory: C:\Windows
12:57:02.0315 2824 System windows directory: C:\Windows
12:57:02.0315 2824 Processor architecture: Intel x86
12:57:02.0315 2824 Number of processors: 2
12:57:02.0315 2824 Page size: 0x1000
12:57:02.0315 2824 Boot type: Normal boot
12:57:02.0315 2824 ============================================================
12:57:05.0786 2824 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:57:06.0069 2824 Initialize success
12:58:24.0351 1104 ============================================================
12:58:24.0351 1104 Scan started
12:58:24.0351 1104 Mode: Manual;
12:58:24.0351 1104 ============================================================
12:58:26.0499 1104 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
12:58:26.0506 1104 ACPI - ok
12:58:26.0612 1104 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
12:58:26.0623 1104 adp94xx - ok
12:58:26.0708 1104 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
12:58:26.0716 1104 adpahci - ok
12:58:26.0807 1104 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
12:58:26.0811 1104 adpu160m - ok
12:58:26.0847 1104 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
12:58:26.0853 1104 adpu320 - ok
12:58:27.0167 1104 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
12:58:27.0175 1104 AFD - ok
12:58:27.0316 1104 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
12:58:27.0318 1104 agp440 - ok
12:58:27.0371 1104 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
12:58:27.0374 1104 aic78xx - ok
12:58:27.0454 1104 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
12:58:27.0455 1104 aliide - ok
12:58:27.0495 1104 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
12:58:27.0498 1104 amdagp - ok
12:58:27.0552 1104 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
12:58:27.0554 1104 amdide - ok
12:58:27.0678 1104 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
12:58:27.0679 1104 AmdK7 - ok
12:58:27.0714 1104 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
12:58:27.0716 1104 AmdK8 - ok
12:58:27.0817 1104 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
12:58:27.0820 1104 arc - ok
12:58:27.0882 1104 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
12:58:27.0886 1104 arcsas - ok
12:58:28.0033 1104 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
12:58:28.0035 1104 AsyncMac - ok
12:58:28.0156 1104 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
12:58:28.0157 1104 atapi - ok
12:58:28.0425 1104 BCM43XV (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:58:28.0457 1104 BCM43XV - ok
12:58:28.0524 1104 BCM43XX (34a0a6386256080f52c74076c6157026) C:\Windows\system32\DRIVERS\bcmwl6.sys
12:58:28.0535 1104 BCM43XX - ok
12:58:28.0679 1104 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
12:58:28.0681 1104 Beep - ok
12:58:28.0926 1104 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
12:58:28.0947 1104 BHDrvx86 - ok
12:58:29.0045 1104 blbdrive - ok
12:58:29.0131 1104 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
12:58:29.0133 1104 bowser - ok
12:58:29.0201 1104 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
12:58:29.0202 1104 BrFiltLo - ok
12:58:29.0251 1104 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
12:58:29.0253 1104 BrFiltUp - ok
12:58:29.0305 1104 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
12:58:29.0309 1104 Brserid - ok
12:58:29.0435 1104 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
12:58:29.0437 1104 BrSerWdm - ok
12:58:29.0469 1104 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
12:58:29.0471 1104 BrUsbMdm - ok
12:58:29.0507 1104 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
12:58:29.0508 1104 BrUsbSer - ok
12:58:29.0578 1104 BthEnum (a820438255f37ab8baa2bd59753a8d81) C:\Windows\system32\DRIVERS\BthEnum.sys
12:58:29.0580 1104 BthEnum - ok
12:58:29.0660 1104 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
12:58:29.0663 1104 BTHMODEM - ok
12:58:29.0757 1104 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
12:58:29.0760 1104 BthPan - ok
12:58:29.0805 1104 BTHPORT (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys
12:58:29.0812 1104 BTHPORT - ok
12:58:29.0848 1104 BTHUSB (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys
12:58:29.0850 1104 BTHUSB - ok
12:58:29.0931 1104 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
12:58:29.0934 1104 cdfs - ok
12:58:30.0030 1104 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
12:58:30.0032 1104 cdrom - ok
12:58:30.0133 1104 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
12:58:30.0136 1104 circlass - ok
12:58:30.0208 1104 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
12:58:30.0216 1104 CLFS - ok
12:58:30.0334 1104 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
12:58:30.0335 1104 CmBatt - ok
12:58:30.0453 1104 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
12:58:30.0455 1104 cmdide - ok
12:58:30.0538 1104 CnxtHdAudService (a4d44ab8423791db757b38150ec599a4) C:\Windows\system32\drivers\CHDRT32.sys
12:58:30.0544 1104 CnxtHdAudService - ok
12:58:30.0602 1104 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
12:58:30.0604 1104 Compbatt - ok
12:58:30.0697 1104 cpuz130 - ok
12:58:30.0810 1104 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
12:58:30.0812 1104 crcdisk - ok
12:58:30.0844 1104 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
12:58:30.0845 1104 Crusoe - ok
12:58:30.0931 1104 dc3d (6b62f5f9a987d08f67fc1302e4b67aed) C:\Windows\system32\DRIVERS\dc3d.sys
12:58:30.0933 1104 dc3d - ok
12:58:30.0989 1104 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
12:58:30.0993 1104 DfsC - ok
12:58:31.0196 1104 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
12:58:31.0197 1104 disk - ok
12:58:31.0274 1104 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
12:58:31.0276 1104 drmkaud - ok
12:58:31.0365 1104 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
12:58:31.0384 1104 DXGKrnl - ok
12:58:31.0548 1104 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\Windows\system32\DRIVERS\e100b325.sys
12:58:31.0554 1104 E100B - ok
12:58:31.0604 1104 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
12:58:31.0608 1104 E1G60 - ok
12:58:31.0669 1104 eabfiltr (a6476585b4fefee46a9f42e4d2bfdfa4) C:\Windows\system32\DRIVERS\eabfiltr.sys
12:58:31.0671 1104 eabfiltr - ok
12:58:31.0743 1104 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
12:58:31.0748 1104 Ecache - ok
12:58:31.0897 1104 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:58:31.0907 1104 eeCtrl - ok
12:58:32.0051 1104 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
12:58:32.0060 1104 elxstor - ok
12:58:32.0297 1104 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:58:32.0327 1104 EraserUtilRebootDrv - ok
12:58:32.0570 1104 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
12:58:32.0575 1104 exfat - ok
12:58:32.0641 1104 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
12:58:32.0646 1104 fastfat - ok
12:58:32.0702 1104 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
12:58:32.0704 1104 fdc - ok
12:58:32.0773 1104 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
12:58:32.0776 1104 FileInfo - ok
12:58:33.0002 1104 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
12:58:33.0004 1104 Filetrace - ok
12:58:33.0090 1104 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
12:58:33.0091 1104 flpydisk - ok
12:58:33.0220 1104 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
12:58:33.0226 1104 FltMgr - ok
12:58:33.0334 1104 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
12:58:33.0336 1104 Fs_Rec - ok
12:58:33.0374 1104 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
12:58:33.0375 1104 gagp30kx - ok
12:58:33.0446 1104 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:58:33.0449 1104 GEARAspiWDM - ok
12:58:33.0564 1104 HBtnKey (93aee3434935fc2f805fefd8dc5ed1b4) C:\Windows\system32\DRIVERS\cpqbttn.sys
12:58:33.0566 1104 HBtnKey - ok
12:58:33.0652 1104 HdAudAddService (3aeee05bb25b8cc72b6e9aec0e6f394b) C:\Windows\system32\drivers\CHDART.sys
12:58:33.0656 1104 HdAudAddService - ok
12:58:33.0722 1104 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:58:33.0736 1104 HDAudBus - ok
12:58:33.0839 1104 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
12:58:33.0852 1104 HidBth - ok
12:58:33.0903 1104 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
12:58:33.0904 1104 HidIr - ok
12:58:33.0963 1104 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
12:58:33.0964 1104 HidUsb - ok
12:58:34.0041 1104 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
12:58:34.0042 1104 HpCISSs - ok
12:58:34.0202 1104 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:58:34.0209 1104 HSFHWAZL - ok
12:58:34.0366 1104 HSF_DPV (1882827f41dee51c70e24c567c35bfb5) C:\Windows\system32\DRIVERS\HSX_DPV.sys
12:58:34.0391 1104 HSF_DPV - ok
12:58:34.0559 1104 HSXHWAZL (a44ddf3ba83e4664bf4de9220097578c) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
12:58:34.0565 1104 HSXHWAZL - ok
12:58:34.0631 1104 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
12:58:34.0642 1104 HTTP - ok
12:58:34.0695 1104 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
12:58:34.0697 1104 i2omp - ok
12:58:34.0870 1104 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
12:58:34.0873 1104 i8042prt - ok
12:58:35.0035 1104 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:58:35.0094 1104 ialm - ok
12:58:35.0235 1104 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
12:58:35.0242 1104 iaStorV - ok
12:58:35.0296 1104 Icam4USB (222f74130a2e3a2ed655226d97f03812) C:\Windows\system32\Drivers\Icam4USB.sys
12:58:35.0301 1104 Icam4USB - ok
12:58:35.0553 1104 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120114.005\IDSvix86.sys
12:58:35.0563 1104 IDSVix86 - ok
12:58:35.0801 1104 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
12:58:35.0819 1104 igfx - ok
12:58:35.0940 1104 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
12:58:35.0942 1104 iirsp - ok
12:58:36.0011 1104 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
12:58:36.0013 1104 intelide - ok
12:58:36.0067 1104 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
12:58:36.0070 1104 intelppm - ok
12:58:36.0170 1104 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:58:36.0172 1104 IpFilterDriver - ok
12:58:36.0276 1104 IpInIp - ok
12:58:36.0327 1104 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
12:58:36.0329 1104 IPMIDRV - ok
12:58:36.0407 1104 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
12:58:36.0464 1104 IPNAT - ok
12:58:36.0662 1104 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
12:58:36.0664 1104 IRENUM - ok
12:58:36.0793 1104 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
12:58:36.0795 1104 isapnp - ok
12:58:36.0858 1104 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
12:58:36.0863 1104 iScsiPrt - ok
12:58:36.0901 1104 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
12:58:36.0902 1104 iteatapi - ok
12:58:36.0940 1104 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
12:58:36.0942 1104 iteraid - ok
12:58:36.0993 1104 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:58:36.0995 1104 kbdclass - ok
12:58:37.0149 1104 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
12:58:37.0149 1104 kbdhid - ok
12:58:37.0234 1104 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
12:58:37.0245 1104 KSecDD - ok
12:58:37.0387 1104 LHidFilt (318b3d608fbec44b7e0c23bf759dced5) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:58:37.0390 1104 LHidFilt - ok
12:58:37.0559 1104 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
12:58:37.0561 1104 lltdio - ok
12:58:37.0605 1104 LMouFilt (84af069d219df3c43dc6792b2bbd7bed) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:58:37.0607 1104 LMouFilt - ok
12:58:37.0659 1104 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
12:58:37.0662 1104 LSI_FC - ok
12:58:37.0744 1104 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
12:58:37.0747 1104 LSI_SAS - ok
12:58:37.0805 1104 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
12:58:37.0808 1104 LSI_SCSI - ok
12:58:37.0922 1104 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
12:58:37.0925 1104 luafv - ok
12:58:37.0969 1104 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
12:58:37.0971 1104 MBAMProtector - ok
12:58:38.0072 1104 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\Windows\system32\drivers\MCSTRM.sys
12:58:38.0073 1104 MCSTRM - ok
12:58:38.0137 1104 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
12:58:38.0138 1104 mdmxsdk - ok
12:58:38.0227 1104 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
12:58:38.0230 1104 megasas - ok
12:58:38.0312 1104 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
12:58:38.0313 1104 Modem - ok
12:58:38.0368 1104 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
12:58:38.0371 1104 monitor - ok
12:58:38.0456 1104 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
12:58:38.0458 1104 mouclass - ok
12:58:38.0747 1104 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
12:58:38.0772 1104 moufiltr - ok
12:58:38.0950 1104 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
12:58:38.0951 1104 mouhid - ok
12:58:39.0127 1104 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
12:58:39.0130 1104 MountMgr - ok
12:58:39.0202 1104 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
12:58:39.0204 1104 mpio - ok
12:58:39.0285 1104 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
12:58:39.0288 1104 mpsdrv - ok
12:58:39.0356 1104 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
12:58:39.0358 1104 Mraid35x - ok
12:58:39.0411 1104 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
12:58:39.0415 1104 MRxDAV - ok
12:58:39.0520 1104 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:58:39.0524 1104 mrxsmb - ok
12:58:39.0587 1104 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:58:39.0594 1104 mrxsmb10 - ok
12:58:39.0674 1104 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:58:39.0677 1104 mrxsmb20 - ok
12:58:39.0794 1104 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
12:58:39.0796 1104 msahci - ok
12:58:39.0840 1104 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
12:58:39.0842 1104 msdsm - ok
12:58:39.0944 1104 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
12:58:39.0947 1104 Msfs - ok
12:58:40.0034 1104 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
12:58:40.0036 1104 msisadrv - ok
12:58:40.0166 1104 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
12:58:40.0168 1104 MSKSSRV - ok
12:58:40.0245 1104 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
12:58:40.0248 1104 MSPCLOCK - ok
12:58:40.0311 1104 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
12:58:40.0312 1104 MSPQM - ok
12:58:40.0370 1104 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
12:58:40.0376 1104 MsRPC - ok
12:58:40.0454 1104 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
12:58:40.0457 1104 mssmbios - ok
12:58:40.0553 1104 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
12:58:40.0555 1104 MSTEE - ok
12:58:40.0618 1104 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
12:58:40.0621 1104 Mup - ok
12:58:40.0696 1104 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
12:58:40.0701 1104 NativeWifiP - ok
12:58:40.0942 1104 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120116.035\NAVENG.SYS
12:58:40.0946 1104 NAVENG - ok
12:58:41.0074 1104 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120116.035\NAVEX15.SYS
12:58:41.0113 1104 NAVEX15 - ok
12:58:41.0271 1104 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
12:58:41.0285 1104 NDIS - ok
12:58:41.0350 1104 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
12:58:41.0352 1104 NdisTapi - ok
12:58:41.0414 1104 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
12:58:41.0415 1104 Ndisuio - ok
12:58:41.0474 1104 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
12:58:41.0478 1104 NdisWan - ok
12:58:41.0621 1104 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
12:58:41.0624 1104 NDProxy - ok
12:58:41.0652 1104 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
12:58:41.0654 1104 NetBIOS - ok
12:58:41.0721 1104 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
12:58:41.0727 1104 netbt - ok
12:58:41.0873 1104 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
12:58:41.0919 1104 NETw3v32 - ok
12:58:42.0034 1104 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
12:58:42.0037 1104 nfrd960 - ok
12:58:42.0145 1104 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
12:58:42.0147 1104 Npfs - ok
12:58:42.0208 1104 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
12:58:42.0210 1104 nsiproxy - ok
12:58:42.0317 1104 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
12:58:42.0391 1104 Ntfs - ok
12:58:42.0524 1104 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\drivers\NTIDrvr.sys
12:58:42.0526 1104 NTIDrvr - ok
12:58:42.0680 1104 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
12:58:42.0699 1104 ntrigdigi - ok
12:58:42.0798 1104 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
12:58:42.0800 1104 NuidFltr - ok
12:58:42.0862 1104 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
12:58:42.0864 1104 Null - ok
12:58:42.0957 1104 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
12:58:42.0960 1104 nvraid - ok
12:58:43.0040 1104 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
12:58:43.0042 1104 nvstor - ok
12:58:43.0109 1104 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
12:58:43.0113 1104 nv_agp - ok
12:58:43.0135 1104 NwlnkFlt - ok
12:58:43.0159 1104 NwlnkFwd - ok
12:58:43.0241 1104 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
12:58:43.0244 1104 ohci1394 - ok
12:58:43.0348 1104 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
12:58:43.0352 1104 Parport - ok
12:58:43.0445 1104 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
12:58:43.0447 1104 partmgr - ok
12:58:43.0497 1104 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
12:58:43.0498 1104 Parvdm - ok
12:58:43.0568 1104 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
12:58:43.0572 1104 pci - ok
12:58:43.0655 1104 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
12:58:43.0657 1104 pciide - ok
12:58:43.0710 1104 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
12:58:43.0715 1104 pcmcia - ok
12:58:43.0818 1104 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
12:58:43.0841 1104 PEAUTH - ok
12:58:44.0015 1104 Point32 (d82ac5b7da8fdccda1323836516405ec) C:\Windows\system32\DRIVERS\point32k.sys
12:58:44.0017 1104 Point32 - ok
12:58:44.0128 1104 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
12:58:44.0130 1104 PptpMiniport - ok
12:58:44.0199 1104 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
12:58:44.0202 1104 Processor - ok
12:58:44.0289 1104 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
12:58:44.0293 1104 PSched - ok
12:58:44.0365 1104 PxHelp20 - ok
12:58:44.0479 1104 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
12:58:44.0502 1104 ql2300 - ok
12:58:44.0558 1104 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
12:58:44.0561 1104 ql40xx - ok
12:58:44.0690 1104 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
12:58:44.0693 1104 QWAVEdrv - ok
12:58:44.0780 1104 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
12:58:44.0782 1104 RasAcd - ok
12:58:44.0844 1104 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:58:44.0847 1104 Rasl2tp - ok
12:58:44.0914 1104 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
12:58:44.0917 1104 RasPppoe - ok
12:58:44.0982 1104 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
12:58:44.0984 1104 RasSstp - ok
12:58:45.0106 1104 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
12:58:45.0113 1104 rdbss - ok
12:58:45.0222 1104 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:58:45.0223 1104 RDPCDD - ok
12:58:45.0289 1104 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
12:58:45.0296 1104 rdpdr - ok
12:58:45.0317 1104 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
12:58:45.0319 1104 RDPENCDD - ok
12:58:45.0384 1104 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
12:58:45.0391 1104 RDPWD - ok
12:58:45.0529 1104 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
12:58:45.0533 1104 RFCOMM - ok
12:58:45.0604 1104 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
12:58:45.0606 1104 rimmptsk - ok
12:58:45.0659 1104 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
12:58:45.0661 1104 rimsptsk - ok
12:58:45.0697 1104 RimUsb - ok
12:58:45.0815 1104 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
12:58:45.0817 1104 RimVSerPort - ok
12:58:45.0839 1104 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
12:58:45.0841 1104 rismxdp - ok
12:58:45.0922 1104 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
12:58:45.0924 1104 ROOTMODEM - ok
12:58:45.0995 1104 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
12:58:45.0998 1104 rspndr - ok
12:58:46.0044 1104 SABProcEnum - ok
12:58:46.0158 1104 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:58:46.0160 1104 SASDIFSV - ok
12:58:46.0193 1104 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:58:46.0196 1104 SASKUTIL - ok
12:58:46.0298 1104 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
12:58:46.0301 1104 sbp2port - ok
12:58:46.0434 1104 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
12:58:46.0437 1104 sdbus - ok
12:58:46.0472 1104 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:58:46.0474 1104 secdrv - ok
12:58:46.0532 1104 Ser2pl (e42f03d1081c4f60d3db6c38235b1456) C:\Windows\system32\DRIVERS\ser2pl.sys
12:58:46.0534 1104 Ser2pl - ok
12:58:46.0636 1104 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
12:58:46.0638 1104 Serenum - ok
12:58:46.0679 1104 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
12:58:46.0682 1104 Serial - ok
12:58:46.0760 1104 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
12:58:46.0763 1104 sermouse - ok
12:58:46.0826 1104 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
12:58:46.0828 1104 sffdisk - ok
12:58:46.0860 1104 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
12:58:46.0862 1104 sffp_mmc - ok
12:58:46.0908 1104 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
12:58:46.0911 1104 sffp_sd - ok
12:58:47.0014 1104 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
12:58:47.0016 1104 sfloppy - ok
12:58:47.0108 1104 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
12:58:47.0110 1104 sisagp - ok
12:58:47.0158 1104 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
12:58:47.0160 1104 SiSRaid2 - ok
12:58:47.0192 1104 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
12:58:47.0196 1104 SiSRaid4 - ok
12:58:47.0292 1104 Smb (41a967e8b3159376c56d90381a11677b) C:\Windows\system32\DRIVERS\smb.sys
12:58:47.0294 1104 Smb - ok
12:58:47.0426 1104 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
12:58:47.0428 1104 spldr - ok
12:58:47.0591 1104 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
12:58:47.0605 1104 SRTSP - ok
12:58:47.0693 1104 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
12:58:47.0696 1104 SRTSPX - ok
12:58:47.0780 1104 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
12:58:47.0789 1104 srv - ok
12:58:47.0870 1104 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
12:58:47.0874 1104 srv2 - ok
12:58:47.0904 1104 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
12:58:47.0909 1104 srvnet - ok
12:58:48.0044 1104 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
12:58:48.0046 1104 swenum - ok
12:58:48.0113 1104 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
12:58:48.0115 1104 Symc8xx - ok
12:58:48.0274 1104 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
12:58:48.0283 1104 SymDS - ok
12:58:48.0359 1104 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
12:58:48.0377 1104 SymEFA - ok
12:58:48.0475 1104 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
12:58:48.0479 1104 SymEvent - ok
12:58:48.0545 1104 SYMFW - ok
12:58:48.0672 1104 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
12:58:48.0677 1104 SymIRON - ok
12:58:48.0731 1104 SYMNDISV - ok
12:58:48.0797 1104 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS
12:58:48.0807 1104 SYMTDIv - ok
12:58:48.0873 1104 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
12:58:48.0874 1104 Sym_hi - ok
12:58:48.0935 1104 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
12:58:48.0937 1104 Sym_u3 - ok
12:58:48.0997 1104 SynTP (f5d926807bd9bc0af68f9376144de425) C:\Windows\system32\DRIVERS\SynTP.sys
12:58:49.0003 1104 SynTP - ok
12:58:49.0085 1104 TAPBIND - ok
12:58:49.0233 1104 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
12:58:49.0256 1104 Tcpip - ok
12:58:49.0362 1104 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
12:58:49.0369 1104 Tcpip6 - ok
12:58:49.0425 1104 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
12:58:49.0427 1104 tcpipreg - ok
12:58:49.0488 1104 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
12:58:49.0490 1104 TDPIPE - ok
12:58:49.0557 1104 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
12:58:49.0559 1104 TDTCP - ok
12:58:49.0612 1104 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
12:58:49.0615 1104 tdx - ok
12:58:49.0674 1104 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
12:58:49.0676 1104 TermDD - ok
12:58:49.0782 1104 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:58:49.0785 1104 tssecsrv - ok
12:58:49.0842 1104 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
12:58:49.0843 1104 tunmp - ok
12:58:49.0946 1104 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
12:58:49.0948 1104 tunnel - ok
12:58:49.0999 1104 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
12:58:50.0002 1104 uagp35 - ok
12:58:50.0064 1104 UBHelper (d79c0b9bb011218b93705cbf77fa3e5e) C:\Windows\system32\drivers\UBHelper.sys
12:58:50.0067 1104 UBHelper - ok
12:58:50.0186 1104 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
12:58:50.0192 1104 udfs - ok
12:58:50.0286 1104 UIUSys - ok
12:58:50.0328 1104 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
12:58:50.0331 1104 uliagpkx - ok
12:58:50.0403 1104 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
12:58:50.0425 1104 uliahci - ok
12:58:50.0512 1104 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
12:58:50.0516 1104 UlSata - ok
12:58:50.0549 1104 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
12:58:50.0553 1104 ulsata2 - ok
12:58:50.0660 1104 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
12:58:50.0662 1104 umbus - ok
12:58:50.0739 1104 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:58:50.0742 1104 USBAAPL - ok
12:58:50.0840 1104 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
12:58:50.0841 1104 usbbus - ok
12:58:50.0894 1104 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
12:58:50.0897 1104 usbccgp - ok
12:58:50.0990 1104 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
12:58:50.0993 1104 usbcir - ok
12:58:51.0038 1104 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
12:58:51.0040 1104 UsbDiag - ok
12:58:51.0121 1104 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
12:58:51.0123 1104 usbehci - ok
12:58:51.0236 1104 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
12:58:51.0242 1104 usbhub - ok
12:58:51.0321 1104 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
12:58:51.0323 1104 USBModem - ok
12:58:51.0377 1104 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
12:58:51.0379 1104 usbohci - ok
12:58:51.0432 1104 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
12:58:51.0434 1104 usbprint - ok
12:58:51.0513 1104 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
12:58:51.0515 1104 usbscan - ok
12:58:51.0622 1104 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:58:51.0624 1104 USBSTOR - ok
12:58:51.0724 1104 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
12:58:51.0726 1104 usbuhci - ok
12:58:51.0815 1104 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
12:58:51.0817 1104 vga - ok
12:58:51.0852 1104 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
12:58:51.0854 1104 VgaSave - ok
12:58:51.0950 1104 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
12:58:51.0953 1104 viaagp - ok
12:58:52.0040 1104 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
12:58:52.0043 1104 ViaC7 - ok
12:58:52.0099 1104 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
12:58:52.0100 1104 viaide - ok
12:58:52.0162 1104 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
12:58:52.0165 1104 volmgr - ok
12:58:52.0236 1104 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
12:58:52.0245 1104 volmgrx - ok
12:58:52.0385 1104 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
12:58:52.0393 1104 volsnap - ok
12:58:52.0444 1104 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
12:58:52.0448 1104 vsmraid - ok
12:58:52.0498 1104 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
12:58:52.0500 1104 WacomPen - ok
12:58:52.0552 1104 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:52.0554 1104 Wanarp - ok
12:58:52.0560 1104 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:52.0562 1104 Wanarpv6 - ok
12:58:52.0674 1104 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
12:58:52.0677 1104 Wd - ok
12:58:52.0755 1104 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
12:58:52.0772 1104 Wdf01000 - ok
12:58:52.0924 1104 winachsf (e096ffb754f1e45ae1bddac1275ae2c5) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
12:58:52.0940 1104 winachsf - ok
12:58:53.0119 1104 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
12:58:53.0120 1104 WmiAcpi - ok
12:58:53.0207 1104 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
12:58:53.0209 1104 WpdUsb - ok
12:58:53.0282 1104 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
12:58:53.0284 1104 ws2ifsl - ok
12:58:53.0367 1104 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:58:53.0370 1104 WUDFRd - ok
12:58:53.0536 1104 XAudio (19e7c173b6242ad7521e537ae54768bf) C:\Windows\system32\DRIVERS\xaudio.sys
12:58:53.0538 1104 XAudio - ok
12:58:53.0578 1104 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
12:58:53.0620 1104 \Device\Harddisk0\DR0 - ok
12:58:53.0625 1104 Boot (0x1200) (c97f31126988217aadccfb259aaa76ec) \Device\Harddisk0\DR0\Partition0
12:58:53.0626 1104 \Device\Harddisk0\DR0\Partition0 - ok
12:58:53.0632 1104 Boot (0x1200) (3cedee00d1cfd2970cf4a93e87856f18) \Device\Harddisk0\DR0\Partition1
12:58:53.0634 1104 \Device\Harddisk0\DR0\Partition1 - ok
12:58:53.0635 1104 ============================================================
12:58:53.0635 1104 Scan finished
12:58:53.0635 1104 ============================================================
12:58:53.0653 3696 Detected object count: 0
12:58:53.0654 3696 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users