Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot run Windows Update


  • This topic is locked This topic is locked
19 replies to this topic

#1 arturdux

arturdux

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:37 PM

Posted 30 January 2012 - 08:55 AM

AII topic http://www.bleepingcomputer.com/forums/topic439818.html/page__pid__2577262#entry2577262


This thread continues the old thread "Am I still infected by Win 7 Internet Security 2012 virus?" (from the Am I infected? What do I do? forum) and has been opened as directed by boopme.

Hello again boopme,

As suggested, I followed steps 6-9 of the Preparation Guide. I used Defogger to disable any CD Emulation Software (whatever that is – also don't know what script-blocking programs are so I was unable to disable them) and then ran DDS without problems: I have attached the files dds.txt and attach.txt. I also ran GMER (the instructions say this is for 32-bit Windows only, but as you asked me to run it, I did). On running, a window opened: “WARNING!!! GMER has found system modification activity, which might have been caused by ROOTKIT activity. Do you want to fully scan your system?” - to which I clicked NO as instructed. At the end of the scan another window appeared: “GMER hasn't found any system modification.” - the ark.txt is 0kb and I couldn't upload it, but it is empty anyway.

I hope this is OK and that it enables you to progress this Update issue – I really do appreciate your help!

Attached Files


Edited by boopme, 30 January 2012 - 10:39 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 03 February 2012 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please post the logs for my review.

#3 arturdux

arturdux
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:37 PM

Posted 03 February 2012 - 02:40 PM

Hello nasdaq,

Glad to have you helping me - and I hope you can solve this problem, so that I can use Windows Update again!

Here is the log for TDSSKiller:

19:37:38.0962 1248 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
19:37:39.0737 1248 ============================================================
19:37:39.0737 1248 Current date / time: 2012/02/03 19:37:39.0737
19:37:39.0737 1248 SystemInfo:
19:37:39.0737 1248
19:37:39.0737 1248 OS Version: 6.1.7601 ServicePack: 1.0
19:37:39.0737 1248 Product type: Workstation
19:37:39.0737 1248 ComputerName: USER-PC
19:37:39.0737 1248 UserName: User
19:37:39.0737 1248 Windows directory: C:\Windows
19:37:39.0737 1248 System windows directory: C:\Windows
19:37:39.0737 1248 Running under WOW64
19:37:39.0737 1248 Processor architecture: Intel x64
19:37:39.0737 1248 Number of processors: 2
19:37:39.0737 1248 Page size: 0x1000
19:37:39.0737 1248 Boot type: Normal boot
19:37:39.0737 1248 ============================================================
19:37:40.0799 1248 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:37:40.0802 1248 Drive \Device\Harddisk1\DR2 - Size: 0x1E1FFFE00 (7.53 Gb), SectorSize: 0x200, Cylinders: 0x3D7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:37:40.0805 1248 \Device\Harddisk0\DR0:
19:37:40.0805 1248 MBR used
19:37:40.0805 1248 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:37:40.0805 1248 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
19:37:40.0805 1248 \Device\Harddisk1\DR2:
19:37:40.0805 1248 MBR used
19:37:40.0805 1248 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2C, BlocksNum 0xEF3FA4
19:37:40.0827 1248 Initialize success
19:37:40.0827 1248 ============================================================
19:38:03.0094 2324 ============================================================
19:38:03.0094 2324 Scan started
19:38:03.0094 2324 Mode: Manual;
19:38:03.0094 2324 ============================================================
19:38:04.0239 2324 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:38:04.0242 2324 1394ohci - ok
19:38:04.0296 2324 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:38:04.0300 2324 ACPI - ok
19:38:04.0336 2324 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:38:04.0337 2324 AcpiPmi - ok
19:38:04.0441 2324 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:38:04.0446 2324 adp94xx - ok
19:38:04.0474 2324 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:38:04.0477 2324 adpahci - ok
19:38:04.0495 2324 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:38:04.0497 2324 adpu320 - ok
19:38:04.0554 2324 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:38:04.0567 2324 AFD - ok
19:38:04.0606 2324 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:38:04.0609 2324 agp440 - ok
19:38:04.0644 2324 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:38:04.0645 2324 aliide - ok
19:38:04.0662 2324 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:38:04.0664 2324 amdide - ok
19:38:04.0704 2324 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:38:04.0705 2324 AmdK8 - ok
19:38:04.0736 2324 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:38:04.0737 2324 AmdPPM - ok
19:38:04.0780 2324 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:38:04.0782 2324 amdsata - ok
19:38:04.0812 2324 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:38:04.0815 2324 amdsbs - ok
19:38:04.0829 2324 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:38:04.0831 2324 amdxata - ok
19:38:04.0882 2324 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:38:04.0884 2324 AppID - ok
19:38:04.0932 2324 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:38:04.0935 2324 arc - ok
19:38:04.0956 2324 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:38:04.0957 2324 arcsas - ok
19:38:04.0997 2324 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:38:04.0999 2324 AsyncMac - ok
19:38:05.0026 2324 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:38:05.0027 2324 atapi - ok
19:38:05.0105 2324 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:38:05.0110 2324 b06bdrv - ok
19:38:05.0147 2324 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:38:05.0151 2324 b57nd60a - ok
19:38:05.0185 2324 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:38:05.0186 2324 Beep - ok
19:38:05.0349 2324 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys
19:38:05.0375 2324 BHDrvx64 - ok
19:38:05.0484 2324 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:38:05.0485 2324 blbdrive - ok
19:38:05.0545 2324 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:38:05.0546 2324 bowser - ok
19:38:05.0591 2324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:38:05.0592 2324 BrFiltLo - ok
19:38:05.0610 2324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:38:05.0611 2324 BrFiltUp - ok
19:38:05.0642 2324 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:38:05.0646 2324 Brserid - ok
19:38:05.0665 2324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:38:05.0666 2324 BrSerWdm - ok
19:38:05.0692 2324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:38:05.0694 2324 BrUsbMdm - ok
19:38:05.0709 2324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:38:05.0710 2324 BrUsbSer - ok
19:38:05.0729 2324 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:38:05.0730 2324 BTHMODEM - ok
19:38:05.0771 2324 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:38:05.0774 2324 cdfs - ok
19:38:05.0817 2324 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:38:05.0820 2324 cdrom - ok
19:38:05.0869 2324 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:38:05.0871 2324 circlass - ok
19:38:05.0899 2324 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:38:05.0902 2324 CLFS - ok
19:38:06.0027 2324 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:38:06.0029 2324 CmBatt - ok
19:38:06.0067 2324 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:38:06.0069 2324 cmdide - ok
19:38:06.0109 2324 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:38:06.0114 2324 CNG - ok
19:38:06.0131 2324 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:38:06.0132 2324 Compbatt - ok
19:38:06.0174 2324 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:38:06.0175 2324 CompositeBus - ok
19:38:06.0202 2324 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:38:06.0204 2324 crcdisk - ok
19:38:06.0262 2324 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:38:06.0264 2324 DfsC - ok
19:38:06.0365 2324 DFSYS (245244b2740975f74f56559105093a2d) C:\Program Files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS
19:38:06.0366 2324 DFSYS - ok
19:38:06.0454 2324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:38:06.0455 2324 discache - ok
19:38:06.0489 2324 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:38:06.0490 2324 Disk - ok
19:38:06.0541 2324 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
19:38:06.0544 2324 Dot4 - ok
19:38:06.0594 2324 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
19:38:06.0595 2324 Dot4Print - ok
19:38:06.0630 2324 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
19:38:06.0631 2324 dot4usb - ok
19:38:06.0665 2324 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:38:06.0666 2324 drmkaud - ok
19:38:06.0716 2324 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:38:06.0734 2324 DXGKrnl - ok
19:38:06.0831 2324 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:38:06.0892 2324 ebdrv - ok
19:38:06.0992 2324 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:38:06.0999 2324 eeCtrl - ok
19:38:07.0110 2324 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:38:07.0115 2324 elxstor - ok
19:38:07.0206 2324 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:38:07.0209 2324 EraserUtilRebootDrv - ok
19:38:07.0279 2324 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:38:07.0280 2324 ErrDev - ok
19:38:07.0329 2324 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:38:07.0331 2324 exfat - ok
19:38:07.0352 2324 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:38:07.0354 2324 fastfat - ok
19:38:07.0385 2324 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:38:07.0386 2324 fdc - ok
19:38:07.0417 2324 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:38:07.0420 2324 FileInfo - ok
19:38:07.0439 2324 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:38:07.0440 2324 Filetrace - ok
19:38:07.0475 2324 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:38:07.0476 2324 flpydisk - ok
19:38:07.0517 2324 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:38:07.0520 2324 FltMgr - ok
19:38:07.0547 2324 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:38:07.0550 2324 FsDepends - ok
19:38:07.0565 2324 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:38:07.0566 2324 Fs_Rec - ok
19:38:07.0625 2324 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:38:07.0627 2324 fvevol - ok
19:38:07.0676 2324 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:38:07.0679 2324 gagp30kx - ok
19:38:07.0709 2324 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:38:07.0710 2324 GEARAspiWDM - ok
19:38:07.0749 2324 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:38:07.0750 2324 hcw85cir - ok
19:38:07.0806 2324 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:38:07.0810 2324 HdAudAddService - ok
19:38:07.0841 2324 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:38:07.0844 2324 HDAudBus - ok
19:38:07.0886 2324 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:38:07.0887 2324 HidBatt - ok
19:38:07.0906 2324 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:38:07.0909 2324 HidBth - ok
19:38:07.0935 2324 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:38:07.0936 2324 HidIr - ok
19:38:07.0985 2324 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
19:38:07.0987 2324 HidUsb - ok
19:38:08.0025 2324 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:38:08.0027 2324 HpSAMD - ok
19:38:08.0089 2324 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:38:08.0104 2324 HTTP - ok
19:38:08.0141 2324 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:38:08.0142 2324 hwpolicy - ok
19:38:08.0176 2324 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:38:08.0179 2324 i8042prt - ok
19:38:08.0229 2324 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:38:08.0234 2324 iaStorV - ok
19:38:08.0370 2324 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120202.002\IDSvia64.sys
19:38:08.0384 2324 IDSVia64 - ok
19:38:08.0467 2324 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:38:08.0469 2324 iirsp - ok
19:38:08.0541 2324 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:38:08.0542 2324 intelide - ok
19:38:08.0581 2324 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:38:08.0584 2324 intelppm - ok
19:38:08.0634 2324 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:38:08.0636 2324 IpFilterDriver - ok
19:38:08.0675 2324 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:38:08.0676 2324 IPMIDRV - ok
19:38:08.0707 2324 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:38:08.0710 2324 IPNAT - ok
19:38:08.0742 2324 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:38:08.0744 2324 IRENUM - ok
19:38:08.0784 2324 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:38:08.0785 2324 isapnp - ok
19:38:08.0821 2324 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:38:08.0825 2324 iScsiPrt - ok
19:38:08.0855 2324 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:38:08.0857 2324 kbdclass - ok
19:38:08.0907 2324 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:38:08.0909 2324 kbdhid - ok
19:38:08.0955 2324 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:38:08.0956 2324 KSecDD - ok
19:38:08.0989 2324 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:38:08.0991 2324 KSecPkg - ok
19:38:09.0026 2324 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:38:09.0027 2324 ksthunk - ok
19:38:09.0067 2324 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:38:09.0069 2324 lltdio - ok
19:38:09.0135 2324 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:38:09.0137 2324 LSI_FC - ok
19:38:09.0165 2324 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:38:09.0167 2324 LSI_SAS - ok
19:38:09.0182 2324 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:38:09.0184 2324 LSI_SAS2 - ok
19:38:09.0204 2324 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:38:09.0206 2324 LSI_SCSI - ok
19:38:09.0221 2324 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:38:09.0222 2324 luafv - ok
19:38:09.0244 2324 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:38:09.0246 2324 megasas - ok
19:38:09.0269 2324 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:38:09.0272 2324 MegaSR - ok
19:38:09.0292 2324 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:38:09.0294 2324 Modem - ok
19:38:09.0322 2324 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:38:09.0322 2324 monitor - ok
19:38:09.0370 2324 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:38:09.0372 2324 mouclass - ok
19:38:09.0407 2324 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:38:09.0409 2324 mouhid - ok
19:38:09.0447 2324 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:38:09.0450 2324 mountmgr - ok
19:38:09.0485 2324 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:38:09.0487 2324 mpio - ok
19:38:09.0515 2324 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:38:09.0516 2324 mpsdrv - ok
19:38:09.0610 2324 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:38:09.0612 2324 MRxDAV - ok
19:38:09.0650 2324 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:38:09.0651 2324 mrxsmb - ok
19:38:09.0691 2324 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:38:09.0695 2324 mrxsmb10 - ok
19:38:09.0736 2324 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:38:09.0739 2324 mrxsmb20 - ok
19:38:09.0774 2324 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:38:09.0775 2324 msahci - ok
19:38:09.0812 2324 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:38:09.0815 2324 msdsm - ok
19:38:09.0852 2324 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:38:09.0852 2324 Msfs - ok
19:38:09.0876 2324 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:38:09.0877 2324 mshidkmdf - ok
19:38:09.0916 2324 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:38:09.0916 2324 msisadrv - ok
19:38:09.0941 2324 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:38:09.0942 2324 MSKSSRV - ok
19:38:09.0961 2324 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:38:09.0962 2324 MSPCLOCK - ok
19:38:09.0980 2324 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:38:09.0981 2324 MSPQM - ok
19:38:10.0016 2324 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:38:10.0021 2324 MsRPC - ok
19:38:10.0064 2324 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:38:10.0064 2324 mssmbios - ok
19:38:10.0101 2324 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:38:10.0102 2324 MSTEE - ok
19:38:10.0144 2324 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:38:10.0145 2324 MTConfig - ok
19:38:10.0157 2324 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:38:10.0159 2324 Mup - ok
19:38:10.0210 2324 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:38:10.0214 2324 NativeWifiP - ok
19:38:10.0347 2324 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120202.033\ENG64.SYS
19:38:10.0350 2324 NAVENG - ok
19:38:10.0534 2324 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120202.033\EX64.SYS
19:38:10.0576 2324 NAVEX15 - ok
19:38:10.0687 2324 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:38:10.0704 2324 NDIS - ok
19:38:10.0759 2324 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:38:10.0760 2324 NdisCap - ok
19:38:10.0790 2324 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:38:10.0791 2324 NdisTapi - ok
19:38:10.0835 2324 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:38:10.0836 2324 Ndisuio - ok
19:38:10.0877 2324 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:38:10.0880 2324 NdisWan - ok
19:38:10.0917 2324 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:38:10.0919 2324 NDProxy - ok
19:38:10.0954 2324 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:38:10.0955 2324 NetBIOS - ok
19:38:11.0001 2324 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:38:11.0005 2324 NetBT - ok
19:38:11.0064 2324 netr28ux (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
19:38:11.0080 2324 netr28ux - ok
19:38:11.0125 2324 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:38:11.0126 2324 nfrd960 - ok
19:38:11.0190 2324 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:38:11.0191 2324 Npfs - ok
19:38:11.0205 2324 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:38:11.0206 2324 nsiproxy - ok
19:38:11.0267 2324 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:38:11.0302 2324 Ntfs - ok
19:38:11.0319 2324 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:38:11.0320 2324 Null - ok
19:38:11.0355 2324 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
19:38:11.0360 2324 NVENETFD - ok
19:38:11.0585 2324 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:38:11.0779 2324 nvlddmkm - ok
19:38:11.0826 2324 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:38:11.0829 2324 nvraid - ok
19:38:11.0862 2324 nvsmu (f6c6d8298dd85507f680437ec2e6899c) C:\Windows\system32\DRIVERS\nvsmu.sys
19:38:11.0864 2324 nvsmu - ok
19:38:11.0901 2324 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:38:11.0904 2324 nvstor - ok
19:38:11.0961 2324 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:38:11.0964 2324 nv_agp - ok
19:38:11.0999 2324 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:38:12.0000 2324 ohci1394 - ok
19:38:12.0044 2324 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:38:12.0046 2324 Parport - ok
19:38:12.0086 2324 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:38:12.0087 2324 partmgr - ok
19:38:12.0124 2324 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:38:12.0126 2324 pci - ok
19:38:12.0164 2324 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:38:12.0165 2324 pciide - ok
19:38:12.0209 2324 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:38:12.0211 2324 pcmcia - ok
19:38:12.0234 2324 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:38:12.0235 2324 pcw - ok
19:38:12.0262 2324 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:38:12.0275 2324 PEAUTH - ok
19:38:12.0380 2324 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:38:12.0381 2324 PptpMiniport - ok
19:38:12.0416 2324 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:38:12.0419 2324 Processor - ok
19:38:12.0466 2324 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:38:12.0469 2324 Psched - ok
19:38:12.0524 2324 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:38:12.0550 2324 ql2300 - ok
19:38:12.0579 2324 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:38:12.0581 2324 ql40xx - ok
19:38:12.0611 2324 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:38:12.0612 2324 QWAVEdrv - ok
19:38:12.0634 2324 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:38:12.0635 2324 RasAcd - ok
19:38:12.0660 2324 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:38:12.0662 2324 RasAgileVpn - ok
19:38:12.0701 2324 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:38:12.0702 2324 Rasl2tp - ok
19:38:12.0717 2324 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:38:12.0719 2324 RasPppoe - ok
19:38:12.0736 2324 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:38:12.0737 2324 RasSstp - ok
19:38:12.0777 2324 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:38:12.0781 2324 rdbss - ok
19:38:12.0819 2324 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:38:12.0820 2324 rdpbus - ok
19:38:12.0842 2324 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:38:12.0844 2324 RDPCDD - ok
19:38:12.0864 2324 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:38:12.0865 2324 RDPENCDD - ok
19:38:12.0884 2324 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:38:12.0885 2324 RDPREFMP - ok
19:38:12.0919 2324 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:38:12.0921 2324 RDPWD - ok
19:38:12.0962 2324 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:38:12.0966 2324 rdyboost - ok
19:38:13.0019 2324 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:38:13.0021 2324 rspndr - ok
19:38:13.0065 2324 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:38:13.0067 2324 sbp2port - ok
19:38:13.0106 2324 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:38:13.0107 2324 scfilter - ok
19:38:13.0185 2324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:38:13.0186 2324 secdrv - ok
19:38:13.0217 2324 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:38:13.0219 2324 Serenum - ok
19:38:13.0230 2324 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:38:13.0232 2324 Serial - ok
19:38:13.0284 2324 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:38:13.0285 2324 sermouse - ok
19:38:13.0326 2324 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:38:13.0327 2324 sffdisk - ok
19:38:13.0341 2324 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:38:13.0342 2324 sffp_mmc - ok
19:38:13.0351 2324 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:38:13.0352 2324 sffp_sd - ok
19:38:13.0389 2324 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:38:13.0390 2324 sfloppy - ok
19:38:13.0426 2324 SipIMNDI (bd0d88034925e49a273a44905e2796a8) C:\Windows\system32\DRIVERS\SipIMNDI64.sys
19:38:13.0427 2324 SipIMNDI - ok
19:38:13.0457 2324 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:38:13.0459 2324 SiSRaid2 - ok
19:38:13.0476 2324 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:38:13.0477 2324 SiSRaid4 - ok
19:38:13.0515 2324 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:38:13.0516 2324 Smb - ok
19:38:13.0562 2324 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:38:13.0564 2324 spldr - ok
19:38:13.0665 2324 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
19:38:13.0680 2324 SRTSP - ok
19:38:13.0722 2324 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
19:38:13.0724 2324 SRTSPX - ok
19:38:13.0764 2324 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:38:13.0769 2324 srv - ok
19:38:13.0802 2324 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:38:13.0807 2324 srv2 - ok
19:38:13.0830 2324 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:38:13.0832 2324 srvnet - ok
19:38:13.0871 2324 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:38:13.0872 2324 stexstor - ok
19:38:13.0916 2324 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:38:13.0917 2324 swenum - ok
19:38:14.0015 2324 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
19:38:14.0020 2324 SymDS - ok
19:38:14.0079 2324 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
19:38:14.0095 2324 SymEFA - ok
19:38:14.0201 2324 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:38:14.0204 2324 SymEvent - ok
19:38:14.0306 2324 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
19:38:14.0309 2324 SymIRON - ok
19:38:14.0372 2324 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
19:38:14.0376 2324 SymNetS - ok
19:38:14.0429 2324 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
19:38:14.0429 2324 taphss - ok
19:38:14.0504 2324 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:38:14.0540 2324 Tcpip - ok
19:38:14.0591 2324 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:38:14.0601 2324 TCPIP6 - ok
19:38:14.0640 2324 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:38:14.0641 2324 tcpipreg - ok
19:38:14.0674 2324 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:38:14.0675 2324 TDPIPE - ok
19:38:14.0687 2324 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:38:14.0689 2324 TDTCP - ok
19:38:14.0724 2324 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:38:14.0726 2324 tdx - ok
19:38:14.0770 2324 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:38:14.0772 2324 TermDD - ok
19:38:14.0822 2324 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:38:14.0824 2324 tssecsrv - ok
19:38:14.0869 2324 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:38:14.0870 2324 TsUsbFlt - ok
19:38:14.0912 2324 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:38:14.0915 2324 tunnel - ok
19:38:14.0954 2324 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:38:14.0955 2324 uagp35 - ok
19:38:14.0989 2324 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:38:14.0994 2324 udfs - ok
19:38:15.0044 2324 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:38:15.0045 2324 uliagpkx - ok
19:38:15.0086 2324 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:38:15.0087 2324 umbus - ok
19:38:15.0127 2324 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:38:15.0129 2324 UmPass - ok
19:38:15.0157 2324 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:38:15.0160 2324 usbccgp - ok
19:38:15.0197 2324 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:38:15.0199 2324 usbcir - ok
19:38:15.0226 2324 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:38:15.0227 2324 usbehci - ok
19:38:15.0257 2324 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:38:15.0261 2324 usbhub - ok
19:38:15.0279 2324 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:38:15.0280 2324 usbohci - ok
19:38:15.0311 2324 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:38:15.0314 2324 usbprint - ok
19:38:15.0355 2324 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:38:15.0356 2324 usbscan - ok
19:38:15.0387 2324 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:15.0390 2324 USBSTOR - ok
19:38:15.0421 2324 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:38:15.0422 2324 usbuhci - ok
19:38:15.0444 2324 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:38:15.0445 2324 vdrvroot - ok
19:38:15.0477 2324 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:15.0479 2324 vga - ok
19:38:15.0495 2324 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:38:15.0496 2324 VgaSave - ok
19:38:15.0527 2324 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:38:15.0530 2324 vhdmp - ok
19:38:15.0571 2324 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:38:15.0572 2324 viaide - ok
19:38:15.0604 2324 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:38:15.0605 2324 volmgr - ok
19:38:15.0646 2324 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:38:15.0650 2324 volmgrx - ok
19:38:15.0694 2324 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:38:15.0696 2324 volsnap - ok
19:38:15.0741 2324 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:38:15.0745 2324 vsmraid - ok
19:38:15.0776 2324 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:38:15.0777 2324 vwifibus - ok
19:38:15.0805 2324 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:38:15.0806 2324 vwififlt - ok
19:38:15.0835 2324 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:38:15.0836 2324 vwifimp - ok
19:38:15.0879 2324 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:38:15.0880 2324 WacomPen - ok
19:38:15.0926 2324 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:15.0929 2324 WANARP - ok
19:38:15.0945 2324 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:15.0946 2324 Wanarpv6 - ok
19:38:15.0974 2324 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:38:15.0975 2324 Wd - ok
19:38:16.0011 2324 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:38:16.0024 2324 Wdf01000 - ok
19:38:16.0062 2324 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:38:16.0064 2324 WfpLwf - ok
19:38:16.0086 2324 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:38:16.0087 2324 WIMMount - ok
19:38:16.0155 2324 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:38:16.0155 2324 WmiAcpi - ok
19:38:16.0191 2324 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:38:16.0192 2324 ws2ifsl - ok
19:38:16.0254 2324 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:38:16.0256 2324 WudfPf - ok
19:38:16.0271 2324 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:38:16.0274 2324 WUDFRd - ok
19:38:16.0310 2324 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:38:16.0370 2324 \Device\Harddisk0\DR0 - ok
19:38:16.0375 2324 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
19:38:16.0377 2324 \Device\Harddisk1\DR2 - ok
19:38:16.0381 2324 Boot (0x1200) (4cccce0de1044d34781304f4dd9e6f2f) \Device\Harddisk0\DR0\Partition0
19:38:16.0381 2324 \Device\Harddisk0\DR0\Partition0 - ok
19:38:16.0392 2324 Boot (0x1200) (c330d8737829a71009ca187c46d7ad89) \Device\Harddisk0\DR0\Partition1
19:38:16.0394 2324 \Device\Harddisk0\DR0\Partition1 - ok
19:38:16.0397 2324 Boot (0x1200) (5cef0dbb7248872ae8003376fa3a902f) \Device\Harddisk1\DR2\Partition0
19:38:16.0397 2324 \Device\Harddisk1\DR2\Partition0 - ok
19:38:16.0399 2324 ============================================================
19:38:16.0399 2324 Scan finished
19:38:16.0399 2324 ============================================================
19:38:16.0411 3932 Detected object count: 0
19:38:16.0411 3932 Actual detected object count: 0
19:43:14.0320 1544 Deinitialize success

...and here is the log for aswMBR:

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-03 19:44:33
-----------------------------
19:44:33.286 OS Version: Windows x64 6.1.7601 Service Pack 1
19:44:33.286 Number of processors: 2 586 0x602
19:44:33.288 ComputerName: USER-PC UserName: User
19:44:34.522 Initialize success
19:56:41.951 AVAST engine defs: 12020300
20:02:20.142 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:02:20.146 Disk 0 Vendor: WDC_WD5000AAJS-55A8B2 01.03B01 Size: 476940MB BusType: 11
20:02:20.158 Disk 0 MBR read successfully
20:02:20.161 Disk 0 MBR scan
20:02:20.166 Disk 0 Windows 7 default MBR code
20:02:20.176 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:02:20.190 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
20:02:20.195 Service scanning
20:02:21.358 Modules scanning
20:02:21.367 Disk 0 trace - called modules:
20:02:21.382 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:02:21.391 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004249060]
20:02:21.398 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80040951e0]
20:02:21.406 5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040d1060]
20:02:22.548 AVAST engine scan C:\Windows
20:02:25.206 AVAST engine scan C:\Windows\system32
20:05:37.111 AVAST engine scan C:\Windows\system32\drivers
20:06:01.141 AVAST engine scan C:\Users\User
20:12:32.165 AVAST engine scan C:\ProgramData
20:15:00.690 Scan finished successfully
20:27:37.261 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
20:27:37.266 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

...and finally, the zipped MBR.dat file is attached to this message.

I hope you have luck finding a clue as to the cause of this problem, and look forward to your reply.

Attached Files

  • Attached File  MBR.zip   559bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 04 February 2012 - 08:02 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

If still having problems with you updates please run this tool also.

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Windows Firewall
    • System Restore
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Please post the logs for my review.

#5 arturdux

arturdux
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:37 PM

Posted 04 February 2012 - 04:22 PM

Hello nasdaq,

As requested I ran CombiFix: it took me some figure out how to disable Norton 360, but I think I managed in the end, and the CombiFix log is shown below.

Afterwards, I checked whether Windows Update was running again. I went to the Control Panel and clicked "Windows Update", and the PC just hung for several minutes, then a screen appeared which said (I translate from the original German):

"Windows Update
Check for updates for the computer"

To the left of this text was a red shield and a white cross, and next to that a button labelled "Check for updates". I clicked the "Check for updates" button, and a message box appeared which said:

"Windows Update Cannot Currently Check For Updates, Because The Service Is Not Running. You May Need To Restart Your Computer".

I restarted the PC and nothing had changed - still no updates...

I also ran Security Check and Farbar Service Scanner as requested - those logs are also below. (Security Check says that my Spybot Teatimer is disabled - I will re-enable that asap).

It is frustrating that Windows Update is still not running - but as before I hope that these logs contain some clue(s) as to why and you can come up with the solution!

- arturdux


CombiFix log:

ComboFix 12-02-05.01 - User 04.02.2012 20:47:15.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3839.2537 [GMT 1:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\prefs.js
c:\programdata\Microsoft\Windows\Start Menu\Programs\CleanUp
c:\programdata\Microsoft\Windows\Start Menu\Programs\CleanUp\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\CleanUp\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\CleanUp\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\CleanUp\Malwarebytes' Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\windows\assembly\tmp\U
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\ST6UNST.000
c:\windows\WindowsUpdate.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-04 bis 2012-02-04 ))))))))))))))))))))))))))))))
.
.
2012-02-04 19:51 . 2012-02-04 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 06:29 . 2012-01-31 06:29 -------- d-----w- c:\windows\system32\drivers\N360x64\0502000.00D
2012-01-27 17:35 . 2012-01-27 17:35 -------- d-----w- c:\users\User\IBM
2012-01-27 17:35 . 2012-01-27 17:35 -------- d-----w- c:\program files (x86)\IBM
2012-01-27 14:35 . 2012-01-27 14:34 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-01-27 14:35 . 2012-01-27 14:34 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-27 14:34 . 2012-01-27 14:34 -------- d-----w- c:\program files\Java
2012-01-27 11:48 . 2012-01-27 11:48 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-01-23 08:11 . 2012-01-23 08:11 -------- d-----w- c:\program files (x86)\FormatFactory
2012-01-20 18:53 . 2012-01-20 18:58 -------- d-----w- c:\program files\CCleaner
2012-01-19 13:45 . 2012-01-19 13:45 -------- d-----w- c:\program files\Avidemux 2.5.6
2012-01-19 13:39 . 2012-01-19 14:13 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2012-01-10 09:30 . 2012-01-10 09:30 -------- d-----w- c:\users\User\AppData\Roaming\AdobeUM
2012-01-09 08:27 . 2012-01-09 08:27 -------- d-----w- c:\users\User\AppData\Roaming\ProgSense
2012-01-09 08:27 . 2012-01-09 08:27 -------- d-----w- c:\users\User\AppData\Roaming\GrabPro
2012-01-09 08:27 . 2012-02-04 19:30 -------- d-----w- c:\users\User\AppData\Roaming\Orbit
2012-01-09 08:27 . 2012-01-19 17:46 -------- d-----w- c:\program files (x86)\Orbitdownloader
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-29 17:06 . 2011-06-25 09:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-19 08:56 . 2011-12-18 12:36 249856 ----a-w- c:\windows\Setup1.exe
2011-12-19 08:56 . 2011-12-18 12:36 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-12-18 16:32 . 2011-12-18 16:32 8 ----a-w- c:\programdata\HCPQMYSGWPP.SYS
2011-12-18 16:04 . 2011-12-18 12:42 8 ----a-w- c:\programdata\VGANGMJYMWPP.SYS
2011-12-10 14:24 . 2010-07-14 17:28 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-24 04:52 . 2011-12-15 21:10 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 18:32 . 2011-11-15 18:32 56832 ----a-w- c:\windows\system32\drivers\hssdrv.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SymphonyPreLoad"="c:\program files (x86)\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.symphony.standard.launcher.win32.x86_3.0.1.20120110-2000\IBM Lotus Symphony -nogui -nosplash" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"T-Home Dialerschutz-Software"="c:\program files (x86)\T-Home\Dialerschutz-Software\Defender64.exe" [2010-03-29 1974408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Speedport W 102 WLAN Manager.lnk - c:\program files (x86)\DT\Speedport W 102 Stick\UI.exe [2008-11-9 741376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
R3 DFSYS;T-Home Dialerschutz Hooking Treiber;c:\program files (x86)\T-Home\Dialerschutz-Software\DFSYS64.SYS [2009-10-15 17952]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 136176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2011-12-23 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120203.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DFSVC;T-Home Dialerschutz Dienst;c:\program files (x86)\T-Home\Dialerschutz-Software\DFInject64.exe [2009-10-21 376832]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 11:39]
.
2012-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-26 11:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-04 20:55:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-04 19:55
.
Vor Suchlauf: 9 Verzeichnis(se), 399.688.503.296 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 399.524.089.856 Bytes frei
.
- - End Of File - - 163F68EF4BDDF573FCEC1B537E2EB7EC


Security Check log:

Results of screen317's Security Check version 0.99.30
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Duplicate Cleaner 2.1b
Adobe Reader X (10.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Spybot Teatimer.exe is disabled!
``````````End of Log````````````


FSS log:

Farbar Service Scanner Version: 04-02-2012 01
Ran by User (administrator) on 04-02-2012 at 22:06:44
Running from "C:\Users\User\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************



Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Windows Update:
===========

File Check:
========
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Edited by arturdux, 05 February 2012 - 04:03 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 05 February 2012 - 09:04 AM

Your logs are clean.

Problem with your Windows updates.

Navigate to this page.
http://helpdeskgeek.com/windows-7/cannot-run-windows-update-on-a-windows-7-pc/

Before deleting the C:\Windows\SoftwareDistribution\ folder make sure that the Windows Update service is started.

The first thing to do is to stop the Windows Update service on your Windows 7 machine. You can do this by going to Start and typing in services.msc in the search box.

Next, press Enter and the Windows Services dialog will appear. Now scroll down until you see the Windows Update service, if the service is stopped,
right-click on it and choose Start.

Restart the computer.
==

If the Windows Update service is already started then proceed to delete the folder as suggested.

Restart the computer.

Check you Windows update.
===

#7 arturdux

arturdux
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:37 PM

Posted 05 February 2012 - 01:03 PM

Hello nasdaq,

I am happy that my logs are OK - I hope that means I am now virus-free! :) Is it OK to de-install CombiFix?

However, when I tried the fix given in the linked article, I had no success... :(

After deleting the contents of folder C:\Windows\SoftwareDistribution\ I went back into services.msc to restart the Windows Update service. It would not let me restart the service: it will allow me to set the Start Type to "automatic" but it will not allow me to start the service: it tries to start, but then a pop-up appears saying: "The service "Windows Update" on "Local Computer" could not be started. Error 0x80070005 Access denied."

Again I checked whether Windows Update was running again. From the Control Panel I clicked Windows Update, and the PC hung for a few minutes, then a screen appeared which said "Windows Update. Check for updates for the computer" To the left of this text was a red shield and a white cross; and next to that a button labelled "Check for updates". Under this message there was more text: "More information about free software from (null) Click here to receive details." I clicked the "Check for updates" button, and a message box appeared which said: "Windows Update Cannot Currently Check For Updates, Because The Service Is Not Running. You May Need To Restart Your Computer". I restarted the PC and nothing had changed - still no updates.

I also checked the folder C:\Windows\SoftwareDistribution\ - according to the linked article, all these files and folders should now be re-created - but it is empty! I don't know what the implication of that is - should I now restore to a previous restore point to get the contents back?


I hope you can make sense of all this and look forward to your advice.

- arturdux


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 05 February 2012 - 02:24 PM

I also checked the folder C:\Windows\SoftwareDistribution\ - according to the linked article, all these files and folders should now be re-created - but it is empty! I don't know what the implication of that is - should I now restore to a previous restore point to get the contents back?


Yes I think you should.

If you have a good restore point dated prior to the beginning of your problem I would restore it. That would be your best solution.

===


If you are still having problem with your updates I would look at this success story.

http://forums.techarena.in/windows-update/1118137.htm

In post no 4. starting at Posted fix in safe mode as Administrator by someone else:

Execute the fix up to

And Walla Automatic Updates if back.

How is it now?

#9 arturdux

arturdux
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:37 PM

Posted 06 February 2012 - 11:23 AM

Hello nasdaq,

I wish that I could simply restore my PC to how it was before these problems started - but as I said at the start, it was not possible, because System Restore was affected; and since Windows was pre-installed when I bought the PC, I cannot do a re-install - so I have to stick with the PC as it is and try to fix it from there.

This new advice seems complex, so I had a look at the registry in normal mode to make sure I can find my way around.

I searched for the relevant keys and found 10 BITS keys and 3 wuauserv keys:

HKEY_CLASSES_ROOT\AppID\BITS
HKEY_CLASSES_ROOT\Wow6432Node\AppID\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv

Under permissions, there are 5 types of Security Group - Creator/Owner, System, Administrators, User, and Trusted Installer and each key has 4 Security Groups (but not always the same 4 Groups). But it is not clear from the advice to which Security Group I am supposed to give "Full Control" could you advise me?

At least the issue of changing the Image Path is not applicable - all look correct.

I do not want to make any further changes until I am 100% clear as to what I am changing and how so I will wait for your reply before proceeding.

- arturdux

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 06 February 2012 - 01:46 PM

Before you do any change to your registry I suggest you backup your registry.

Erunt.exe should be in your computer.

Run Erunt.exe and backup your registry to a folder of you choice.

If the .exe is not available you can get a copy by following the instructions below.

BackupYour Registry with ERUNT

  • Please go here, scroll down to ERUNT, and download.
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: To restore your registry, go to the folder and start ERDNT.exe

===

Under permissions, there are 5 types of Security Group - Creator/Owner, System, Administrators, User, and Trusted Installer and each key has 4 Security Groups (but not always the same 4 Groups). But it is not clear from the advice to which Security Group I am supposed to give "Full Control" could you advise me?


If you are the Administrator I would use the Administrators group.

If that fails then the User Group. Make sure you are logged-in with the correct user name.

#11 arturdux

arturdux
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:37 PM

Posted 06 February 2012 - 02:46 PM

Hello Nasdaq,

Yes I will back up the registy before making any changes - or at least if do make any changes...

Because I have just noticed that this latest advice relates to Windows XP, not Windows 7 - and I think this makes a difference to how you change permissions in the registry.

To show what I mean, the latest instructions say:

Go through all the keys one at a time and first check its permissions by right clicking on the key > Permissions > enable FULL CONTROL > CLICK APPLY

So, I have just had another look in the registry in normal mode. I selected a wuauserv key and right-clicked on it, then clicked permissions - and up came a window with 2 panels:

- the upper panel lists the Security Groups (System, User, etc.), which can be deleted or added to;
- the lower panel shows the permissions for each of the Security Groups

There is no button to enable Full Control, so I cannot simply "click to enable Full Control" - presumably I could in the Windows XP registry, but not in Windows 7.

So at the moment I am stuck and cannot go any further! Any thoughts?

- arturdux

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 07 February 2012 - 08:46 AM

I may be going in the wrong direction with this fix.

I suggest you start a new topic in the Windows 7 forum.
an expert in that operating system will be able to help you better than I can.

Windows 7
http://www.bleepingcomputer.com/forums/forum167.html

I will keep this topic open for 5 days. Should you need additional help please ask.

#13 arturdux

arturdux
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:37 PM

Posted 07 February 2012 - 12:17 PM

Hello nasdaq,

OK - since I now appear to be free of malware, I think it would be a good idea to put this on the Windows 7 forum - I will start the new thread some time in the next couple of days.

As a last step in this thread, could you tell me how I get rid of ComboFix? As soon as I re-enabled my Norton 360, the ComboFix icon disappeared from my desktop, and I suppose I should now delete the rest of the program. According to the ComboFix page, you de-install by clicking on the Start button, then entering combofix /uninstall in the Search field to get at the Uninstall icon. But when I do this I do not get an icon or indeed anything.

I can see on my C drive two folders:

- ComboFix : 2 folders, 79 files, 4,59 MB
- Qoobox : 24 folders, 19 files, 3,12 MB

Is it OK just to delete these folders? I am concerned about the ComboFix folder: its icon is not the normal folder icon but looks like the icon for My Computer, and when I click on it all that shows underneath are the tops of my 2 drives, C: and D: , and not the 2 folders and 79 files that are supposed to be there. How does that happen? Is it normal? If I delete it, will I actually wipe my drives?!

Anyway, I would like to thank you very much for your help on this thread/forum, and I hope I can find the solution to the Windows Update problem in the other place.

- arturdux

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 07 February 2012 - 01:27 PM

Yes delete the ComboFix Icons and any folders associated with this tool.

#15 arturdux

arturdux
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:37 PM

Posted 08 February 2012 - 02:00 PM

Hello nasdaq,

Have not yet opened a topic on the Windows 7 forum - I am still concerned about the traces of ComboFix left on my PC!

As I said before, as soon as I re-enabled Norton 360, the ComboFix icon disappeared from my desktop, (perhaps that is why I cannot find an uninstall icon in the Search field).

But on my C drive are two folders:

- ComboFix : 2 folders, 79 files, 4,59 MB
- Qoobox : 24 folders, 19 files, 3,12 MB

I am really bugged by the ComboFix folder: its icon is not the normal folder icon but looks like the icon for My Computer, and when I click on it, I do not see 2 folders and 79 files that are supposed to be there, but what looks like the tops of my 2 drives, C: and D: ! So I am worried that by deleting it I will actually wipe the C: and D: drives, not the contents that are supposed to be there.

Can you explain this strange-looking ComboFix folder, and give me some reassurance? Or is there some other tool I can use to do the job automatically?

Thanks!

- arturdux




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users