Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
11 replies to this topic

#1 miromaneks

miromaneks

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 26 February 2012 - 08:17 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:10:22 PM, on 2/26/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Users\Katie\Downloads\HijackThis.exe
C:\Windows\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/BookWorm/Images/armhelper.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9075 bytes

Edit: Moved topic from Vista to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 29 February 2012 - 11:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

Please let me know the nature of the problems with this computer.

#3 miromaneks

miromaneks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 29 February 2012 - 11:36 PM

Thanks for the response. As I would like to say I was able to run DDS for you...I wasn't so lucky. The scan stops after around 50 # symbols showing the progress. I shut down Norton, I ran the program in Safe Mode and in regular mode about 5 time each. Still no luck.
As far as your question about what the PC is doing...I first noticed that the PC was freezing often. The laptop was pretty much up to date with Windows updates but I noticed there were 2 high priority times out there. The PC will freeze when trying to download and also freezes when trying to update Windows defender.

Please give me some other options since I can't get DSS to run. Thanks!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 01 March 2012 - 09:52 AM

Try to run these tools.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#5 miromaneks

miromaneks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 01 March 2012 - 08:33 PM

TDSSKiller Results Log:

20:28:31.0455 0976 TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
20:28:32.0017 0976 ============================================================
20:28:32.0017 0976 Current date / time: 2012/03/01 20:28:32.0017
20:28:32.0017 0976 SystemInfo:
20:28:32.0017 0976
20:28:32.0017 0976 OS Version: 6.0.6002 ServicePack: 2.0
20:28:32.0017 0976 Product type: Workstation
20:28:32.0017 0976 ComputerName: KATIE-PC
20:28:32.0017 0976 UserName: Katie
20:28:32.0017 0976 Windows directory: C:\Windows
20:28:32.0017 0976 System windows directory: C:\Windows
20:28:32.0017 0976 Processor architecture: Intel x86
20:28:32.0017 0976 Number of processors: 1
20:28:32.0017 0976 Page size: 0x1000
20:28:32.0017 0976 Boot type: Safe boot with network
20:28:32.0017 0976 ============================================================
20:28:32.0734 0976 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:28:32.0750 0976 \Device\Harddisk0\DR0:
20:28:32.0750 0976 MBR used
20:28:32.0750 0976 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x118BC800
20:28:32.0797 0976 Initialize success
20:28:32.0797 0976 ============================================================
20:28:35.0745 1016 ============================================================
20:28:35.0745 1016 Scan started
20:28:35.0745 1016 Mode: Manual;
20:28:35.0745 1016 ============================================================
20:28:37.0009 1016 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:28:37.0024 1016 ACPI - ok
20:28:37.0383 1016 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:28:37.0430 1016 adp94xx - ok
20:28:37.0664 1016 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:28:37.0711 1016 adpahci - ok
20:28:37.0960 1016 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:28:37.0960 1016 adpu160m - ok
20:28:38.0272 1016 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:28:38.0304 1016 adpu320 - ok
20:28:38.0772 1016 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:28:38.0834 1016 AFD - ok
20:28:39.0255 1016 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
20:28:39.0396 1016 AgereSoftModem - ok
20:28:39.0754 1016 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:28:39.0786 1016 agp440 - ok
20:28:40.0082 1016 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:28:40.0113 1016 aic78xx - ok
20:28:40.0425 1016 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:28:40.0456 1016 aliide - ok
20:28:40.0706 1016 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:28:40.0722 1016 amdagp - ok
20:28:40.0924 1016 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:28:40.0956 1016 amdide - ok
20:28:41.0143 1016 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:28:41.0158 1016 AmdK7 - ok
20:28:41.0236 1016 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:28:41.0252 1016 AmdK8 - ok
20:28:41.0595 1016 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:28:41.0611 1016 arc - ok
20:28:41.0860 1016 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:28:41.0860 1016 arcsas - ok
20:28:42.0219 1016 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:28:42.0235 1016 AsyncMac - ok
20:28:42.0516 1016 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
20:28:42.0547 1016 atapi - ok
20:28:42.0781 1016 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
20:28:42.0843 1016 athr - ok
20:28:43.0186 1016 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:28:43.0202 1016 Beep - ok
20:28:43.0639 1016 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120207.003\BHDrvx86.sys
20:28:43.0935 1016 BHDrvx86 - ok
20:28:44.0138 1016 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:28:44.0138 1016 blbdrive - ok
20:28:44.0325 1016 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:28:44.0325 1016 bowser - ok
20:28:44.0575 1016 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:28:44.0606 1016 BrFiltLo - ok
20:28:44.0949 1016 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:28:44.0965 1016 BrFiltUp - ok
20:28:45.0246 1016 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:28:45.0277 1016 Brserid - ok
20:28:45.0604 1016 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:28:45.0620 1016 BrSerWdm - ok
20:28:45.0994 1016 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:28:46.0010 1016 BrUsbMdm - ok
20:28:46.0228 1016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:28:46.0228 1016 BrUsbSer - ok
20:28:46.0447 1016 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:28:46.0462 1016 BTHMODEM - ok
20:28:46.0899 1016 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys
20:28:46.0962 1016 ccHP - ok
20:28:47.0211 1016 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:28:47.0227 1016 cdfs - ok
20:28:47.0617 1016 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:28:47.0632 1016 cdrom - ok
20:28:47.0944 1016 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:28:47.0976 1016 circlass - ok
20:28:48.0225 1016 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:28:48.0241 1016 CLFS - ok
20:28:48.0662 1016 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:28:48.0678 1016 CmBatt - ok
20:28:48.0927 1016 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:28:48.0927 1016 cmdide - ok
20:28:49.0177 1016 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:28:49.0192 1016 Compbatt - ok
20:28:49.0473 1016 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:28:49.0504 1016 crcdisk - ok
20:28:49.0707 1016 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:28:49.0707 1016 Crusoe - ok
20:28:49.0957 1016 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:28:49.0988 1016 DfsC - ok
20:28:50.0284 1016 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:28:50.0284 1016 disk - ok
20:28:50.0565 1016 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:28:50.0581 1016 drmkaud - ok
20:28:50.0908 1016 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:28:50.0971 1016 DXGKrnl - ok
20:28:51.0220 1016 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:28:51.0236 1016 E1G60 - ok
20:28:51.0501 1016 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:28:51.0532 1016 Ecache - ok
20:28:51.0688 1016 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:28:51.0735 1016 eeCtrl - ok
20:28:52.0078 1016 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:28:52.0110 1016 elxstor - ok
20:28:52.0312 1016 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
20:28:52.0328 1016 EraserUtilDrv11122 - ok
20:28:52.0562 1016 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:28:52.0578 1016 ErrDev - ok
20:28:52.0827 1016 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:28:52.0843 1016 exfat - ok
20:28:53.0077 1016 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:28:53.0092 1016 fastfat - ok
20:28:53.0311 1016 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:28:53.0342 1016 fdc - ok
20:28:53.0436 1016 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:28:53.0451 1016 FileInfo - ok
20:28:53.0685 1016 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:28:53.0685 1016 Filetrace - ok
20:28:53.0950 1016 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:28:53.0966 1016 flpydisk - ok
20:28:54.0216 1016 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:28:54.0247 1016 FltMgr - ok
20:28:54.0543 1016 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:28:54.0543 1016 Fs_Rec - ok
20:28:54.0684 1016 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
20:28:54.0684 1016 FwLnk - ok
20:28:54.0762 1016 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:28:54.0777 1016 gagp30kx - ok
20:28:54.0996 1016 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
20:28:54.0996 1016 GEARAspiWDM - ok
20:28:55.0230 1016 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:28:55.0230 1016 HdAudAddService - ok
20:28:55.0495 1016 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:28:55.0495 1016 HDAudBus - ok
20:28:55.0666 1016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:28:55.0682 1016 HidBth - ok
20:28:55.0744 1016 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:28:55.0791 1016 HidIr - ok
20:28:56.0025 1016 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
20:28:56.0041 1016 HidUsb - ok
20:28:56.0259 1016 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:28:56.0259 1016 HpCISSs - ok
20:28:56.0400 1016 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
20:28:56.0446 1016 HTTP - ok
20:28:56.0680 1016 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:28:56.0696 1016 i2omp - ok
20:28:56.0946 1016 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:28:56.0961 1016 i8042prt - ok
20:28:57.0258 1016 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
20:28:57.0258 1016 iaStor - ok
20:28:57.0460 1016 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:28:57.0492 1016 iaStorV - ok
20:28:57.0741 1016 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120224.002\IDSvix86.sys
20:28:57.0788 1016 IDSVix86 - ok
20:28:58.0194 1016 igfx (6fb1858d1f0923d122b0331865695041) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:28:58.0662 1016 igfx - ok
20:28:58.0864 1016 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:28:58.0864 1016 iirsp - ok
20:28:59.0629 1016 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
20:29:00.0518 1016 IntcAzAudAddService - ok
20:29:00.0892 1016 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:29:00.0908 1016 intelide - ok
20:29:01.0236 1016 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:29:01.0267 1016 intelppm - ok
20:29:01.0579 1016 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:29:01.0594 1016 IpFilterDriver - ok
20:29:01.0875 1016 IpInIp - ok
20:29:02.0265 1016 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:29:02.0281 1016 IPMIDRV - ok
20:29:02.0546 1016 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:29:02.0546 1016 IPNAT - ok
20:29:02.0686 1016 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:29:02.0686 1016 IRENUM - ok
20:29:02.0780 1016 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:29:02.0780 1016 isapnp - ok
20:29:02.0905 1016 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:29:02.0905 1016 iScsiPrt - ok
20:29:03.0061 1016 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:29:03.0061 1016 iteatapi - ok
20:29:03.0154 1016 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:29:03.0154 1016 iteraid - ok
20:29:03.0248 1016 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
20:29:03.0264 1016 jswpslwf - ok
20:29:03.0404 1016 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:29:03.0404 1016 kbdclass - ok
20:29:03.0498 1016 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:29:03.0498 1016 kbdhid - ok
20:29:03.0591 1016 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
20:29:03.0591 1016 KR10I - ok
20:29:03.0700 1016 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
20:29:03.0700 1016 KR10N - ok
20:29:03.0825 1016 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:29:03.0841 1016 KSecDD - ok
20:29:03.0950 1016 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:29:03.0950 1016 lltdio - ok
20:29:04.0044 1016 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:29:04.0044 1016 LSI_FC - ok
20:29:04.0122 1016 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:29:04.0137 1016 LSI_SAS - ok
20:29:04.0246 1016 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:29:04.0246 1016 LSI_SCSI - ok
20:29:04.0324 1016 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:29:04.0324 1016 luafv - ok
20:29:04.0465 1016 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:29:04.0465 1016 megasas - ok
20:29:04.0543 1016 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:29:04.0558 1016 MegaSR - ok
20:29:04.0636 1016 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:29:04.0636 1016 Modem - ok
20:29:04.0730 1016 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:29:04.0730 1016 monitor - ok
20:29:04.0746 1016 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:29:04.0746 1016 mouclass - ok
20:29:04.0855 1016 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:29:04.0855 1016 mouhid - ok
20:29:04.0917 1016 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:29:04.0933 1016 MountMgr - ok
20:29:05.0011 1016 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:29:05.0011 1016 mpio - ok
20:29:05.0089 1016 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:29:05.0104 1016 mpsdrv - ok
20:29:05.0198 1016 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:29:05.0198 1016 Mraid35x - ok
20:29:05.0292 1016 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:29:05.0292 1016 MRxDAV - ok
20:29:05.0338 1016 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:29:05.0354 1016 mrxsmb - ok
20:29:05.0432 1016 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:29:05.0432 1016 mrxsmb10 - ok
20:29:05.0541 1016 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:29:05.0541 1016 mrxsmb20 - ok
20:29:05.0619 1016 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
20:29:05.0619 1016 msahci - ok
20:29:05.0713 1016 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:29:05.0713 1016 msdsm - ok
20:29:05.0775 1016 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:29:05.0775 1016 Msfs - ok
20:29:05.0869 1016 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:29:05.0869 1016 msisadrv - ok
20:29:05.0978 1016 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:29:05.0978 1016 MSKSSRV - ok
20:29:06.0087 1016 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:29:06.0087 1016 MSPCLOCK - ok
20:29:06.0165 1016 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:29:06.0181 1016 MSPQM - ok
20:29:06.0228 1016 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:29:06.0228 1016 MsRPC - ok
20:29:06.0321 1016 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:29:06.0321 1016 mssmbios - ok
20:29:06.0430 1016 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:29:06.0430 1016 MSTEE - ok
20:29:06.0524 1016 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:29:06.0524 1016 Mup - ok
20:29:06.0649 1016 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:29:06.0649 1016 NativeWifiP - ok
20:29:06.0820 1016 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120225.008\NAVENG.SYS
20:29:06.0820 1016 NAVENG - ok
20:29:06.0914 1016 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120225.008\NAVEX15.SYS
20:29:06.0945 1016 NAVEX15 - ok
20:29:07.0117 1016 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:29:07.0132 1016 NDIS - ok
20:29:07.0273 1016 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:29:07.0273 1016 NdisTapi - ok
20:29:07.0351 1016 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:29:07.0351 1016 Ndisuio - ok
20:29:07.0398 1016 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:29:07.0413 1016 NdisWan - ok
20:29:07.0491 1016 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:29:07.0491 1016 NDProxy - ok
20:29:07.0616 1016 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:29:07.0616 1016 NetBIOS - ok
20:29:07.0741 1016 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:29:07.0741 1016 netbt - ok
20:29:07.0850 1016 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:29:07.0850 1016 nfrd960 - ok
20:29:08.0006 1016 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:29:08.0006 1016 Npfs - ok
20:29:08.0068 1016 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:29:08.0068 1016 nsiproxy - ok
20:29:08.0209 1016 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:29:08.0224 1016 Ntfs - ok
20:29:08.0349 1016 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:29:08.0349 1016 ntrigdigi - ok
20:29:08.0443 1016 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:29:08.0443 1016 Null - ok
20:29:08.0521 1016 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:29:08.0536 1016 nvraid - ok
20:29:08.0614 1016 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:29:08.0614 1016 nvstor - ok
20:29:08.0708 1016 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:29:08.0708 1016 nv_agp - ok
20:29:08.0770 1016 NwlnkFlt - ok
20:29:08.0786 1016 NwlnkFwd - ok
20:29:08.0848 1016 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:29:08.0848 1016 ohci1394 - ok
20:29:08.0942 1016 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:29:08.0942 1016 Parport - ok
20:29:09.0036 1016 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:29:09.0036 1016 partmgr - ok
20:29:09.0067 1016 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:29:09.0067 1016 Parvdm - ok
20:29:09.0176 1016 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:29:09.0192 1016 pci - ok
20:29:09.0332 1016 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
20:29:09.0332 1016 pciide - ok
20:29:09.0426 1016 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:29:09.0441 1016 pcmcia - ok
20:29:09.0566 1016 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:29:09.0582 1016 PEAUTH - ok
20:29:09.0784 1016 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:29:09.0784 1016 PptpMiniport - ok
20:29:09.0925 1016 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:29:09.0925 1016 Processor - ok
20:29:10.0065 1016 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:29:10.0065 1016 PSched - ok
20:29:10.0174 1016 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
20:29:10.0174 1016 PxHelp20 - ok
20:29:10.0346 1016 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:29:10.0362 1016 ql2300 - ok
20:29:10.0502 1016 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:29:10.0502 1016 ql40xx - ok
20:29:10.0627 1016 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:29:10.0627 1016 QWAVEdrv - ok
20:29:10.0705 1016 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:29:10.0705 1016 RasAcd - ok
20:29:10.0783 1016 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:29:10.0783 1016 Rasl2tp - ok
20:29:10.0845 1016 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:29:10.0845 1016 RasPppoe - ok
20:29:10.0939 1016 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:29:10.0939 1016 RasSstp - ok
20:29:11.0048 1016 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:29:11.0048 1016 rdbss - ok
20:29:11.0110 1016 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:29:11.0126 1016 RDPCDD - ok
20:29:11.0235 1016 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:29:11.0235 1016 rdpdr - ok
20:29:11.0313 1016 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:29:11.0313 1016 RDPENCDD - ok
20:29:11.0454 1016 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:29:11.0454 1016 RDPWD - ok
20:29:11.0610 1016 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:29:11.0610 1016 rspndr - ok
20:29:11.0750 1016 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:29:11.0750 1016 RTL8169 - ok
20:29:11.0844 1016 RTSTOR (f5825e41286556ddb8cc83a91d88f3c6) C:\Windows\system32\drivers\RTSTOR.SYS
20:29:11.0844 1016 RTSTOR - ok
20:29:11.0953 1016 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:29:11.0953 1016 sbp2port - ok
20:29:12.0046 1016 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:29:12.0046 1016 secdrv - ok
20:29:12.0171 1016 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:29:12.0171 1016 Serenum - ok
20:29:12.0265 1016 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:29:12.0265 1016 Serial - ok
20:29:12.0358 1016 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:29:12.0358 1016 sermouse - ok
20:29:12.0483 1016 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:29:12.0483 1016 sffdisk - ok
20:29:12.0577 1016 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:29:12.0577 1016 sffp_mmc - ok
20:29:12.0655 1016 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:29:12.0655 1016 sffp_sd - ok
20:29:12.0733 1016 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:29:12.0733 1016 sfloppy - ok
20:29:12.0842 1016 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:29:12.0842 1016 sisagp - ok
20:29:12.0873 1016 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:29:12.0873 1016 SiSRaid2 - ok
20:29:12.0982 1016 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:29:12.0998 1016 SiSRaid4 - ok
20:29:13.0107 1016 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:29:13.0107 1016 Smb - ok
20:29:13.0201 1016 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:29:13.0216 1016 spldr - ok
20:29:13.0357 1016 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS
20:29:13.0357 1016 SRTSP - ok
20:29:13.0560 1016 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS
20:29:13.0560 1016 SRTSPX - ok
20:29:13.0716 1016 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:29:13.0731 1016 srv - ok
20:29:13.0872 1016 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:29:13.0872 1016 srv2 - ok
20:29:13.0965 1016 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:29:13.0965 1016 srvnet - ok
20:29:14.0028 1016 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:29:14.0028 1016 swenum - ok
20:29:14.0121 1016 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:29:14.0121 1016 Symc8xx - ok
20:29:14.0277 1016 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS
20:29:14.0277 1016 SymDS - ok
20:29:14.0464 1016 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS
20:29:14.0480 1016 SymEFA - ok
20:29:14.0620 1016 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:29:14.0620 1016 SymEvent - ok
20:29:14.0792 1016 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS
20:29:14.0792 1016 SymIRON - ok
20:29:14.0932 1016 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS
20:29:14.0932 1016 SYMTDIv - ok
20:29:15.0073 1016 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:29:15.0088 1016 Sym_hi - ok
20:29:15.0151 1016 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:29:15.0151 1016 Sym_u3 - ok
20:29:15.0213 1016 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
20:29:15.0213 1016 SynTP - ok
20:29:15.0354 1016 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:29:15.0369 1016 Tcpip - ok
20:29:15.0525 1016 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:29:15.0541 1016 Tcpip6 - ok
20:29:15.0666 1016 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:29:15.0666 1016 tcpipreg - ok
20:29:15.0759 1016 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:29:15.0759 1016 tdcmdpst - ok
20:29:15.0853 1016 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:29:15.0853 1016 TDPIPE - ok
20:29:15.0993 1016 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:29:15.0993 1016 TDTCP - ok
20:29:16.0102 1016 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:29:16.0102 1016 tdx - ok
20:29:16.0212 1016 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:29:16.0212 1016 TermDD - ok
20:29:16.0399 1016 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
20:29:16.0399 1016 tos_sps32 - ok
20:29:16.0539 1016 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:29:16.0539 1016 tssecsrv - ok
20:29:16.0664 1016 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:29:16.0664 1016 tunmp - ok
20:29:16.0742 1016 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
20:29:16.0742 1016 tunnel - ok
20:29:16.0836 1016 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:29:16.0851 1016 TVALZ - ok
20:29:16.0929 1016 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:29:16.0929 1016 uagp35 - ok
20:29:17.0023 1016 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:29:17.0023 1016 udfs - ok
20:29:17.0148 1016 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:29:17.0148 1016 uliagpkx - ok
20:29:17.0226 1016 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:29:17.0241 1016 uliahci - ok
20:29:17.0350 1016 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:29:17.0350 1016 UlSata - ok
20:29:17.0444 1016 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:29:17.0444 1016 ulsata2 - ok
20:29:17.0491 1016 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:29:17.0491 1016 umbus - ok
20:29:17.0600 1016 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
20:29:17.0600 1016 USBAAPL - ok
20:29:17.0678 1016 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:29:17.0678 1016 usbaudio - ok
20:29:17.0787 1016 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:29:17.0787 1016 usbccgp - ok
20:29:17.0850 1016 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:29:17.0850 1016 usbcir - ok
20:29:17.0959 1016 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:29:17.0959 1016 usbehci - ok
20:29:18.0037 1016 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:29:18.0037 1016 usbhub - ok
20:29:18.0099 1016 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:29:18.0099 1016 usbohci - ok
20:29:18.0193 1016 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:29:18.0193 1016 usbprint - ok
20:29:18.0286 1016 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:29:18.0286 1016 USBSTOR - ok
20:29:18.0396 1016 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:29:18.0396 1016 usbuhci - ok
20:29:18.0474 1016 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:29:18.0474 1016 usbvideo - ok
20:29:18.0598 1016 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:29:18.0598 1016 vga - ok
20:29:18.0661 1016 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:29:18.0661 1016 VgaSave - ok
20:29:18.0708 1016 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:29:18.0708 1016 viaagp - ok
20:29:18.0817 1016 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:29:18.0817 1016 ViaC7 - ok
20:29:18.0910 1016 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:29:18.0910 1016 viaide - ok
20:29:18.0957 1016 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:29:18.0973 1016 volmgr - ok
20:29:19.0051 1016 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:29:19.0066 1016 volmgrx - ok
20:29:19.0207 1016 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:29:19.0207 1016 volsnap - ok
20:29:19.0300 1016 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:29:19.0316 1016 vsmraid - ok
20:29:19.0425 1016 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:29:19.0425 1016 WacomPen - ok
20:29:19.0519 1016 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:29:19.0519 1016 Wanarp - ok
20:29:19.0534 1016 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:29:19.0534 1016 Wanarpv6 - ok
20:29:19.0644 1016 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:29:19.0644 1016 Wd - ok
20:29:19.0753 1016 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:29:19.0753 1016 Wdf01000 - ok
20:29:19.0956 1016 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:29:19.0971 1016 WmiAcpi - ok
20:29:20.0080 1016 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:29:20.0080 1016 WpdUsb - ok
20:29:20.0190 1016 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:29:20.0190 1016 ws2ifsl - ok
20:29:20.0299 1016 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:29:20.0299 1016 WUDFRd - ok
20:29:20.0330 1016 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:29:20.0392 1016 \Device\Harddisk0\DR0 - ok
20:29:20.0392 1016 Boot (0x1200) (130ea8d2edec2389d335ae86edfbd2ff) \Device\Harddisk0\DR0\Partition0
20:29:20.0392 1016 \Device\Harddisk0\DR0\Partition0 - ok
20:29:20.0408 1016 ============================================================
20:29:20.0408 1016 Scan finished
20:29:20.0408 1016 ============================================================
20:29:20.0408 1040 Detected object count: 0
20:29:20.0408 1040 Actual detected object count: 0


===========================================================================================================

Avast Results Log:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-01 19:58:04
-----------------------------
19:58:04.119 OS Version: Windows 6.0.6002 Service Pack 2
19:58:04.119 Number of processors: 1 586 0xF0D
19:58:04.134 ComputerName: KATIE-PC UserName: Katie
19:58:35.381 Initialize success
19:59:36.923 AVAST engine defs: 12030101
20:02:02.768 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:02:02.768 Disk 0 Vendor: Hitachi_ FB2O Size: 152627MB BusType: 3
20:02:02.783 Disk 0 MBR read successfully
20:02:02.783 Disk 0 MBR scan
20:02:02.814 Disk 0 Windows VISTA default MBR code
20:02:02.830 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:02:02.861 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 143737 MB offset 3074048
20:02:02.892 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7389 MB offset 297447424
20:02:02.908 Disk 0 scanning sectors +312580096
20:02:02.970 Disk 0 scanning C:\Windows\system32\drivers
20:02:13.922 Service scanning
20:02:44.950 Modules scanning
20:02:51.830 Disk 0 trace - called modules:
20:02:52.360 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:02:52.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85aa5a70]
20:02:52.376 3 CLASSPNP.SYS[89d0b8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85013028]
20:02:53.390 AVAST engine scan C:\Windows
20:02:56.728 AVAST engine scan C:\Windows\system32
20:05:48.905 AVAST engine scan C:\Windows\system32\drivers
20:06:03.772 AVAST engine scan C:\Users\Katie
20:09:49.769 AVAST engine scan C:\ProgramData
20:11:41.699 Scan finished successfully
20:12:12.572 Disk 0 MBR has been saved successfully to "C:\Users\Katie\Desktop\Utilities\Avast\MBR.dat"
20:12:12.572 The log file has been saved successfully to "C:\Users\Katie\Desktop\Utilities\Avast\aswMBR.txt"

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 02 March 2012 - 08:31 AM

Your logs are clean.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#7 miromaneks

miromaneks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 02 March 2012 - 11:14 PM

Wow...that took quite the effort. ComboFix did not want to work in Safe Mode, regular boot up, with Norton Security Suite off. System kept freezing. Tried probably 6 times. I got frustrated during the last attempt. I can tell when it is going to freeze up -- It starts by making the start button in operable and then from clicking on any open windows and so forth. As soon as the Start button became inoperable, I clicked on CTRL, ALT, FN, and Pause/Break and the screen flashed and things appeared to go back to normal. The laptop let me run things that had not been functioning well. So, I was able to get the logs...

ComboFix Scan Results:

ComboFix 12-03-01.02 - Katie 03/02/2012 20:13:57.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1497 [GMT -5:00]
Running from: c:\users\Katie\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 01:28 . 2012-03-03 01:29 -------- d-----w- c:\users\Katie\AppData\Local\temp
2012-03-03 01:28 . 2012-03-03 01:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 01:01 . 2012-02-20 06:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B25FC70E-98C9-4227-8538-5330625018CF}\mpengine.dll
2012-03-03 00:54 . 2012-01-29 10:10 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-02 02:39 . 2012-03-02 02:39 -------- d-----w- c:\users\Katie\{303ad1fd-e282-43fa-86b8-370f29255b0c}
2012-02-26 23:12 . 2012-02-26 23:12 -------- d-----w- c:\users\Katie\{9128ab40-824b-48ed-837f-03dd5196c918}
2012-02-26 22:16 . 2012-02-26 22:16 -------- d-----w- c:\users\Katie\{da538dd9-24c1-46fb-be66-108151c54a83}
2012-02-26 21:36 . 2012-02-26 21:36 -------- d-----w- c:\users\Katie\{eafb4927-fe1d-4312-ac73-50fd0eb46e24}
2012-02-26 21:04 . 2012-02-26 21:04 -------- d-----w- c:\users\Katie\{0ae4d519-40ba-4a47-b9ca-564ef2d31996}
2012-02-26 19:35 . 2012-02-26 19:35 -------- d-----w- c:\users\Katie\{e724ee2f-88c3-40a4-9995-1d34b434fe25}
2012-02-26 19:34 . 2012-02-26 19:34 -------- d-----w- c:\program files\Bonjour
2012-02-26 19:34 . 2012-02-26 19:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-02-26 19:34 . 2012-02-26 19:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-02-26 19:34 . 2012-02-26 19:34 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-02-26 19:34 . 2012-02-26 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-02-26 19:34 . 2012-02-26 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-02-26 19:34 . 2012-02-26 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-02-26 19:34 . 2012-02-26 19:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-02-26 19:32 . 2012-02-26 19:33 -------- d-----w- c:\program files\QuickTime
2012-02-26 19:28 . 2012-02-26 19:28 -------- d-----w- c:\program files\Apple Software Update
2012-02-15 03:18 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 03:18 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 03:18 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-26 18:44 . 2011-09-14 20:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Katie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2011-11-14 12:51 6860960 ----a-w- c:\users\Katie\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 23:35]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 23:35]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3694523967-748316422-2471045764-1000Core.job
- c:\users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 23:52]
.
2012-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3694523967-748316422-2471045764-1000UA.job
- c:\users\Katie\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-08 23:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=hp
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-02 20:29
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????g?R,$??h?????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5152)
c:\windows\system32\authui.dll
c:\program files\Norton Security Suite\Engine\4.4.0.12\ccGEvt.dll
.
Completion time: 2012-03-02 20:43:18
ComboFix-quarantined-files.txt 2012-03-03 01:43
.
Pre-Run: 112,909,918,208 bytes free
Post-Run: 112,649,535,488 bytes free
.
- - End Of File - - EED2567BB38AFC01B7C701729A2F20B1


==================================================================================================

Security Check Scan Results:

Results of screen317's Security Check version 0.99.31
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java™ 6 Update 6
Java version out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 03 March 2012 - 08:26 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 29
Java™ 6 Update 6


Please let me know of any remaining issues with this computer.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 09 March 2012 - 09:36 AM

Are you still with me?

#10 miromaneks

miromaneks
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:04 PM

Posted 09 March 2012 - 02:54 PM

Sorry, yes I am still here. Was having trouble responding to the thread for some reason. I updated pretty much everything I could update, as well as Windows updates and the Java update. I have not had any issues with the PC as I had been having. Not sure if any of the apps you were having me run did anything automatically. I never clicked on anything that said to fix anything. I do apprecaite all the assistance and you were definitely very helpful. Thanks!

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 11 March 2012 - 09:31 AM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:04 PM

Posted 17 March 2012 - 09:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users