Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Google Redict and Trojan.Zeroaccess.b virus


  • This topic is locked This topic is locked
70 replies to this topic

#1 mmezzetta

mmezzetta

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 08 February 2012 - 05:06 PM

Well somehow the Google redirect virus got installed into my computer. Malwarebytes does not detect anything but Norton Antivirus detects trojan.zeroaccess.b which requires manual removal. I can't seem to get the virus off of computer and every time my computer boots, a windows installer begins which I assume is trying to install more viruses. Please help, I would be so grateful.

When I opened gmer, all the options to select on the right where blacked out except for services, registry, files, and ads. All the other options I could not check.

Here is the dds log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by Evan at 15:20:36 on 2012-02-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.685 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Evan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://forums.myegy.com/member.php?u=175056
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273612090815l03e4z125r4872327s
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273612090815l03e4z125r4872327s
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273612090815l03e4z125r4872327s
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: {b80f591e-fe9a-46cf-a13e-180377240586} - No File
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB: {b80f591e-fe9a-46cf-a13e-180377240586} - No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {E84CC2C1-B722-48FC-A39C-EDB8B525C777} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [Octoshape Streaming Services] "C:\Users\Evan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [SBRegRebootCleaner] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe
mRun: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Evan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6023CCAC-B245-4614-890C-D4F141D896DC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6023CCAC-B245-4614-890C-D4F141D896DC}\052416E646A4 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6023CCAC-B245-4614-890C-D4F141D896DC}\15579636B644F66756D27657563747 : DhcpNameServer = 68.87.68.166 68.87.74.166 192.168.33.1
TCP: Interfaces\{6023CCAC-B245-4614-890C-D4F141D896DC}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6023CCAC-B245-4614-890C-D4F141D896DC}\E4544574541425 : DhcpNameServer = 10.0.0.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
BHO-X64: AskBar BHO - No File
BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO-X64: Browser Defender BHO - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
BHO-X64: Simppull Toolbar - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: {b80f591e-fe9a-46cf-a13e-180377240586} - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO-X64: Updater For Simppull Toolbar: {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
BHO-X64: Updater For Simppull Toolbar - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
TB-X64: {b80f591e-fe9a-46cf-a13e-180377240586} - No File
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
TB-X64: Simppull Toolbar: {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files (x86)\simppulltoolbar\simppulldx.dll
TB-X64: ICQToolBar: {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {E84CC2C1-B722-48FC-A39C-EDB8B525C777} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [SBRegRebootCleaner] C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe
mRun-x64: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\nljm0pjh.default\
FF - component: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\nljm0pjh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\nljm0pjh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\npmusicn.dll
FF - plugin: C:\Program Files (x86)\Musicnotes\NPSibelius.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Evan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1108000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NAVx64\1108000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1108000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NAVx64\1108000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-21 1157240]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1108000.005\ccHPx64.sys --> C:\Windows\system32\drivers\NAVx64\1108000.005\ccHPx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120207.005\IDSviA64.sys [2012-2-7 488568]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 sbtis;sbtis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1108000.005\Ironx64.SYS --> C:\Windows\system32\drivers\NAVx64\1108000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NAVx64\1108000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NAVx64\1108000.005\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-12-26 464264]
R2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-12-26 234888]
R2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-8-11 112592]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-8-21 844320]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-7 138360]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
.
=============== Created Last 30 ================
.
2012-02-08 20:56:43 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
2012-02-08 20:35:17 -------- d-----w- C:\Users\Evan\AppData\Local\NPE
2012-02-08 14:40:03 451120 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\symtdiv.sys
2012-02-08 14:40:02 221232 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\symefa64.sys
2012-02-08 14:40:01 433200 ----a-r- C:\Windows\System32\drivers\NAVx64\1108000.005\symds64.sys
2012-02-08 14:40:00 505392 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\srtsp64.sys
2012-02-08 14:40:00 32304 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\srtspx64.sys
2012-02-08 14:39:59 615040 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\cchpx64.sys
2012-02-08 14:39:59 150064 ----a-w- C:\Windows\System32\drivers\NAVx64\1108000.005\ironx64.sys
2012-02-08 14:38:31 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1108000.005
2012-02-08 03:20:04 2 --shatr- C:\Windows\winstart.bat
2012-02-08 03:18:33 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-02-08 02:17:13 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-08 00:28:19 208896 ----a-w- C:\Windows\MBR.exe
2012-02-08 00:28:18 98816 ----a-w- C:\Windows\sed.exe
2012-02-08 00:28:18 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-08 00:28:18 256000 ----a-w- C:\Windows\PEV.exe
2012-02-08 00:26:38 -------- d-s---w- C:\ComboFix
2012-02-07 22:55:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-06 04:42:30 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-02-06 04:42:21 -------- d-----w- C:\Program Files\Symantec
2012-02-06 04:42:21 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-02-06 04:41:21 -------- d-----w- C:\Windows\System32\drivers\NAVx64
2012-02-06 04:41:17 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
2012-02-06 04:41:16 -------- d-----w- C:\ProgramData\Norton
2012-02-06 04:40:55 -------- d-----w- C:\ProgramData\NortonInstaller
2012-02-06 04:40:55 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-02-06 04:25:57 -------- d-----w- C:\Windows\System32\wbem\repository
2012-02-06 03:30:43 -------- d-----w- C:\Windows\pss
2012-02-05 21:52:31 -------- d-----w- C:\Users\Evan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 21:52:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-05 21:52:20 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-05 21:46:07 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-04 01:09:21 -------- d--h--w- C:\Users\Evan\AppData\Local\Apps
2012-02-04 01:09:19 -------- d--h--w- C:\Users\Evan\AppData\Local\Deployment
2012-01-26 23:05:59 -------- d--h--w- C:\ProgramData\RegAce
2012-01-26 23:05:49 -------- d--h--w- C:\Windows\RegAce
2012-01-26 23:02:47 -------- d-----w- C:\Program Files (x86)\RegAce System Suite
2012-01-24 21:50:51 -------- d--h--w- C:\Users\Evan\AppData\Local\Unity
2012-01-16 20:03:29 -------- d-----we C:\Windows\system64
2012-01-16 17:04:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-01-15 17:11:34 -------- d-sh--w- C:\found.000
.
==================== Find3M ====================
.
2011-12-10 21:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-02-07 06:35:48 404992 ----a-w- C:\Program Files\FFSJ.exe
.
============= FINISH: 15:27:11.36 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 PM

Posted 08 February 2012 - 07:19 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mmezzetta

mmezzetta
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 08 February 2012 - 11:38 PM

combo fix log below. computer still has viruses. the first time I used combo fix it went well and then on reboot it was stuck on producing log screen. second time around it wasn't stuck and it produced this log:



ComboFix 12-02-08.02 - Evan 02/08/2012 21:44:18.3.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.712 [GMT -6:00]
Running from: C:\Users\Evan\Downloads\ComboFix.exe


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
C:\Windows\assembly\temp\cfg.ini

---- Previous Run -------

C:\ProgramData\~Wq1Jk1ko2UIl0N
C:\ProgramData\~Wq1Jk1ko2UIl0Nr
C:\ProgramData\Wq1Jk1ko2UIl0N
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\temp\@
C:\Windows\assembly\temp\bckfg.tmp
C:\Windows\assembly\temp\cfg.ini
C:\Windows\assembly\temp\keywords
C:\Windows\system32\consrv.dll


((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))


2012-02-09 04:01:10 . 2012-02-09 04:01:10 -------- d-----w- C:\Users\mom\AppData\Local\temp
2012-02-09 04:01:10 . 2012-02-09 04:01:10 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-02-08 20:35:17 . 2012-02-08 20:57:47 -------- d-----w- C:\Users\Evan\AppData\Local\NPE
2012-02-08 03:20:04 . 2012-02-08 03:20:05 2 --shatr- C:\Windows\winstart.bat
2012-02-08 03:18:33 . 2012-02-08 04:03:06 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-02-08 02:17:13 . 2012-02-08 02:49:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 22:55:57 . 2012-02-07 23:03:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-06 04:42:30 . 2012-02-06 04:42:21 173104 ----a-w- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-06 04:42:21 . 2012-02-06 04:42:31 -------- d-----w- C:\Program Files\Symantec
2012-02-06 04:42:21 . 2012-02-06 04:42:30 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-02-06 04:41:21 . 2012-02-08 20:42:36 -------- d-----w- C:\Windows\system32\drivers\NAVx64
2012-02-06 04:41:17 . 2012-02-06 04:41:21 -------- d-----w- C:\Program Files (x86)\Norton AntiVirus
2012-02-06 04:41:16 . 2012-02-08 20:35:28 -------- d-----w- C:\ProgramData\Norton
2012-02-06 04:40:55 . 2012-02-06 04:40:55 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-02-06 04:25:57 . 2012-02-09 04:03:46 -------- d-----w- C:\Windows\system32\wbem\repository
2012-02-05 21:52:31 . 2012-02-05 21:52:31 -------- d-----w- C:\Users\Evan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 21:52:20 . 2012-02-05 21:52:31 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-02-05 21:52:20 . 2012-02-05 21:52:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-02-05 21:46:07 . 2012-02-09 04:03:53 0 --sha-w- C:\Windows\system32\dds_trash_log.cmd
2012-02-04 01:09:21 . 2012-02-04 01:09:21 -------- d--h--w- C:\Users\Evan\AppData\Local\Apps
2012-02-04 01:09:19 . 2012-02-04 01:16:10 -------- d--h--w- C:\Users\Evan\AppData\Local\Deployment
2012-01-31 04:27:24 . 2012-01-31 04:27:25 -------- d-----w- C:\Program Files (x86)\Apple Software Update
2012-01-26 23:05:59 . 2012-01-26 23:14:21 -------- d--h--w- C:\ProgramData\RegAce
2012-01-26 23:05:49 . 2012-01-26 23:05:49 -------- d--h--w- C:\Windows\RegAce
2012-01-26 23:02:47 . 2012-01-26 23:05:59 -------- d-----w- C:\Program Files (x86)\RegAce System Suite
2012-01-24 21:50:51 . 2012-01-24 21:50:51 -------- d--h--w- C:\Users\Evan\AppData\Local\Unity
2012-01-16 17:04:55 . 2012-01-16 17:04:55 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-01-15 17:11:34 . 2012-01-15 17:11:34 -------- d-----w- C:\found.000
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-12-10 21:24:08 . 2010-01-06 03:42:59 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2010-02-07 06:35:48 . 2010-02-07 08:46:01 404992 ----a-w- C:\Program Files\FFSJ.exe


((((((((((((((((((((((((((((( SnapShot@2012-02-09_01.06.09 )))))))))))))))))))))))))))))))))))))))))

- 2012-02-09 01:03:23 . 2012-02-09 01:03:23 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-09 04:03:30 . 2012-02-09 04:03:30 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-09 01:03:23 . 2012-02-09 01:03:23 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-09 04:03:30 . 2012-02-09 04:03:30 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-11 06:44:56 . 2012-02-09 04:00:24 212992 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-11 06:44:56 . 2012-02-09 01:07:29 212992 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-11 06:44:56 . 2012-02-09 04:00:24 573440 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-11 06:44:56 . 2012-02-09 01:07:29 573440 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "C:\Program Files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 18:51:30 3911776]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 18:47:00 333192 ----a-w- C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 16:16:50 175400 ------w- C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{627af46b-2076-42ae-a2fd-8428734d3e74}]
2010-02-10 16:36:24 86016 ----a-w- C:\Program Files (x86)\simppulltoolbar\simppulldx.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 18:51:30 3911776 ----a-w- C:\Program Files (x86)\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
2009-10-20 15:50:46 258008 ----a-w- C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 18:47:00 333192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-03 16:16:50 175400]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="C:\Windows\Speech\Common\sapisvr.exe" [2009-07-14 01:39:31 44544]
"Octoshape Streaming Services"="C:\Users\Evan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 13:44:06 70936]
"Weather"="C:\Program Files (x86)\AWS\WeatherBug\Weather.exe" [BU]
"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 02:23:05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="C:\Program Files (x86)\Launch Manager\LManager.exe" [2009-07-27 09:50:32 1157128]
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 22:24:20 54840]
"Microsoft Default Manager"="C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 22:43:04 288088]
"SBRegRebootCleaner"="C:\Program Files (x86)\Sunbelt Software\VIPRE\SBRC.exe" [BU]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 20:53:18 460872]

C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe [2009-12-16 503808]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume3\Program Files (x86)\Sunbelt Software\VIPRE\Definitions

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 18:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 19:27:14 138576]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 17:16:55 135664]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 17:16:55 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 00:31:46 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;C:\Windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 16:09:22 366840]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys [x]
S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-01-21 08:27:16 1157240]
S1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120207.005\IDSvia64.sys [2012-02-07 23:29:38 488568]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 21:55:18 12368]
S1 sbtis;sbtis;C:\Windows\system32\drivers\sbtis.sys [x]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\Drivers\NAVx64\1108000.005\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 23:38:04 140672]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 ASKService;ASKService;C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 18:47:02 464264]
S2 ASKUpgrade;ASKUpgrade;C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 18:47:04 234888]
S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 14:56:24 112592]
S2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-08-06 04:30:58 844320]
S2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 13:04:50 1150496]
S2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-07 00:56:38 247096]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 20:53:18 652360]
S2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 04:18:43 126400]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 00:31:58 144640]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 06:44:40 993848]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-04-19 06:44:40 399416]
S2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 01:47:12 240160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-08 04:31:08 138360]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [x]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2012-01-08 C:\Windows\Tasks\File Helper.job
- C:\Program Files (x86)\File Helper\1.1.0.10\FileHelper.exe [2010-01-26 04:55:08 . 2010-01-23 00:25:20]

2012-02-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 17:17:05 . 2010-01-30 17:16:55]

2012-02-09 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 17:17:05 . 2010-01-30 17:16:55]

2012-02-04 C:\Windows\Tasks\PC Health Advisor Defrag.job
- C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40:14 . 2010-09-30 21:40:14]

2012-02-01 C:\Windows\Tasks\PC Health Advisor.job
- C:\Program Files (x86)\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40:14 . 2010-09-30 21:40:14]

2012-01-26 C:\Windows\Tasks\RegAce Scheduled Scan - Evan.job
- C:\Program Files (x86)\RegAce System Suite\RegAce.exe [2010-10-26 19:47:59 . 2010-10-26 19:56:22]

2012-02-05 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 71b28c84-3aaf-4a9c-9598-a74b47406f68.job
- C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52:29 . 2011-05-04 17:52:29]

2012-02-05 C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task e7485756-a520-44ab-8cae-a3621d41972e.job
- C:\Program Files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52:29 . 2011-05-04 17:52:29]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 13:14:20 7982112]
"Acer ePower Management"="C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-08-06 04:30:58 828960]
"combofix"="C:\ComboFix\CF28664.3XE" [2009-07-14 01:39:01 344576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
apache2

------- Supplementary Scan -------

uStart Page = hxxp://forums.myegy.com/member.php?u=175056
uLocal Page = C:\Windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273612090815l03e4z125r4872327s
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\nljm0pjh.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
URLSearchHooks-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file)
BHO-{b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Toolbar-Locked - (no file)
Toolbar-{b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
Toolbar-{627af46b-2076-42ae-a2fd-8428734d3e74} - (no file)
Toolbar-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{E84CC2C1-B722-48FC-A39C-EDB8B525C777} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-PC Optimizer Pro - C:\Program Files\PC Optimizer Pro\StartApps.exe
AddRemove-Adobe Shockwave Player - C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - C:\Program Files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 PM

Posted 09 February 2012 - 07:57 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mmezzetta

mmezzetta
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 February 2012 - 11:27 AM

10:21:05.0764 3708 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
10:21:05.0796 3708 ============================================================
10:21:05.0796 3708 Current date / time: 2012/02/09 10:21:05.0796
10:21:05.0796 3708 SystemInfo:
10:21:05.0796 3708
10:21:05.0796 3708 OS Version: 6.1.7600 ServicePack: 0.0
10:21:05.0796 3708 Product type: Workstation
10:21:05.0797 3708 ComputerName: EVAN-PC
10:21:05.0798 3708 UserName: Evan
10:21:05.0798 3708 Windows directory: C:\Windows
10:21:05.0798 3708 System windows directory: C:\Windows
10:21:05.0798 3708 Running under WOW64
10:21:05.0798 3708 Processor architecture: Intel x64
10:21:05.0798 3708 Number of processors: 1
10:21:05.0798 3708 Page size: 0x1000
10:21:05.0798 3708 Boot type: Normal boot
10:21:05.0798 3708 ============================================================
10:21:07.0378 3708 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:21:07.0384 3708 \Device\Harddisk0\DR0:
10:21:07.0384 3708 MBR used
10:21:07.0384 3708 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
10:21:07.0384 3708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x111E4784
10:21:07.0417 3708 Initialize success
10:21:07.0417 3708 ============================================================
10:21:10.0003 0140 ============================================================
10:21:10.0003 0140 Scan started
10:21:10.0003 0140 Mode: Manual;
10:21:10.0003 0140 ============================================================
10:21:11.0555 0140 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:21:11.0560 0140 1394ohci - ok
10:21:11.0619 0140 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:21:11.0627 0140 ACPI - ok
10:21:11.0660 0140 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:21:11.0662 0140 AcpiPmi - ok
10:21:11.0708 0140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:21:11.0718 0140 adp94xx - ok
10:21:11.0796 0140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:21:11.0804 0140 adpahci - ok
10:21:11.0844 0140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:21:11.0849 0140 adpu320 - ok
10:21:11.0901 0140 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
10:21:11.0919 0140 AFD - ok
10:21:11.0948 0140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:21:11.0951 0140 agp440 - ok
10:21:11.0991 0140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:21:11.0993 0140 aliide - ok
10:21:12.0021 0140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:21:12.0023 0140 amdide - ok
10:21:12.0069 0140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:21:12.0070 0140 AmdK8 - ok
10:21:12.0105 0140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:21:12.0108 0140 AmdPPM - ok
10:21:12.0141 0140 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
10:21:12.0145 0140 amdsata - ok
10:21:12.0182 0140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:21:12.0188 0140 amdsbs - ok
10:21:12.0230 0140 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
10:21:12.0233 0140 amdxata - ok
10:21:12.0314 0140 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:21:12.0317 0140 AppID - ok
10:21:12.0376 0140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:21:12.0381 0140 arc - ok
10:21:12.0414 0140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:21:12.0418 0140 arcsas - ok
10:21:12.0452 0140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:21:12.0454 0140 AsyncMac - ok
10:21:12.0487 0140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:21:12.0489 0140 atapi - ok
10:21:12.0568 0140 athr (b2c3a8618867404475228f7dd260698b) C:\Windows\system32\DRIVERS\athrx.sys
10:21:12.0637 0140 athr - ok
10:21:12.0828 0140 atikmdag (2db9047aac9d981f59ce06d04d70c4d8) C:\Windows\system32\DRIVERS\atikmdag.sys
10:21:12.0976 0140 atikmdag - ok
10:21:13.0036 0140 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:21:13.0038 0140 AtiPcie - ok
10:21:13.0118 0140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:21:13.0127 0140 b06bdrv - ok
10:21:13.0172 0140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:21:13.0178 0140 b57nd60a - ok
10:21:13.0231 0140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:21:13.0233 0140 Beep - ok
10:21:14.0296 0140 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120207.003\BHDrvx64.sys
10:21:14.0307 0140 BHDrvx64 - ok
10:21:14.0445 0140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:21:14.0447 0140 blbdrive - ok
10:21:14.0542 0140 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
10:21:14.0545 0140 bowser - ok
10:21:14.0603 0140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:21:14.0606 0140 BrFiltLo - ok
10:21:14.0769 0140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:21:14.0771 0140 BrFiltUp - ok
10:21:15.0930 0140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:21:15.0934 0140 BridgeMP - ok
10:21:16.0396 0140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:21:16.0403 0140 Brserid - ok
10:21:17.0028 0140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:21:17.0031 0140 BrSerWdm - ok
10:21:17.0207 0140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:21:17.0209 0140 BrUsbMdm - ok
10:21:17.0228 0140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:21:17.0231 0140 BrUsbSer - ok
10:21:17.0272 0140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:21:17.0275 0140 BTHMODEM - ok
10:21:17.0332 0140 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
10:21:17.0335 0140 BVRPMPR5a64 - ok
10:21:17.0552 0140 catchme - ok
10:21:17.0958 0140 ccHP (37f1baec39b505b3b51893a35c8337ea) C:\Windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys
10:21:17.0964 0140 ccHP - ok
10:21:18.0274 0140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:21:18.0278 0140 cdfs - ok
10:21:18.0381 0140 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:21:18.0385 0140 cdrom - ok
10:21:18.0441 0140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:21:18.0443 0140 circlass - ok
10:21:18.0675 0140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:21:18.0682 0140 CLFS - ok
10:21:18.0820 0140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:21:18.0821 0140 CmBatt - ok
10:21:19.0137 0140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:21:19.0139 0140 cmdide - ok
10:21:19.0750 0140 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
10:21:19.0790 0140 CNG - ok
10:21:20.0140 0140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:21:20.0142 0140 Compbatt - ok
10:21:20.0222 0140 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:21:20.0224 0140 CompositeBus - ok
10:21:20.0266 0140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:21:20.0268 0140 crcdisk - ok
10:21:20.0369 0140 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
10:21:20.0373 0140 DfsC - ok
10:21:20.0428 0140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:21:20.0430 0140 discache - ok
10:21:20.0490 0140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:21:20.0493 0140 Disk - ok
10:21:20.0562 0140 DKbFltr (d5bcb77be83cf99f508943945d46343d) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
10:21:20.0563 0140 DKbFltr - ok
10:21:20.0632 0140 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:21:20.0637 0140 Dot4 - ok
10:21:20.0658 0140 Dot4Print (85135ad27e79b689335c08167d917cde) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:21:20.0660 0140 Dot4Print - ok
10:21:20.0709 0140 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:21:20.0712 0140 dot4usb - ok
10:21:20.0753 0140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:21:20.0755 0140 drmkaud - ok
10:21:20.0820 0140 dtsoftbus01 (f3d42a77152de8422df795e9888b821b) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:21:20.0824 0140 dtsoftbus01 - ok
10:21:20.0931 0140 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
10:21:20.0940 0140 DXGKrnl - ok
10:21:21.0070 0140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:21:21.0167 0140 ebdrv - ok
10:21:21.0313 0140 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:21:21.0320 0140 eeCtrl - ok
10:21:21.0502 0140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:21:21.0521 0140 elxstor - ok
10:21:21.0677 0140 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:21:21.0679 0140 EraserUtilRebootDrv - ok
10:21:21.0777 0140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:21:21.0779 0140 ErrDev - ok
10:21:21.0906 0140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:21:21.0911 0140 exfat - ok
10:21:21.0952 0140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:21:21.0958 0140 fastfat - ok
10:21:21.0999 0140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:21:22.0001 0140 fdc - ok
10:21:22.0046 0140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:21:22.0050 0140 FileInfo - ok
10:21:22.0083 0140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:21:22.0085 0140 Filetrace - ok
10:21:22.0118 0140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:21:22.0122 0140 flpydisk - ok
10:21:22.0157 0140 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:21:22.0163 0140 FltMgr - ok
10:21:22.0202 0140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:21:22.0205 0140 FsDepends - ok
10:21:22.0247 0140 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:21:22.0250 0140 Fs_Rec - ok
10:21:22.0306 0140 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:21:22.0311 0140 fvevol - ok
10:21:22.0342 0140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:21:22.0345 0140 gagp30kx - ok
10:21:22.0409 0140 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:21:22.0410 0140 GEARAspiWDM - ok
10:21:22.0488 0140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:21:22.0491 0140 hcw85cir - ok
10:21:22.0539 0140 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:21:22.0546 0140 HdAudAddService - ok
10:21:22.0579 0140 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:21:22.0582 0140 HDAudBus - ok
10:21:22.0615 0140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:21:22.0618 0140 HidBatt - ok
10:21:22.0650 0140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:21:22.0655 0140 HidBth - ok
10:21:22.0681 0140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:21:22.0684 0140 HidIr - ok
10:21:22.0765 0140 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:21:22.0768 0140 HidUsb - ok
10:21:22.0839 0140 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:21:22.0842 0140 HpSAMD - ok
10:21:22.0887 0140 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:21:22.0911 0140 HTTP - ok
10:21:22.0939 0140 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:21:22.0941 0140 hwpolicy - ok
10:21:22.0973 0140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:21:22.0976 0140 i8042prt - ok
10:21:23.0027 0140 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
10:21:23.0035 0140 iaStorV - ok
10:21:23.0454 0140 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120208.002\IDSvia64.sys
10:21:23.0461 0140 IDSVia64 - ok
10:21:23.0677 0140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:21:23.0680 0140 iirsp - ok
10:21:23.0817 0140 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
10:21:23.0836 0140 IntcAzAudAddService - ok
10:21:23.0886 0140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:21:23.0890 0140 intelide - ok
10:21:23.0919 0140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:21:23.0924 0140 intelppm - ok
10:21:23.0963 0140 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:21:23.0966 0140 IpFilterDriver - ok
10:21:24.0005 0140 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:21:24.0009 0140 IPMIDRV - ok
10:21:24.0054 0140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:21:24.0059 0140 IPNAT - ok
10:21:24.0093 0140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:21:24.0095 0140 IRENUM - ok
10:21:24.0130 0140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:21:24.0133 0140 isapnp - ok
10:21:24.0170 0140 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:21:24.0176 0140 iScsiPrt - ok
10:21:24.0207 0140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:21:24.0209 0140 kbdclass - ok
10:21:24.0244 0140 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:21:24.0246 0140 kbdhid - ok
10:21:24.0293 0140 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
10:21:24.0375 0140 KSecDD - ok
10:21:24.0448 0140 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
10:21:24.0453 0140 KSecPkg - ok
10:21:24.0488 0140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:21:24.0490 0140 ksthunk - ok
10:21:24.0582 0140 L1C (2377ec4cc3e356655b996f39b43486b6) C:\Windows\system32\DRIVERS\L1C62x64.sys
10:21:24.0584 0140 L1C - ok
10:21:24.0645 0140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:21:24.0647 0140 lltdio - ok
10:21:24.0734 0140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:21:24.0737 0140 LSI_FC - ok
10:21:24.0769 0140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:21:24.0774 0140 LSI_SAS - ok
10:21:24.0810 0140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:21:24.0814 0140 LSI_SAS2 - ok
10:21:24.0851 0140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:21:24.0855 0140 LSI_SCSI - ok
10:21:24.0892 0140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:21:24.0895 0140 luafv - ok
10:21:24.0953 0140 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:21:24.0956 0140 MBAMProtector - ok
10:21:25.0019 0140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:21:25.0023 0140 megasas - ok
10:21:25.0063 0140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:21:25.0070 0140 MegaSR - ok
10:21:25.0099 0140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:21:25.0102 0140 Modem - ok
10:21:25.0300 0140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:21:25.0301 0140 monitor - ok
10:21:26.0017 0140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:21:26.0019 0140 mouclass - ok
10:21:26.0075 0140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:21:26.0077 0140 mouhid - ok
10:21:26.0117 0140 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:21:26.0120 0140 mountmgr - ok
10:21:26.0164 0140 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:21:26.0169 0140 mpio - ok
10:21:26.0203 0140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:21:26.0208 0140 mpsdrv - ok
10:21:26.0247 0140 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:21:26.0251 0140 MRxDAV - ok
10:21:26.0319 0140 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:21:26.0324 0140 mrxsmb - ok
10:21:26.0377 0140 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:21:26.0383 0140 mrxsmb10 - ok
10:21:26.0450 0140 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:21:26.0453 0140 mrxsmb20 - ok
10:21:26.0490 0140 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:21:26.0492 0140 msahci - ok
10:21:26.0528 0140 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:21:26.0532 0140 msdsm - ok
10:21:26.0588 0140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:21:26.0592 0140 Msfs - ok
10:21:26.0627 0140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:21:26.0629 0140 mshidkmdf - ok
10:21:26.0655 0140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:21:26.0659 0140 msisadrv - ok
10:21:26.0710 0140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:21:26.0713 0140 MSKSSRV - ok
10:21:26.0747 0140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:21:26.0749 0140 MSPCLOCK - ok
10:21:26.0771 0140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:21:26.0775 0140 MSPQM - ok
10:21:26.0813 0140 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:21:26.0820 0140 MsRPC - ok
10:21:26.0868 0140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:21:26.0869 0140 mssmbios - ok
10:21:26.0892 0140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:21:26.0894 0140 MSTEE - ok
10:21:26.0931 0140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:21:26.0933 0140 MTConfig - ok
10:21:26.0972 0140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:21:26.0976 0140 Mup - ok
10:21:27.0041 0140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:21:27.0050 0140 NativeWifiP - ok
10:21:27.0616 0140 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120208.019\ENG64.SYS
10:21:27.0618 0140 NAVENG - ok
10:21:28.0337 0140 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20120208.019\EX64.SYS
10:21:28.0355 0140 NAVEX15 - ok
10:21:28.0565 0140 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:21:28.0602 0140 NDIS - ok
10:21:28.0658 0140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:21:28.0661 0140 NdisCap - ok
10:21:28.0690 0140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:21:28.0693 0140 NdisTapi - ok
10:21:28.0726 0140 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:21:28.0729 0140 Ndisuio - ok
10:21:28.0760 0140 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:21:28.0764 0140 NdisWan - ok
10:21:28.0797 0140 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:21:28.0800 0140 NDProxy - ok
10:21:28.0842 0140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:21:28.0845 0140 NetBIOS - ok
10:21:28.0887 0140 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:21:28.0894 0140 NetBT - ok
10:21:28.0938 0140 NetworkX - ok
10:21:28.0981 0140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:21:28.0983 0140 nfrd960 - ok
10:21:29.0029 0140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:21:29.0031 0140 Npfs - ok
10:21:29.0113 0140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:21:29.0115 0140 nsiproxy - ok
10:21:29.0222 0140 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
10:21:29.0287 0140 Ntfs - ok
10:21:29.0341 0140 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
10:21:29.0343 0140 NTIDrvr - ok
10:21:29.0417 0140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:21:29.0419 0140 Null - ok
10:21:29.0464 0140 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
10:21:29.0468 0140 nvraid - ok
10:21:29.0500 0140 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
10:21:29.0504 0140 nvstor - ok
10:21:29.0535 0140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:21:29.0539 0140 nv_agp - ok
10:21:29.0574 0140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:21:29.0578 0140 ohci1394 - ok
10:21:29.0630 0140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:21:29.0634 0140 Parport - ok
10:21:29.0683 0140 Partizan - ok
10:21:29.0729 0140 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:21:29.0732 0140 partmgr - ok
10:21:29.0783 0140 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:21:29.0787 0140 pci - ok
10:21:29.0815 0140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:21:29.0817 0140 pciide - ok
10:21:29.0849 0140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:21:29.0855 0140 pcmcia - ok
10:21:29.0925 0140 PCTCore (60f19af0a9a26851ad9bc2d981afbac6) C:\Windows\system32\drivers\PCTCore64.sys
10:21:29.0932 0140 PCTCore - ok
10:21:29.0958 0140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:21:29.0962 0140 pcw - ok
10:21:30.0006 0140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:21:30.0026 0140 PEAUTH - ok
10:21:30.0158 0140 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:21:30.0162 0140 PptpMiniport - ok
10:21:30.0194 0140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:21:30.0197 0140 Processor - ok
10:21:30.0275 0140 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:21:30.0279 0140 Psched - ok
10:21:30.0350 0140 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
10:21:30.0352 0140 PSI - ok
10:21:30.0423 0140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:21:30.0467 0140 ql2300 - ok
10:21:30.0507 0140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:21:30.0512 0140 ql40xx - ok
10:21:30.0551 0140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:21:30.0553 0140 QWAVEdrv - ok
10:21:30.0592 0140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:21:30.0595 0140 RasAcd - ok
10:21:30.0666 0140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:21:30.0668 0140 RasAgileVpn - ok
10:21:30.0708 0140 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:21:30.0712 0140 Rasl2tp - ok
10:21:30.0755 0140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:21:30.0758 0140 RasPppoe - ok
10:21:30.0784 0140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:21:30.0787 0140 RasSstp - ok
10:21:30.0823 0140 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:21:30.0831 0140 rdbss - ok
10:21:30.0862 0140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:21:30.0865 0140 rdpbus - ok
10:21:30.0892 0140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:21:30.0895 0140 RDPCDD - ok
10:21:30.0942 0140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:21:30.0945 0140 RDPENCDD - ok
10:21:30.0979 0140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:21:30.0981 0140 RDPREFMP - ok
10:21:31.0019 0140 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:21:31.0025 0140 RDPWD - ok
10:21:31.0127 0140 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:21:31.0133 0140 rdyboost - ok
10:21:31.0241 0140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:21:31.0245 0140 rspndr - ok
10:21:31.0299 0140 RSUSBSTOR (fb39af63d6617f028ba0ebc21b83360d) C:\Windows\system32\Drivers\RtsUStor.sys
10:21:31.0305 0140 RSUSBSTOR - ok
10:21:31.0324 0140 RtsUIR - ok
10:21:31.0428 0140 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
10:21:31.0430 0140 SASDIFSV - ok
10:21:31.0461 0140 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
10:21:31.0462 0140 SASKUTIL - ok
10:21:31.0501 0140 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:21:31.0505 0140 sbp2port - ok
10:21:31.0569 0140 sbtis (f9c85b83954b976702aa8e61b77d9c68) C:\Windows\system32\drivers\sbtis.sys
10:21:31.0571 0140 sbtis - ok
10:21:31.0613 0140 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:21:31.0615 0140 scfilter - ok
10:21:31.0738 0140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:21:31.0740 0140 secdrv - ok
10:21:31.0809 0140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:21:31.0813 0140 Serenum - ok
10:21:31.0853 0140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:21:31.0857 0140 Serial - ok
10:21:31.0886 0140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:21:31.0889 0140 sermouse - ok
10:21:31.0957 0140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:21:31.0959 0140 sffdisk - ok
10:21:31.0997 0140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:21:31.0999 0140 sffp_mmc - ok
10:21:32.0028 0140 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:21:32.0031 0140 sffp_sd - ok
10:21:32.0116 0140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:21:32.0119 0140 sfloppy - ok
10:21:32.0185 0140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:21:32.0188 0140 SiSRaid2 - ok
10:21:32.0221 0140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:21:32.0224 0140 SiSRaid4 - ok
10:21:32.0256 0140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:21:32.0260 0140 Smb - ok
10:21:32.0318 0140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:21:32.0321 0140 spldr - ok
10:21:32.0410 0140 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
10:21:32.0411 0140 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
10:21:32.0415 0140 sptd ( LockedFile.Multi.Generic ) - warning
10:21:32.0416 0140 sptd - detected LockedFile.Multi.Generic (1)
10:21:32.0552 0140 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\NAVx64\1109000.00C\SRTSP64.SYS
10:21:32.0558 0140 SRTSP - ok
10:21:32.0596 0140 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\NAVx64\1109000.00C\SRTSPX64.SYS
10:21:32.0614 0140 SRTSPX - ok
10:21:32.0713 0140 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
10:21:32.0731 0140 srv - ok
10:21:32.0770 0140 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
10:21:32.0780 0140 srv2 - ok
10:21:32.0821 0140 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
10:21:32.0825 0140 srvnet - ok
10:21:32.0887 0140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:21:32.0890 0140 stexstor - ok
10:21:32.0926 0140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:21:32.0929 0140 swenum - ok
10:21:33.0116 0140 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS
10:21:33.0125 0140 SymDS - ok
10:21:33.0242 0140 SymEFA (9f5783a4a03d0091cdbdaa858b566926) C:\Windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS
10:21:33.0248 0140 SymEFA - ok
10:21:33.0319 0140 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
10:21:33.0322 0140 SymEvent - ok
10:21:33.0576 0140 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS
10:21:33.0578 0140 SymIRON - ok
10:21:33.0818 0140 SYMTDIv (3adfb72f0797ae3832509fe030755e21) C:\Windows\System32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS
10:21:33.0823 0140 SYMTDIv - ok
10:21:33.0882 0140 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
10:21:33.0886 0140 SynTP - ok
10:21:34.0029 0140 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
10:21:34.0112 0140 Tcpip - ok
10:21:34.0238 0140 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
10:21:34.0255 0140 TCPIP6 - ok
10:21:34.0316 0140 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:21:34.0318 0140 tcpipreg - ok
10:21:34.0361 0140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:21:34.0364 0140 TDPIPE - ok
10:21:34.0393 0140 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:21:34.0397 0140 TDTCP - ok
10:21:34.0434 0140 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:21:34.0437 0140 tdx - ok
10:21:34.0465 0140 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:21:34.0467 0140 TermDD - ok
10:21:34.0551 0140 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:21:34.0554 0140 tssecsrv - ok
10:21:34.0591 0140 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:21:34.0595 0140 tunnel - ok
10:21:34.0630 0140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:21:34.0633 0140 uagp35 - ok
10:21:34.0685 0140 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
10:21:34.0687 0140 UBHelper - ok
10:21:34.0731 0140 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:21:34.0744 0140 udfs - ok
10:21:34.0799 0140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:21:34.0802 0140 uliagpkx - ok
10:21:34.0833 0140 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:21:34.0836 0140 umbus - ok
10:21:34.0882 0140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:21:34.0884 0140 UmPass - ok
10:21:34.0955 0140 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
10:21:34.0958 0140 USBAAPL64 - ok
10:21:35.0042 0140 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
10:21:35.0046 0140 usbaudio - ok
10:21:35.0142 0140 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
10:21:35.0146 0140 usbccgp - ok
10:21:35.0166 0140 USBCCID - ok
10:21:35.0222 0140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:21:35.0225 0140 usbcir - ok
10:21:35.0268 0140 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
10:21:35.0271 0140 usbehci - ok
10:21:35.0340 0140 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
10:21:35.0363 0140 usbfilter - ok
10:21:35.0445 0140 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
10:21:35.0452 0140 usbhub - ok
10:21:35.0492 0140 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:21:35.0494 0140 usbohci - ok
10:21:35.0528 0140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:21:35.0532 0140 usbprint - ok
10:21:35.0610 0140 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:21:35.0613 0140 usbscan - ok
10:21:35.0655 0140 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:21:35.0658 0140 USBSTOR - ok
10:21:35.0688 0140 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:21:35.0690 0140 usbuhci - ok
10:21:35.0733 0140 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
10:21:35.0738 0140 usbvideo - ok
10:21:35.0793 0140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:21:35.0796 0140 vdrvroot - ok
10:21:35.0844 0140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:21:35.0847 0140 vga - ok
10:21:35.0876 0140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:21:35.0878 0140 VgaSave - ok
10:21:35.0926 0140 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:21:35.0932 0140 vhdmp - ok
10:21:35.0955 0140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:21:35.0957 0140 viaide - ok
10:21:36.0002 0140 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:21:36.0005 0140 volmgr - ok
10:21:36.0095 0140 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:21:36.0102 0140 volmgrx - ok
10:21:36.0149 0140 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:21:36.0155 0140 volsnap - ok
10:21:36.0199 0140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:21:36.0203 0140 vsmraid - ok
10:21:36.0247 0140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:21:36.0250 0140 vwifibus - ok
10:21:36.0281 0140 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:21:36.0284 0140 vwififlt - ok
10:21:36.0312 0140 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:21:36.0316 0140 vwifimp - ok
10:21:36.0375 0140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:21:36.0378 0140 WacomPen - ok
10:21:36.0418 0140 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:36.0421 0140 WANARP - ok
10:21:36.0435 0140 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:21:36.0437 0140 Wanarpv6 - ok
10:21:36.0515 0140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:21:36.0517 0140 Wd - ok
10:21:36.0571 0140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:21:36.0582 0140 Wdf01000 - ok
10:21:36.0678 0140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:21:36.0681 0140 WfpLwf - ok
10:21:36.0720 0140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:21:36.0723 0140 WIMMount - ok
10:21:36.0853 0140 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
10:21:36.0855 0140 WinUsb - ok
10:21:36.0902 0140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:21:36.0903 0140 WmiAcpi - ok
10:21:37.0013 0140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:21:37.0015 0140 ws2ifsl - ok
10:21:37.0137 0140 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:21:37.0140 0140 WudfPf - ok
10:21:37.0196 0140 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:21:37.0202 0140 WUDFRd - ok
10:21:37.0306 0140 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
10:21:37.0309 0140 xusb21 - ok
10:21:37.0352 0140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:21:37.0416 0140 \Device\Harddisk0\DR0 - ok
10:21:37.0426 0140 Boot (0x1200) (a3114cbd5cfa41d1e72112d779ad1b71) \Device\Harddisk0\DR0\Partition0
10:21:37.0427 0140 \Device\Harddisk0\DR0\Partition0 - ok
10:21:37.0446 0140 Boot (0x1200) (dddd06eade99ab8c47ad40f5f8e734d1) \Device\Harddisk0\DR0\Partition1
10:21:37.0449 0140 \Device\Harddisk0\DR0\Partition1 - ok
10:21:37.0454 0140 ============================================================
10:21:37.0454 0140 Scan finished
10:21:37.0454 0140 ============================================================
10:21:37.0470 2956 Detected object count: 1
10:21:37.0470 2956 Actual detected object count: 1
10:22:19.0353 2956 sptd ( LockedFile.Multi.Generic ) - skipped by user
10:22:19.0353 2956 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 PM

Posted 09 February 2012 - 11:33 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mmezzetta

mmezzetta
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 February 2012 - 11:47 AM

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-09 10:45:01
-----------------------------
10:45:01.913 OS Version: Windows x64 6.1.7600
10:45:01.913 Number of processors: 1 586 0x7C02
10:45:01.914 ComputerName: EVAN-PC UserName: Evan
10:45:41.589 Initialize success
10:46:00.032 AVAST engine download error: 0
10:46:24.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:46:24.480 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 11
10:46:24.501 Disk 0 MBR read successfully
10:46:24.505 Disk 0 MBR scan
10:46:24.508 Disk 0 Windows 7 default MBR code
10:46:24.515 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12291 MB offset 63
10:46:24.530 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 25173855
10:46:24.538 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 140232 MB offset 25382700
10:46:24.546 Service scanning
10:46:26.683 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:46:27.465 Modules scanning
10:46:27.517 Disk 0 trace - called modules:
10:46:27.535 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys ACPI.sys >>UNKNOWN [0xfffffa80015792c0]<<spkv.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:46:27.884 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002547790]
10:46:27.893 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8002583210]
10:46:27.903 5 PCTCore64.sys[fffff880013445d7] -> nt!IofCallDriver -> [0xfffffa800253d2c0]
10:46:27.914 7 ACPI.sys[fffff88000e3a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800250b060]
10:46:27.922 \Driver\atapi[0xfffffa8001f9d600] -> IRP_MJ_CREATE -> 0xfffffa80015792c0
10:46:27.933 Scan finished successfully
10:46:44.664 Disk 0 MBR has been saved successfully to "C:\Users\Evan\Desktop\MBR.dat"
10:46:44.675 The log file has been saved successfully to "C:\Users\Evan\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 PM

Posted 09 February 2012 - 08:36 PM

Hello

How are things running now?

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mmezzetta

mmezzetta
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 February 2012 - 11:05 PM

Norton still detects Trojan.Gen virus and Windows Installer began once again on reboot. CFScript was no longer on desktop on reboot. Here is log:


ComboFix 12-02-08.02 - Evan 02/09/2012 21:15:00.4.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1788.858 [GMT -6:00]
Running from: c:\users\Evan\Desktop\ComboFix.exe
Command switches used :: c:\users\Evan\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\assembly\temp\@
c:\windows\assembly\temp\cfg.ini
c:\windows\system32\consrv.dll
.
---- Previous Run -------
.
c:\windows\assembly\temp\cfg.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 03:31 . 2012-02-10 03:31 -------- d-----w- c:\users\mom\AppData\Local\temp
2012-02-10 03:31 . 2012-02-10 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-08 20:35 . 2012-02-08 20:57 -------- d-----w- c:\users\Evan\AppData\Local\NPE
2012-02-08 03:20 . 2012-02-08 03:20 2 --shatr- c:\windows\winstart.bat
2012-02-08 03:18 . 2012-02-08 04:03 -------- d-----w- c:\program files (x86)\UnHackMe
2012-02-08 02:17 . 2012-02-08 02:49 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-07 22:55 . 2012-02-07 23:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-06 04:42 . 2012-02-06 04:42 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-02-06 04:42 . 2012-02-06 04:42 -------- d-----w- c:\program files\Symantec
2012-02-06 04:42 . 2012-02-06 04:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-02-06 04:41 . 2012-02-09 16:20 -------- d-----w- c:\windows\system32\drivers\NAVx64
2012-02-06 04:41 . 2012-02-06 04:41 -------- d-----w- c:\program files (x86)\Norton AntiVirus
2012-02-06 04:41 . 2012-02-08 20:35 -------- d-----w- c:\programdata\Norton
2012-02-06 04:40 . 2012-02-06 04:40 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-02-06 04:25 . 2012-02-10 03:34 -------- d-----w- c:\windows\system32\wbem\repository
2012-02-05 21:52 . 2012-02-05 21:52 -------- d-----w- c:\users\Evan\AppData\Roaming\SUPERAntiSpyware.com
2012-02-05 21:52 . 2012-02-05 21:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-05 21:52 . 2012-02-05 21:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-05 21:46 . 2012-02-10 03:34 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 01:09 . 2012-02-04 01:09 -------- d-----w- c:\users\Evan\AppData\Local\Apps
2012-02-04 01:09 . 2012-02-04 01:16 -------- d-----w- c:\users\Evan\AppData\Local\Deployment
2012-01-31 04:27 . 2012-01-31 04:27 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-01-26 23:05 . 2012-01-26 23:14 -------- d-----w- c:\programdata\RegAce
2012-01-26 23:05 . 2012-01-26 23:05 -------- d--h--w- c:\windows\RegAce
2012-01-26 23:02 . 2012-01-26 23:05 -------- d-----w- c:\program files (x86)\RegAce System Suite
2012-01-24 21:50 . 2012-01-24 21:50 -------- d-----w- c:\users\Evan\AppData\Local\Unity
2012-01-16 17:04 . 2012-01-16 17:04 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-01-15 17:11 . 2012-01-15 17:11 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2010-01-06 03:42 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-07 06:35 . 2010-02-07 08:46 404992 ----a-w- c:\program files\FFSJ.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-09_01.06.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 02:34 . 2012-02-09 16:21 73020 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-02-09 01:05 47862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-02-10 03:36 47862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-11 07:58 . 2012-02-10 03:36 30154 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1607049755-1737670127-2005922714-1001_UserData.bin
+ 2012-02-09 04:15 . 2010-04-22 02:29 32304 c:\windows\system32\drivers\NAVx64\1109000.00C\srtspx64.sys
- 2009-11-04 12:11 . 2012-02-08 20:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-04 12:11 . 2012-02-10 02:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-04 12:11 . 2012-02-08 20:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-04 12:11 . 2012-02-10 02:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-08 20:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-02-10 02:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-09 01:03 . 2012-02-09 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-10 03:34 . 2012-02-10 03:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-09 01:03 . 2012-02-09 01:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-10 03:34 . 2012-02-10 03:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-02-09 01:03 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-10 03:34 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-02-10 03:34 917504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-09 01:03 917504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-11 09:41 . 2012-02-10 02:32 225496 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-02-10 02:40 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-08 22:02 624178 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-08 22:02 106522 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-02-10 02:40 106522 c:\windows\system32\perfc009.dat
+ 2012-02-09 04:15 . 2011-08-22 02:53 451704 c:\windows\system32\drivers\NAVx64\1109000.00C\symtdiv.sys
+ 2012-02-09 04:15 . 2011-08-22 02:53 221304 c:\windows\system32\drivers\NAVx64\1109000.00C\symefa64.sys
+ 2012-02-09 04:15 . 2009-08-30 00:17 433200 c:\windows\system32\drivers\NAVx64\1109000.00C\symds64.sys
+ 2012-02-09 04:15 . 2010-04-22 02:29 505392 c:\windows\system32\drivers\NAVx64\1109000.00C\srtsp64.sys
+ 2012-02-09 04:15 . 2010-04-29 05:03 150064 c:\windows\system32\drivers\NAVx64\1109000.00C\ironx64.sys
+ 2012-02-09 04:15 . 2011-08-04 04:19 593544 c:\windows\system32\drivers\NAVx64\1109000.00C\cchpx64.sys
- 2009-07-14 05:12 . 2012-02-07 23:32 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-02-09 16:19 245760 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-12-11 06:44 . 2012-02-09 01:07 212992 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-11 06:44 . 2012-02-10 03:11 212992 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-11 06:44 . 2012-02-09 01:07 573440 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-11 06:44 . 2012-02-10 03:11 573440 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-02-09 01:02 407100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-02-10 03:33 407100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-01-26 23:09 . 2012-02-09 01:02 407100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1607049755-1737670127-2005922714-1001-8192.dat
+ 2012-01-26 23:09 . 2012-02-10 03:33 407100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1607049755-1737670127-2005922714-1001-8192.dat
+ 2009-07-14 04:54 . 2012-02-10 03:34 2326528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-02-09 01:03 2326528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2012-02-06 04:25 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-02-09 04:37 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 18:47 333192 ----a-w- c:\program files (x86)\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-03 16:16 175400 ------w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{627af46b-2076-42ae-a2fd-8428734d3e74}]
2010-02-10 16:36 86016 ----a-w- c:\program files (x86)\simppulltoolbar\simppulldx.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 18:51 3911776 ----a-w- c:\program files (x86)\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}]
2009-10-20 15:50 258008 ----a-w- c:\program files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files (x86)\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-03 175400]
"{627af46b-2076-42ae-a2fd-8428734d3e74}"= "c:\program files (x86)\simppulltoolbar\simppulldx.dll" [2010-02-10 86016]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{627af46b-2076-42ae-a2fd-8428734d3e74}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"Octoshape Streaming Services"="c:\users\Evan\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [BU]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-07-27 1157128]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"SBRegRebootCleaner"="c:\program files (x86)\Sunbelt Software\VIPRE\SBRC.exe" [BU]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2009-12-16 503808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SBBD.exe /d \Device\HarddiskVolume3\Program Files (x86)\Sunbelt Software\VIPRE\Definitions
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1109000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1109000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20120207.003\BHDrvx64.sys [2012-01-21 1157240]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAVx64\1109000.00C\ccHPx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20120209.002\IDSvia64.sys [2012-02-07 488568]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1109000.00C\Ironx64.SYS [x]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NAVx64\1109000.00C\SYMTDIV.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ASKService;ASKService;c:\program files (x86)\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 ePowerSvc;Acer ePower Service;c:\program files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\eMachines\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-07 247096]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]
S2 Updater Service;Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2009-07-04 240160]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-08 138360]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-08 c:\windows\Tasks\File Helper.job
- c:\program files (x86)\File Helper\1.1.0.10\FileHelper.exe [2010-01-26 00:25]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 17:16]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 17:16]
.
2012-02-04 c:\windows\Tasks\PC Health Advisor Defrag.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2012-02-01 c:\windows\Tasks\PC Health Advisor.job
- c:\program files (x86)\ParetoLogic\PCHA\PCHA.exe [2010-09-30 21:40]
.
2012-01-26 c:\windows\Tasks\RegAce Scheduled Scan - Evan.job
- c:\program files (x86)\RegAce System Suite\RegAce.exe [2010-10-26 19:56]
.
2012-02-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 71b28c84-3aaf-4a9c-9598-a74b47406f68.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-02-05 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task e7485756-a520-44ab-8cae-a3621d41972e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\eMachines\eMachines Power Management\ePowerTray.exe" [2009-08-06 828960]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"PC Optimizer Pro"="c:\program files\PC Optimizer Pro\StartApps.exe" [BU]
"combofix"="c:\combofix\CF9948.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
apache2
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forums.myegy.com/member.php?u=175056
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=e627&r=273612090815l03e4z125r4872327s
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\nljm0pjh.default\
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
URLSearchHooks-{e84cc2c1-b722-48fc-a39c-edb8b525c777} - (no file)
BHO-{b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)
Toolbar-Locked - (no file)
Toolbar-{b80f591e-fe9a-46cf-a13e-180377240586} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
WebBrowser-{E84CC2C1-B722-48FC-A39C-EDB8B525C777} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\SysWOW64\ping.exe
.
**************************************************************************
.
Completion time: 2012-02-09 21:51:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-10 03:51
.
Pre-Run: 33,907,064,832 bytes free
Post-Run: 34,811,625,472 bytes free
.
- - End Of File - - 70863C3E12774DB7FADC07D7CFCE3E93

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 PM

Posted 09 February 2012 - 11:32 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mmezzetta

mmezzetta
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 February 2012 - 11:51 PM

Well I turned my computer off before and when I turned it back on for the next step, "Windows failed to start. A recent hardware or software change might be the cause." Startup repair does nothing and safe mode and boot to last known good configuration both go back to windows failed screen. What now? :(

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 PM

Posted 10 February 2012 - 12:05 AM

Hello


use system restore it will bring it back up


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mmezzetta

mmezzetta
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 10 February 2012 - 12:10 AM

How can I if I can't load Windows even through safe mode?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:25 PM

Posted 10 February 2012 - 12:22 AM

Hello


press f8 when the computer starts

it will take you to the safe boot menu

at the top will be repair your computer

in this menu will give you the option to do a system restore


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 mmezzetta

mmezzetta
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 10 February 2012 - 12:27 AM

I clicked Repair Your Computer. Then I went to System Restore. It says there has been no restore points created to select. That is bs because I created one about a week ago. I have a feeling something really got jacked. What can I do now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users