Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 2012 Fake Anti-Virus?


  • This topic is locked This topic is locked
19 replies to this topic

#1 sh4rkbyt3

sh4rkbyt3

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 19 March 2012 - 04:45 PM

Recently acquired a laptop with infections that seem to mimick the Windows 2012 Fake Anti Virus infections that I've seen. Defogger has already been used to turn off the CD Emulation and I scanned with SAS Super Anti Spyware to see what I could find. Internet connection (wired and wireless) was unable to connect until after the first SAS scan. Upon the first scan SAS located Malware.Trace and a SVC Host.Fake file. They were quarantined and then I had access to the Internet temporarily. I used Defraggler to try and get some sense of order on the system but it appeared to load what I thought was originally a worm back into the system as the hard drive re-acquired about 20Gb of used space just from Defragging. The Norton Anti-Virus has been allegedly expired so I turned on the Windows Firewall. Below is the first DDS file as well as the attachment located on the Attachments list.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Todd at 17:32:22 on 2012-03-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1531 [GMT -4:00]
.
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TetherBerry\TBService.exe
C:\Program Files\TetherBerry\TBService.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\dcmsvc\dcmsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.2.0.13\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Skytel] Skytel.exe
mRun: [dcmsvc] c:\program files\dcmsvc\dcmsvc.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\todd\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\todd\appdata\roaming\micros~1\windows\startm~1\programs\startup\warner~1.lnk - c:\program files\warner bros. digital copy manager\Warner Bros. Digital Copy Manager.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{0F4BB8A1-D730-44E1-A157-41C6455E84A4} : NameServer = 208.67.222.222,208.67.220.220
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-8 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-8 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20111123.001\BHDrvx86.sys [2011-11-29 819320]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111210.001\IDSvix86.sys [2011-12-13 368248]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-1-20 20384]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-8 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys [2012-2-8 331384]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-9-7 202048]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.2.0.13\ccsvchst.exe [2012-2-8 130008]
R2 Tether;Tether;c:\program files\tetherberry\TBService.exe [2009-12-26 49080]
R2 TetherBerry;TetherBerry;c:\program files\tetherberry\TBService.exe [2009-12-26 49080]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-10 106104]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-5-5 7168]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9e726c6da4133;Google Update Service (gupdate1c9e726c6da4133);c:\program files\google\update\GoogleUpdate.exe [2009-6-7 133104]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-5 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-7 133104]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-1-20 954368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-18 40776]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [2009-12-26 45608]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-3-20 32408]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-5-16 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-03-19 18:46:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-19 04:37:42 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{8b019c62-3a73-4d7c-9c9b-9318410f7a3e}\mpengine.dll
2012-03-19 01:13:56 -------- d-----w- c:\users\todd\appdata\roaming\SUPERAntiSpyware.com
2012-03-19 01:13:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-19 00:35:21 388096 ----a-r- c:\users\todd\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-03-19 00:35:20 -------- d-----w- c:\program files\Trend Micro
2012-03-19 00:28:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-18 23:32:28 -------- d-----w- c:\program files\VS Revo Group
2012-03-18 21:18:48 -------- d-----w- c:\program files\CCleaner
2012-03-17 04:12:06 -------- d-----w- c:\program files\Defraggler
2012-03-17 03:46:51 -------- d-----w- c:\users\todd\appdata\roaming\Malwarebytes
2012-03-17 03:46:44 -------- d-----w- c:\programdata\Malwarebytes
2012-03-17 03:46:41 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 03:46:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-15 02:55:23 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 02:55:22 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 02:55:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 02:55:22 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 02:55:21 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 02:55:21 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 02:55:20 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-15 02:55:05 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-15 02:55:05 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-23 19:50:27 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
==================== Find3M ====================
.
2012-03-19 04:22:05 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:33:14.48 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 22 March 2012 - 11:45 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 24 March 2012 - 10:20 AM

Gringo, thank you once again for your help. I have done as you said and ran Combofix. Currently I am still unable to access the Internet and I am showing two connection icons on the desktop that I've seen from other infections: The Internet and Launch Internet Explorer.


Below is the logfile from the COMBOFIX run:

ComboFix 12-03-22.01 - Todd 03/24/2012 10:54:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1802 [GMT -4:00]
Running from: E:\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\invokesi.exe
c:\users\Todd\videos\nPlayWMV_goats.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 15:03 . 2012-03-24 15:04 -------- d-----w- c:\users\Todd\AppData\Local\temp
2012-03-24 15:03 . 2012-03-24 15:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 18:46 . 2012-03-19 18:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-19 04:37 . 2012-03-01 18:34 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8B019C62-3A73-4D7C-9C9B-9318410F7A3E}\mpengine.dll ERROR(0x00000005)
2012-03-19 01:13 . 2012-03-19 01:13 -------- d-----w- c:\users\Todd\AppData\Roaming\SUPERAntiSpyware.com
2012-03-19 00:35 . 2012-03-19 00:35 388096 ----a-r- c:\users\Todd\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-19 00:35 . 2012-03-19 00:35 -------- d-----w- c:\program files\Trend Micro
2012-03-19 00:28 . 2012-03-19 18:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-18 23:32 . 2012-03-18 23:32 -------- d-----w- c:\program files\VS Revo Group
2012-03-18 21:18 . 2012-03-18 21:18 -------- d-----w- c:\program files\CCleaner
2012-03-17 04:12 . 2012-03-18 21:22 -------- d-----w- c:\program files\Defraggler
2012-03-17 03:46 . 2012-03-17 03:46 -------- d-----w- c:\users\Todd\AppData\Roaming\Malwarebytes
2012-03-17 03:46 . 2012-03-18 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 03:46 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 02:55 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 02:55 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 02:55 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 02:55 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 02:55 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 02:55 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 02:55 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-15 02:55 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-15 02:55 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-23 19:50 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 04:22 . 2010-04-19 21:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 13:18 . 2010-05-25 14:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2009-12-9 95744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Todd^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk]
path=c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
backup=c:\windows\pss\Warner Bros.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 21:35 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-30 04:46 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 06:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 19:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 05:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 14:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 17:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 04:16]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 04:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{0F4BB8A1-D730-44E1-A157-41C6455E84A4}: NameServer = 208.67.222.222,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-MSN Toolbar - c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TOSCDSPD - TOSCDSPD.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 11:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-24 11:07:08
ComboFix-quarantined-files.txt 2012-03-24 15:07
.
Pre-Run: 136,217,927,680 bytes free
Post-Run: 135,619,989,504 bytes free
.
- - End Of File - - DAA6F0E2AD6B284E731E8FEE42394191

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 24 March 2012 - 10:22 AM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 24 March 2012 - 10:30 AM

Here is the Farbar Service Scanner results:

Farbar Service Scanner
Ran by Todd (administrator) on 24-03-2012 at 11:28:41
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
********************************************************

Service Check:
==============

File Check:
===========
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit

Connection Status:
==================
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.

**** End of log ****

#6 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 24 March 2012 - 10:32 AM

The icon on the taskbar is reporting Limited Connectivity but no connection when I open IE.

#7 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 24 March 2012 - 10:40 AM

Ok double checked using ethernet and that's working so it's most likely a signal issue.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 24 March 2012 - 11:30 AM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.

------------------------------------------------

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

------------------------------------------

If that doesn't work, bypass router, and connect computer straight to the modem.

---------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

-------------------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


----------------------------------------



If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 24 March 2012 - 12:51 PM

Ok had to go through all of the steps and then lastly reset the router but it's up now and online :).

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 24 March 2012 - 01:28 PM

Greetings

Great!! That will make things easier.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 24 March 2012 - 02:18 PM

TDSS found nothing but here is the log file:

14:56:21.0243 5712 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
14:56:21.0617 5712 ============================================================
14:56:21.0617 5712 Current date / time: 2012/03/24 14:56:21.0617
14:56:21.0617 5712 SystemInfo:
14:56:21.0617 5712
14:56:21.0617 5712 OS Version: 6.0.6002 ServicePack: 2.0
14:56:21.0617 5712 Product type: Workstation
14:56:21.0618 5712 ComputerName: TODD-PC
14:56:21.0618 5712 UserName: Todd
14:56:21.0618 5712 Windows directory: C:\Windows
14:56:21.0618 5712 System windows directory: C:\Windows
14:56:21.0618 5712 Processor architecture: Intel x86
14:56:21.0618 5712 Number of processors: 2
14:56:21.0618 5712 Page size: 0x1000
14:56:21.0618 5712 Boot type: Normal boot
14:56:21.0618 5712 ============================================================
14:56:23.0197 5712 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:56:23.0202 5712 \Device\Harddisk0\DR0:
14:56:23.0202 5712 MBR used
14:56:23.0202 5712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C30B000
14:56:23.0225 5712 Initialize success
14:56:23.0225 5712 ============================================================
14:56:26.0342 5784 ============================================================
14:56:26.0342 5784 Scan started
14:56:26.0342 5784 Mode: Manual;
14:56:26.0342 5784 ============================================================
14:56:27.0299 5784 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
14:56:27.0302 5784 !SASCORE - ok
14:56:27.0472 5784 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:56:27.0477 5784 ACPI - ok
14:56:27.0545 5784 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:56:27.0552 5784 adp94xx - ok
14:56:27.0589 5784 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:56:27.0594 5784 adpahci - ok
14:56:27.0634 5784 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:56:27.0636 5784 adpu160m - ok
14:56:27.0671 5784 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:56:27.0674 5784 adpu320 - ok
14:56:27.0730 5784 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
14:56:27.0731 5784 AeLookupSvc - ok
14:56:27.0800 5784 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:56:27.0807 5784 AFD - ok
14:56:27.0864 5784 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
14:56:27.0865 5784 AgereModemAudio - ok
14:56:27.0961 5784 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
14:56:27.0981 5784 AgereSoftModem - ok
14:56:28.0029 5784 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:56:28.0031 5784 agp440 - ok
14:56:28.0068 5784 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:56:28.0070 5784 aic78xx - ok
14:56:28.0109 5784 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
14:56:28.0111 5784 ALG - ok
14:56:28.0136 5784 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:56:28.0138 5784 aliide - ok
14:56:28.0165 5784 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:56:28.0167 5784 amdagp - ok
14:56:28.0193 5784 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:56:28.0194 5784 amdide - ok
14:56:28.0231 5784 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:56:28.0233 5784 AmdK7 - ok
14:56:28.0256 5784 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:56:28.0258 5784 AmdK8 - ok
14:56:28.0318 5784 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
14:56:28.0319 5784 Appinfo - ok
14:56:28.0400 5784 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:56:28.0404 5784 arc - ok
14:56:28.0439 5784 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:56:28.0441 5784 arcsas - ok
14:56:28.0466 5784 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:56:28.0468 5784 AsyncMac - ok
14:56:28.0515 5784 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:56:28.0517 5784 atapi - ok
14:56:28.0609 5784 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
14:56:28.0633 5784 athr - ok
14:56:28.0709 5784 Ati External Event Utility (37c63181d8a1b6c948f0866bcbde406e) C:\Windows\system32\Ati2evxx.exe
14:56:28.0728 5784 Ati External Event Utility - ok
14:56:28.0908 5784 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
14:56:28.0983 5784 atikmdag - ok
14:56:29.0083 5784 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
14:56:29.0084 5784 AtiPcie - ok
14:56:29.0139 5784 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:56:29.0145 5784 AudioEndpointBuilder - ok
14:56:29.0173 5784 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
14:56:29.0178 5784 Audiosrv - ok
14:56:29.0303 5784 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
14:56:29.0307 5784 BBSvc - ok
14:56:29.0414 5784 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:56:29.0416 5784 Beep - ok
14:56:29.0495 5784 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
14:56:29.0502 5784 BFE - ok
14:56:29.0658 5784 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111123.001\BHDrvx86.sys
14:56:29.0680 5784 BHDrvx86 - ok
14:56:29.0804 5784 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
14:56:29.0831 5784 BITS - ok
14:56:29.0898 5784 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:56:29.0901 5784 blbdrive - ok
14:56:29.0943 5784 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:56:29.0945 5784 bowser - ok
14:56:29.0985 5784 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:56:29.0986 5784 BrFiltLo - ok
14:56:30.0023 5784 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:56:30.0024 5784 BrFiltUp - ok
14:56:30.0064 5784 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
14:56:30.0066 5784 Browser - ok
14:56:30.0100 5784 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:56:30.0101 5784 Brserid - ok
14:56:30.0135 5784 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:56:30.0137 5784 BrSerWdm - ok
14:56:30.0165 5784 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:56:30.0167 5784 BrUsbMdm - ok
14:56:30.0200 5784 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:56:30.0201 5784 BrUsbSer - ok
14:56:30.0238 5784 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:56:30.0240 5784 BTHMODEM - ok
14:56:30.0328 5784 catchme - ok
14:56:30.0410 5784 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:56:30.0413 5784 cdfs - ok
14:56:30.0521 5784 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:56:30.0523 5784 cdrom - ok
14:56:30.0599 5784 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:56:30.0602 5784 CertPropSvc - ok
14:56:30.0643 5784 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:56:30.0646 5784 circlass - ok
14:56:30.0701 5784 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:56:30.0710 5784 CLFS - ok
14:56:30.0753 5784 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:56:30.0757 5784 clr_optimization_v2.0.50727_32 - ok
14:56:30.0840 5784 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:56:30.0845 5784 clr_optimization_v4.0.30319_32 - ok
14:56:30.0958 5784 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:56:30.0960 5784 CmBatt - ok
14:56:31.0008 5784 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:56:31.0010 5784 cmdide - ok
14:56:31.0043 5784 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:56:31.0045 5784 Compbatt - ok
14:56:31.0072 5784 COMSysApp - ok
14:56:31.0171 5784 ConfigFree Service (d10d01b2dfcd8d2f32a32ed29e8da1c2) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:56:31.0173 5784 ConfigFree Service - ok
14:56:31.0233 5784 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:56:31.0235 5784 crcdisk - ok
14:56:31.0270 5784 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:56:31.0273 5784 Crusoe - ok
14:56:31.0341 5784 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
14:56:31.0347 5784 CryptSvc - ok
14:56:31.0412 5784 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:56:31.0427 5784 DcomLaunch - ok
14:56:31.0468 5784 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:56:31.0470 5784 DfsC - ok
14:56:31.0715 5784 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
14:56:31.0757 5784 DFSR - ok
14:56:31.0829 5784 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
14:56:31.0833 5784 Dhcp - ok
14:56:31.0892 5784 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:56:31.0893 5784 disk - ok
14:56:31.0943 5784 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
14:56:31.0946 5784 Dnscache - ok
14:56:31.0986 5784 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
14:56:31.0990 5784 dot3svc - ok
14:56:32.0046 5784 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
14:56:32.0050 5784 DPS - ok
14:56:32.0111 5784 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:56:32.0112 5784 drmkaud - ok
14:56:32.0168 5784 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:56:32.0177 5784 DXGKrnl - ok
14:56:32.0222 5784 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:56:32.0224 5784 E1G60 - ok
14:56:32.0284 5784 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
14:56:32.0286 5784 EapHost - ok
14:56:32.0374 5784 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:56:32.0376 5784 Ecache - ok
14:56:32.0487 5784 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:56:32.0493 5784 eeCtrl - ok
14:56:32.0581 5784 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
14:56:32.0591 5784 ehRecvr - ok
14:56:32.0611 5784 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
14:56:32.0614 5784 ehSched - ok
14:56:32.0634 5784 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
14:56:32.0636 5784 ehstart - ok
14:56:32.0732 5784 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:56:32.0738 5784 elxstor - ok
14:56:32.0835 5784 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
14:56:32.0853 5784 EMDMgmt - ok
14:56:32.0958 5784 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:56:32.0963 5784 EraserUtilRebootDrv - ok
14:56:33.0076 5784 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:56:33.0079 5784 ErrDev - ok
14:56:33.0176 5784 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
14:56:33.0187 5784 EventSystem - ok
14:56:33.0258 5784 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:56:33.0263 5784 exfat - ok
14:56:33.0309 5784 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:56:33.0315 5784 fastfat - ok
14:56:33.0365 5784 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:56:33.0367 5784 fdc - ok
14:56:33.0412 5784 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
14:56:33.0416 5784 fdPHost - ok
14:56:33.0448 5784 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
14:56:33.0452 5784 FDResPub - ok
14:56:33.0486 5784 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:56:33.0489 5784 FileInfo - ok
14:56:33.0533 5784 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:56:33.0537 5784 Filetrace - ok
14:56:33.0568 5784 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:56:33.0570 5784 flpydisk - ok
14:56:33.0606 5784 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:56:33.0610 5784 FltMgr - ok
14:56:33.0689 5784 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
14:56:33.0702 5784 FontCache - ok
14:56:33.0744 5784 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:56:33.0745 5784 FontCache3.0.0.0 - ok
14:56:33.0802 5784 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:56:33.0803 5784 Fs_Rec - ok
14:56:33.0834 5784 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
14:56:33.0836 5784 FwLnk - ok
14:56:33.0864 5784 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:56:33.0865 5784 gagp30kx - ok
14:56:33.0975 5784 GameConsoleService (551d463e4cceb5240234da6718c93a44) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
14:56:33.0978 5784 GameConsoleService - ok
14:56:34.0075 5784 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:56:34.0076 5784 GEARAspiWDM - ok
14:56:34.0182 5784 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
14:56:34.0184 5784 GoogleDesktopManager-051210-111108 - ok
14:56:34.0294 5784 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
14:56:34.0305 5784 gpsvc - ok
14:56:34.0400 5784 gupdate1c9e726c6da4133 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:56:34.0402 5784 gupdate1c9e726c6da4133 - ok
14:56:34.0435 5784 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
14:56:34.0438 5784 gupdatem - ok
14:56:34.0509 5784 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:56:34.0516 5784 gusvc - ok
14:56:34.0642 5784 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:56:34.0650 5784 HdAudAddService - ok
14:56:34.0737 5784 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:56:34.0753 5784 HDAudBus - ok
14:56:34.0789 5784 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:56:34.0792 5784 HidBth - ok
14:56:34.0825 5784 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:56:34.0827 5784 HidIr - ok
14:56:34.0870 5784 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
14:56:34.0873 5784 hidserv - ok
14:56:34.0924 5784 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:56:34.0926 5784 HidUsb - ok
14:56:34.0977 5784 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
14:56:34.0984 5784 hkmsvc - ok
14:56:35.0029 5784 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:56:35.0031 5784 HpCISSs - ok
14:56:35.0087 5784 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:56:35.0094 5784 HTTP - ok
14:56:35.0118 5784 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:56:35.0119 5784 i2omp - ok
14:56:35.0171 5784 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:56:35.0172 5784 i8042prt - ok
14:56:35.0210 5784 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:56:35.0214 5784 iaStorV - ok
14:56:35.0308 5784 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:56:35.0310 5784 IDriverT - ok
14:56:35.0410 5784 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:56:35.0434 5784 idsvc - ok
14:56:35.0583 5784 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111210.001\IDSvix86.sys
14:56:35.0595 5784 IDSVix86 - ok
14:56:35.0679 5784 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:56:35.0682 5784 iirsp - ok
14:56:35.0768 5784 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
14:56:35.0783 5784 IKEEXT - ok
14:56:35.0934 5784 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
14:56:35.0981 5784 IntcAzAudAddService - ok
14:56:36.0030 5784 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:56:36.0031 5784 intelide - ok
14:56:36.0072 5784 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:56:36.0074 5784 intelppm - ok
14:56:36.0127 5784 IO_Memory - ok
14:56:36.0169 5784 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
14:56:36.0172 5784 IPBusEnum - ok
14:56:36.0209 5784 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:56:36.0211 5784 IpFilterDriver - ok
14:56:36.0255 5784 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
14:56:36.0261 5784 iphlpsvc - ok
14:56:36.0280 5784 IpInIp - ok
14:56:36.0319 5784 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:56:36.0321 5784 IPMIDRV - ok
14:56:36.0370 5784 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:56:36.0372 5784 IPNAT - ok
14:56:36.0400 5784 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:56:36.0401 5784 IRENUM - ok
14:56:36.0428 5784 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:56:36.0430 5784 isapnp - ok
14:56:36.0478 5784 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:56:36.0482 5784 iScsiPrt - ok
14:56:36.0510 5784 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:56:36.0511 5784 iteatapi - ok
14:56:36.0540 5784 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:56:36.0542 5784 iteraid - ok
14:56:36.0645 5784 jswpsapi (957135960e7533ea5c7ea0bfb34f8efd) C:\Program Files\Jumpstart\jswpsapi.exe
14:56:36.0671 5784 jswpsapi - ok
14:56:36.0781 5784 jswpslwf (11ad410f41af42ba12e63187e3ec141a) C:\Windows\system32\DRIVERS\jswpslwf.sys
14:56:36.0784 5784 jswpslwf - ok
14:56:36.0852 5784 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:56:36.0855 5784 kbdclass - ok
14:56:36.0895 5784 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:56:36.0897 5784 kbdhid - ok
14:56:36.0939 5784 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:56:36.0945 5784 KeyIso - ok
14:56:36.0999 5784 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
14:56:37.0007 5784 KR10I - ok
14:56:37.0053 5784 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
14:56:37.0057 5784 KR10N - ok
14:56:37.0102 5784 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:56:37.0115 5784 KSecDD - ok
14:56:37.0168 5784 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
14:56:37.0176 5784 KtmRm - ok
14:56:37.0222 5784 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
14:56:37.0228 5784 LanmanServer - ok
14:56:37.0287 5784 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
14:56:37.0294 5784 LanmanWorkstation - ok
14:56:37.0366 5784 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:56:37.0369 5784 lltdio - ok
14:56:37.0424 5784 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
14:56:37.0430 5784 lltdsvc - ok
14:56:37.0454 5784 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
14:56:37.0456 5784 lmhosts - ok
14:56:37.0498 5784 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:56:37.0500 5784 LSI_FC - ok
14:56:37.0535 5784 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:56:37.0537 5784 LSI_SAS - ok
14:56:37.0560 5784 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:56:37.0562 5784 LSI_SCSI - ok
14:56:37.0588 5784 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:56:37.0590 5784 luafv - ok
14:56:37.0651 5784 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\Windows\system32\drivers\mbamswissarmy.sys
14:56:37.0652 5784 MBAMSwissArmy - ok
14:56:37.0667 5784 MCSTRM - ok
14:56:37.0707 5784 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
14:56:37.0709 5784 Mcx2Svc - ok
14:56:37.0735 5784 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:56:37.0736 5784 megasas - ok
14:56:37.0770 5784 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:56:37.0774 5784 MegaSR - ok
14:56:37.0801 5784 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:56:37.0803 5784 MMCSS - ok
14:56:37.0829 5784 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:56:37.0830 5784 Modem - ok
14:56:37.0857 5784 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:56:37.0858 5784 monitor - ok
14:56:37.0882 5784 MotDev - ok
14:56:37.0909 5784 motmodem - ok
14:56:37.0989 5784 MotoHelper (36ac4deceae4226a5b5dd038c49658e1) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
14:56:37.0993 5784 MotoHelper - ok
14:56:38.0031 5784 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:56:38.0033 5784 mouclass - ok
14:56:38.0054 5784 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:56:38.0056 5784 mouhid - ok
14:56:38.0095 5784 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:56:38.0097 5784 MountMgr - ok
14:56:38.0131 5784 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:56:38.0134 5784 mpio - ok
14:56:38.0162 5784 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:56:38.0164 5784 mpsdrv - ok
14:56:38.0213 5784 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
14:56:38.0219 5784 MpsSvc - ok
14:56:38.0241 5784 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:56:38.0242 5784 Mraid35x - ok
14:56:38.0275 5784 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:56:38.0276 5784 MRxDAV - ok
14:56:38.0305 5784 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:56:38.0306 5784 mrxsmb - ok
14:56:38.0379 5784 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:56:38.0381 5784 mrxsmb10 - ok
14:56:38.0402 5784 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:56:38.0404 5784 mrxsmb20 - ok
14:56:38.0438 5784 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
14:56:38.0439 5784 msahci - ok
14:56:38.0475 5784 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:56:38.0477 5784 msdsm - ok
14:56:38.0525 5784 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
14:56:38.0530 5784 MSDTC - ok
14:56:38.0567 5784 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:56:38.0568 5784 Msfs - ok
14:56:38.0615 5784 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:56:38.0616 5784 msisadrv - ok
14:56:38.0657 5784 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
14:56:38.0661 5784 MSiSCSI - ok
14:56:38.0677 5784 msiserver - ok
14:56:38.0715 5784 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:56:38.0716 5784 MSKSSRV - ok
14:56:38.0760 5784 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:56:38.0761 5784 MSPCLOCK - ok
14:56:38.0795 5784 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:56:38.0796 5784 MSPQM - ok
14:56:38.0843 5784 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:56:38.0846 5784 MsRPC - ok
14:56:38.0882 5784 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:56:38.0884 5784 mssmbios - ok
14:56:38.0902 5784 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:56:38.0903 5784 MSTEE - ok
14:56:38.0936 5784 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:56:38.0938 5784 Mup - ok
14:56:39.0009 5784 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
14:56:39.0012 5784 N360 - ok
14:56:39.0087 5784 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
14:56:39.0095 5784 napagent - ok
14:56:39.0151 5784 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:56:39.0154 5784 NativeWifiP - ok
14:56:39.0261 5784 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111212.034\NAVENG.SYS
14:56:39.0264 5784 NAVENG - ok
14:56:39.0354 5784 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111212.034\NAVEX15.SYS
14:56:39.0387 5784 NAVEX15 - ok
14:56:39.0514 5784 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:56:39.0529 5784 NDIS - ok
14:56:39.0595 5784 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:56:39.0600 5784 NdisTapi - ok
14:56:39.0628 5784 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:56:39.0631 5784 Ndisuio - ok
14:56:39.0691 5784 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:56:39.0696 5784 NdisWan - ok
14:56:39.0728 5784 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:56:39.0732 5784 NDProxy - ok
14:56:39.0765 5784 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:56:39.0769 5784 NetBIOS - ok
14:56:39.0822 5784 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:56:39.0829 5784 netbt - ok
14:56:39.0871 5784 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:56:39.0876 5784 Netlogon - ok
14:56:39.0929 5784 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
14:56:39.0941 5784 Netman - ok
14:56:39.0980 5784 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
14:56:39.0992 5784 netprofm - ok
14:56:40.0048 5784 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:56:40.0053 5784 NetTcpPortSharing - ok
14:56:40.0114 5784 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:56:40.0118 5784 nfrd960 - ok
14:56:40.0174 5784 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
14:56:40.0182 5784 NlaSvc - ok
14:56:40.0234 5784 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:56:40.0236 5784 Npfs - ok
14:56:40.0264 5784 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
14:56:40.0269 5784 nsi - ok
14:56:40.0293 5784 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:56:40.0296 5784 nsiproxy - ok
14:56:40.0397 5784 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:56:40.0413 5784 Ntfs - ok
14:56:40.0450 5784 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:56:40.0453 5784 ntrigdigi - ok
14:56:40.0487 5784 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:56:40.0490 5784 Null - ok
14:56:40.0522 5784 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:56:40.0524 5784 nvraid - ok
14:56:40.0552 5784 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:56:40.0554 5784 nvstor - ok
14:56:40.0588 5784 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:56:40.0590 5784 nv_agp - ok
14:56:40.0607 5784 NwlnkFlt - ok
14:56:40.0630 5784 NwlnkFwd - ok
14:56:40.0752 5784 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:56:40.0759 5784 odserv - ok
14:56:40.0808 5784 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:56:40.0810 5784 ohci1394 - ok
14:56:40.0885 5784 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:56:40.0888 5784 ose - ok
14:56:40.0989 5784 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:56:40.0999 5784 p2pimsvc - ok
14:56:41.0035 5784 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:56:41.0045 5784 p2psvc - ok
14:56:41.0103 5784 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:56:41.0104 5784 Parport - ok
14:56:41.0148 5784 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:56:41.0151 5784 partmgr - ok
14:56:41.0185 5784 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:56:41.0187 5784 Parvdm - ok
14:56:41.0222 5784 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
14:56:41.0229 5784 PcaSvc - ok
14:56:41.0271 5784 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:56:41.0277 5784 pci - ok
14:56:41.0305 5784 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:56:41.0308 5784 pciide - ok
14:56:41.0364 5784 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:56:41.0371 5784 pcmcia - ok
14:56:41.0434 5784 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:56:41.0456 5784 PEAUTH - ok
14:56:41.0553 5784 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\TOSHIBA\IVP\ISM\pinger.exe
14:56:41.0559 5784 pinger - ok
14:56:41.0674 5784 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
14:56:41.0703 5784 pla - ok
14:56:41.0784 5784 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
14:56:41.0798 5784 PlugPlay - ok
14:56:41.0902 5784 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:56:41.0925 5784 PNRPAutoReg - ok
14:56:41.0968 5784 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
14:56:41.0991 5784 PNRPsvc - ok
14:56:42.0057 5784 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
14:56:42.0072 5784 PolicyAgent - ok
14:56:42.0153 5784 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:56:42.0155 5784 PptpMiniport - ok
14:56:42.0183 5784 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
14:56:42.0185 5784 Processor - ok
14:56:42.0211 5784 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
14:56:42.0217 5784 ProfSvc - ok
14:56:42.0250 5784 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:56:42.0253 5784 ProtectedStorage - ok
14:56:42.0299 5784 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:56:42.0301 5784 PSched - ok
14:56:42.0382 5784 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
14:56:42.0384 5784 PxHelp20 - ok
14:56:42.0456 5784 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:56:42.0472 5784 ql2300 - ok
14:56:42.0509 5784 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:56:42.0511 5784 ql40xx - ok
14:56:42.0551 5784 qrkis (3b68696914e467bbe827d2552b5b85ef) C:\Windows\system32\DRIVERS\qrkis.sys
14:56:42.0553 5784 qrkis - ok
14:56:42.0598 5784 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
14:56:42.0605 5784 QWAVE - ok
14:56:42.0634 5784 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:56:42.0635 5784 QWAVEdrv - ok
14:56:42.0666 5784 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:56:42.0667 5784 RasAcd - ok
14:56:42.0693 5784 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
14:56:42.0698 5784 RasAuto - ok
14:56:42.0718 5784 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:56:42.0721 5784 Rasl2tp - ok
14:56:42.0771 5784 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
14:56:42.0779 5784 RasMan - ok
14:56:42.0821 5784 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:56:42.0822 5784 RasPppoe - ok
14:56:42.0858 5784 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:56:42.0861 5784 RasSstp - ok
14:56:42.0889 5784 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:56:42.0894 5784 rdbss - ok
14:56:42.0927 5784 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:56:42.0929 5784 RDPCDD - ok
14:56:42.0984 5784 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:56:42.0993 5784 rdpdr - ok
14:56:43.0030 5784 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:56:43.0032 5784 RDPENCDD - ok
14:56:43.0106 5784 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
14:56:43.0113 5784 RDPWD - ok
14:56:43.0172 5784 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
14:56:43.0179 5784 RemoteAccess - ok
14:56:43.0230 5784 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
14:56:43.0240 5784 RemoteRegistry - ok
14:56:43.0304 5784 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
14:56:43.0305 5784 RimUsb - ok
14:56:43.0391 5784 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
14:56:43.0394 5784 RimVSerPort - ok
14:56:43.0462 5784 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
14:56:43.0464 5784 ROOTMODEM - ok
14:56:43.0535 5784 RoxLiveShare9 - ok
14:56:43.0603 5784 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
14:56:43.0607 5784 RpcLocator - ok
14:56:43.0682 5784 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
14:56:43.0693 5784 RpcSs - ok
14:56:43.0735 5784 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:56:43.0739 5784 rspndr - ok
14:56:43.0794 5784 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
14:56:43.0803 5784 RTL8169 - ok
14:56:43.0859 5784 RTSTOR (4f31cfdebd0a5bc27d45e7ebfefaaf6f) C:\Windows\system32\drivers\RTSTOR.SYS
14:56:43.0863 5784 RTSTOR - ok
14:56:43.0906 5784 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
14:56:43.0909 5784 SamSs - ok
14:56:43.0997 5784 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:56:43.0999 5784 SASDIFSV - ok
14:56:44.0037 5784 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
14:56:44.0042 5784 SASKUTIL - ok
14:56:44.0160 5784 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:56:44.0165 5784 sbp2port - ok
14:56:44.0230 5784 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
14:56:44.0240 5784 SCardSvr - ok
14:56:44.0318 5784 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
14:56:44.0341 5784 Schedule - ok
14:56:44.0394 5784 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
14:56:44.0395 5784 SCPolicySvc - ok
14:56:44.0434 5784 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
14:56:44.0445 5784 SDRSVC - ok
14:56:44.0564 5784 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
14:56:44.0569 5784 SeaPort - ok
14:56:44.0661 5784 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:56:44.0664 5784 secdrv - ok
14:56:44.0716 5784 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
14:56:44.0724 5784 seclogon - ok
14:56:44.0761 5784 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
14:56:44.0770 5784 SENS - ok
14:56:44.0807 5784 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:56:44.0810 5784 Serenum - ok
14:56:44.0847 5784 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:56:44.0851 5784 Serial - ok
14:56:44.0881 5784 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:56:44.0883 5784 sermouse - ok
14:56:44.0947 5784 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
14:56:44.0952 5784 SessionEnv - ok
14:56:44.0982 5784 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:56:44.0984 5784 sffdisk - ok
14:56:45.0012 5784 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:56:45.0014 5784 sffp_mmc - ok
14:56:45.0042 5784 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:56:45.0043 5784 sffp_sd - ok
14:56:45.0079 5784 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:56:45.0080 5784 sfloppy - ok
14:56:45.0128 5784 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
14:56:45.0139 5784 SharedAccess - ok
14:56:45.0183 5784 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
14:56:45.0187 5784 ShellHWDetection - ok
14:56:45.0216 5784 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:56:45.0218 5784 sisagp - ok
14:56:45.0244 5784 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:56:45.0245 5784 SiSRaid2 - ok
14:56:45.0272 5784 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:56:45.0273 5784 SiSRaid4 - ok
14:56:45.0386 5784 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
14:56:45.0412 5784 slsvc - ok
14:56:45.0460 5784 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
14:56:45.0463 5784 SLUINotify - ok
14:56:45.0579 5784 SmartFaceVWatchSrv (3566310df25ea5c3b2e9f50f5b50eac1) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
14:56:45.0581 5784 SmartFaceVWatchSrv - ok
14:56:45.0678 5784 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:56:45.0681 5784 Smb - ok
14:56:45.0776 5784 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
14:56:45.0778 5784 SMSIVZAM5 - ok
14:56:45.0838 5784 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
14:56:45.0843 5784 SNMPTRAP - ok
14:56:45.0902 5784 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:56:45.0903 5784 spldr - ok
14:56:45.0946 5784 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
14:56:45.0957 5784 Spooler - ok
14:56:46.0053 5784 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0502000.00D\SRTSP.SYS
14:56:46.0069 5784 SRTSP - ok
14:56:46.0107 5784 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0502000.00D\SRTSPX.SYS
14:56:46.0110 5784 SRTSPX - ok
14:56:46.0156 5784 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:56:46.0159 5784 srv - ok
14:56:46.0194 5784 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:56:46.0196 5784 srv2 - ok
14:56:46.0217 5784 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:56:46.0220 5784 srvnet - ok
14:56:46.0262 5784 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
14:56:46.0266 5784 SSDPSRV - ok
14:56:46.0310 5784 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
14:56:46.0314 5784 SstpSvc - ok
14:56:46.0382 5784 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
14:56:46.0388 5784 stisvc - ok
14:56:46.0468 5784 SVRPEDRV (3e4239b92139f7174a0da7d53fe5e1ab) C:\Windows\System32\sysprep\PEDrv.sys
14:56:46.0468 5784 SVRPEDRV - ok
14:56:46.0517 5784 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:56:46.0518 5784 swenum - ok
14:56:46.0560 5784 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
14:56:46.0565 5784 swprv - ok
14:56:46.0617 5784 Swupdtmr (e1292c1ed4deb17b8a9b586d22cb2061) c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
14:56:46.0618 5784 Swupdtmr - ok
14:56:46.0664 5784 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:56:46.0665 5784 Symc8xx - ok
14:56:46.0750 5784 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0502000.00D\SYMDS.SYS
14:56:46.0755 5784 SymDS - ok
14:56:46.0819 5784 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0502000.00D\SYMEFA.SYS
14:56:46.0831 5784 SymEFA - ok
14:56:46.0890 5784 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
14:56:46.0893 5784 SymEvent - ok
14:56:46.0920 5784 SYMFW - ok
14:56:46.0994 5784 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0502000.00D\Ironx86.SYS
14:56:46.0997 5784 SymIRON - ok
14:56:47.0020 5784 SYMNDISV - ok
14:56:47.0078 5784 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\N360\0502000.00D\SYMTDIV.SYS
14:56:47.0086 5784 SYMTDIv - ok
14:56:47.0135 5784 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:56:47.0138 5784 Sym_hi - ok
14:56:47.0165 5784 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:56:47.0167 5784 Sym_u3 - ok
14:56:47.0234 5784 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
14:56:47.0238 5784 SynTP - ok
14:56:47.0289 5784 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
14:56:47.0301 5784 SysMain - ok
14:56:47.0362 5784 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
14:56:47.0368 5784 TabletInputService - ok
14:56:47.0421 5784 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
14:56:47.0429 5784 TapiSrv - ok
14:56:47.0469 5784 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
14:56:47.0474 5784 TBS - ok
14:56:47.0556 5784 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:56:47.0569 5784 Tcpip - ok
14:56:47.0628 5784 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:56:47.0641 5784 Tcpip6 - ok
14:56:47.0679 5784 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:56:47.0681 5784 tcpipreg - ok
14:56:47.0725 5784 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:56:47.0726 5784 tdcmdpst - ok
14:56:47.0770 5784 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:56:47.0771 5784 TDPIPE - ok
14:56:47.0796 5784 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:56:47.0798 5784 TDTCP - ok
14:56:47.0843 5784 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:56:47.0846 5784 tdx - ok
14:56:47.0887 5784 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:56:47.0889 5784 TermDD - ok
14:56:47.0942 5784 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
14:56:47.0952 5784 TermService - ok
14:56:48.0061 5784 Tether (5f4aa10a6ea23107d5f31fc7f7ea855c) C:\Program Files\TetherBerry\TBService.exe
14:56:48.0063 5784 Tether - ok
14:56:48.0098 5784 TetherBerry (5f4aa10a6ea23107d5f31fc7f7ea855c) C:\Program Files\TetherBerry\TBService.exe
14:56:48.0100 5784 TetherBerry - ok
14:56:48.0207 5784 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
14:56:48.0222 5784 Themes - ok
14:56:48.0283 5784 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
14:56:48.0289 5784 THREADORDER - ok
14:56:48.0409 5784 TNaviSrv (b146492a882a25a2df1db4668fced6c8) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
14:56:48.0412 5784 TNaviSrv - ok
14:56:48.0510 5784 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
14:56:48.0522 5784 TODDSrv - ok
14:56:48.0651 5784 TosCoSrv (44dbac611b11646683b5b066a049b8e4) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:56:48.0665 5784 TosCoSrv - ok
14:56:48.0700 5784 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
14:56:48.0705 5784 TOSHIBA SMART Log Service - ok
14:56:48.0812 5784 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
14:56:48.0822 5784 tos_sps32 - ok
14:56:48.0889 5784 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
14:56:48.0899 5784 TrkWks - ok
14:56:48.0937 5784 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
14:56:48.0941 5784 TrustedInstaller - ok
14:56:48.0994 5784 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:56:48.0997 5784 tssecsrv - ok
14:56:49.0029 5784 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:56:49.0032 5784 tunmp - ok
14:56:49.0081 5784 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:56:49.0084 5784 tunnel - ok
14:56:49.0125 5784 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:56:49.0127 5784 TVALZ - ok
14:56:49.0157 5784 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:56:49.0159 5784 uagp35 - ok
14:56:49.0220 5784 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:56:49.0223 5784 udfs - ok
14:56:49.0277 5784 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
14:56:49.0286 5784 UI0Detect - ok
14:56:49.0349 5784 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:56:49.0353 5784 uliagpkx - ok
14:56:49.0393 5784 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:56:49.0402 5784 uliahci - ok
14:56:49.0441 5784 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:56:49.0444 5784 UlSata - ok
14:56:49.0471 5784 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:56:49.0473 5784 ulsata2 - ok
14:56:49.0504 5784 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:56:49.0505 5784 umbus - ok
14:56:49.0559 5784 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
14:56:49.0567 5784 upnphost - ok
14:56:49.0610 5784 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\Windows\system32\DRIVERS\lgusbbus.sys
14:56:49.0611 5784 usbbus - ok
14:56:49.0636 5784 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:56:49.0639 5784 usbccgp - ok
14:56:49.0670 5784 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:56:49.0672 5784 usbcir - ok
14:56:49.0720 5784 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\Windows\system32\DRIVERS\lgusbdiag.sys
14:56:49.0721 5784 UsbDiag - ok
14:56:49.0774 5784 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:56:49.0776 5784 usbehci - ok
14:56:49.0811 5784 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:56:49.0818 5784 usbhub - ok
14:56:49.0869 5784 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\Windows\system32\DRIVERS\lgusbmodem.sys
14:56:49.0872 5784 USBModem - ok
14:56:49.0907 5784 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:56:49.0909 5784 usbohci - ok
14:56:49.0948 5784 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:56:49.0951 5784 usbprint - ok
14:56:50.0012 5784 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:56:50.0015 5784 usbscan - ok
14:56:50.0057 5784 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:56:50.0061 5784 USBSTOR - ok
14:56:50.0111 5784 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:56:50.0112 5784 usbuhci - ok
14:56:50.0154 5784 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:56:50.0156 5784 usbvideo - ok
14:56:50.0203 5784 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\Windows\system32\Drivers\UVCFTR_S.SYS
14:56:50.0205 5784 UVCFTR - ok
14:56:50.0252 5784 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
14:56:50.0255 5784 UxSms - ok
14:56:50.0311 5784 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
14:56:50.0316 5784 vds - ok
14:56:50.0393 5784 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:56:50.0396 5784 vga - ok
14:56:50.0455 5784 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:56:50.0458 5784 VgaSave - ok
14:56:50.0500 5784 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:56:50.0504 5784 viaagp - ok
14:56:50.0533 5784 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:56:50.0534 5784 ViaC7 - ok
14:56:50.0565 5784 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:56:50.0568 5784 viaide - ok
14:56:50.0605 5784 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:56:50.0609 5784 volmgr - ok
14:56:50.0662 5784 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:56:50.0672 5784 volmgrx - ok
14:56:50.0724 5784 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:56:50.0731 5784 volsnap - ok
14:56:50.0766 5784 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:56:50.0772 5784 vsmraid - ok
14:56:50.0846 5784 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
14:56:50.0862 5784 VSS - ok
14:56:50.0902 5784 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
14:56:50.0919 5784 W32Time - ok
14:56:50.0960 5784 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:56:50.0962 5784 WacomPen - ok
14:56:50.0990 5784 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:56:50.0993 5784 Wanarp - ok
14:56:51.0001 5784 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:56:51.0004 5784 Wanarpv6 - ok
14:56:51.0038 5784 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
14:56:51.0049 5784 wcncsvc - ok
14:56:51.0081 5784 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
14:56:51.0086 5784 WcsPlugInService - ok
14:56:51.0114 5784 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:56:51.0116 5784 Wd - ok
14:56:51.0169 5784 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
14:56:51.0170 5784 WDC_SAM - ok
14:56:51.0217 5784 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:56:51.0225 5784 Wdf01000 - ok
14:56:51.0267 5784 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:56:51.0273 5784 WdiServiceHost - ok
14:56:51.0282 5784 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
14:56:51.0287 5784 WdiSystemHost - ok
14:56:51.0359 5784 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
14:56:51.0366 5784 WebClient - ok
14:56:51.0413 5784 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
14:56:51.0425 5784 Wecsvc - ok
14:56:51.0462 5784 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
14:56:51.0467 5784 wercplsupport - ok
14:56:51.0519 5784 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
14:56:51.0525 5784 WerSvc - ok
14:56:51.0604 5784 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
14:56:51.0608 5784 WinDefend - ok
14:56:51.0621 5784 WinHttpAutoProxySvc - ok
14:56:51.0696 5784 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
14:56:51.0700 5784 Winmgmt - ok
14:56:51.0782 5784 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
14:56:51.0805 5784 WinRM - ok
14:56:51.0960 5784 WinUSB (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\WinUSB.sys
14:56:51.0961 5784 WinUSB - ok
14:56:52.0043 5784 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
14:56:52.0051 5784 Wlansvc - ok
14:56:52.0180 5784 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:56:52.0192 5784 wlidsvc - ok
14:56:52.0279 5784 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
14:56:52.0280 5784 WmiAcpi - ok
14:56:52.0397 5784 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
14:56:52.0400 5784 wmiApSrv - ok
14:56:52.0497 5784 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:56:52.0509 5784 WMPNetworkSvc - ok
14:56:52.0568 5784 WMZuneComm (a3ba4712ebf768edfbccec09fa120b6f) c:\Program Files\Zune\WMZuneComm.exe
14:56:52.0573 5784 WMZuneComm - ok
14:56:52.0664 5784 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
14:56:52.0679 5784 WPCSvc - ok
14:56:52.0733 5784 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
14:56:52.0744 5784 WPDBusEnum - ok
14:56:52.0821 5784 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:56:52.0825 5784 WpdUsb - ok
14:56:52.0961 5784 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:56:52.0974 5784 WPFFontCache_v0400 - ok
14:56:53.0045 5784 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:56:53.0047 5784 ws2ifsl - ok
14:56:53.0093 5784 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
14:56:53.0099 5784 wscsvc - ok
14:56:53.0117 5784 WSearch - ok
14:56:53.0221 5784 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
14:56:53.0251 5784 wuauserv - ok
14:56:53.0293 5784 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
14:56:53.0295 5784 WudfPf - ok
14:56:53.0369 5784 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:56:53.0372 5784 WUDFRd - ok
14:56:53.0404 5784 wudfsvc (2c0206ff8d2c75ac027d1096fa2fafda) C:\Windows\System32\WUDFSvc.dll
14:56:53.0410 5784 wudfsvc - ok
14:56:53.0681 5784 ZuneNetworkSvc (5bdcacd5b2b0fb972bc570e70f616acf) c:\Program Files\Zune\ZuneNss.exe
14:56:53.0763 5784 ZuneNetworkSvc - ok
14:56:53.0869 5784 ZuneWlanCfgSvc (e22e48654a66aa3e24f4646c6bc1756c) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
14:56:53.0874 5784 ZuneWlanCfgSvc - ok
14:56:53.0917 5784 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:56:53.0982 5784 \Device\Harddisk0\DR0 - ok
14:56:53.0989 5784 Boot (0x1200) (ff3ef40340589dcc10b9db07941e7fb3) \Device\Harddisk0\DR0\Partition0
14:56:53.0992 5784 \Device\Harddisk0\DR0\Partition0 - ok
14:56:53.0996 5784 ============================================================
14:56:53.0996 5784 Scan finished
14:56:53.0996 5784 ============================================================
14:56:54.0013 4036 Detected object count: 0
14:56:54.0013 4036 Actual detected object count: 0
14:57:51.0963 5616 Deinitialize success


And here is the aswMBR file results:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-24 14:59:25
-----------------------------
14:59:25.193 OS Version: Windows 6.0.6002 Service Pack 2
14:59:25.193 Number of processors: 2 586 0x301
14:59:25.196 ComputerName: TODD-PC UserName: Todd
14:59:38.835 Initialize success
15:00:21.378 AVAST engine defs: 12032400
15:01:16.157 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:01:16.167 Disk 0 Vendor: WDC_WD2500BEVS-26VAT0 11.01A11 Size: 238475MB BusType: 3
15:01:16.196 Disk 0 MBR read successfully
15:01:16.208 Disk 0 MBR scan
15:01:16.228 Disk 0 Windows VISTA default MBR code
15:01:16.242 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:01:16.270 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 230934 MB offset 3074048
15:01:16.316 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 6040 MB offset 476026880
15:01:16.344 Disk 0 scanning sectors +488396800
15:01:16.435 Disk 0 scanning C:\Windows\system32\drivers
15:01:28.152 Service scanning
15:01:58.786 Modules scanning
15:02:05.928 Disk 0 trace - called modules:
15:02:06.007 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS
15:02:06.023 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x856ad030]
15:02:06.045 3 CLASSPNP.SYS[89f198b3] -> nt!IofCallDriver -> [0x85683918]
15:02:06.068 5 acpi.sys[8060c6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8565eb98]
15:02:08.449 AVAST engine scan C:\Windows
15:02:15.406 AVAST engine scan C:\Windows\system32
15:06:41.636 AVAST engine scan C:\Windows\system32\drivers
15:07:02.000 AVAST engine scan C:\Users\Todd
15:11:26.201 AVAST engine scan C:\ProgramData
15:16:09.924 Scan finished successfully
15:16:24.069 Disk 0 MBR has been saved successfully to "C:\Users\Todd\Desktop\MBR.dat"
15:16:24.076 The log file has been saved successfully to "C:\Users\Todd\Desktop\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 24 March 2012 - 02:23 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 24 March 2012 - 02:27 PM

Hmm that CF Script is not a link?

#14 sh4rkbyt3

sh4rkbyt3
  • Topic Starter

  • Members
  • 398 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:47 AM

Posted 24 March 2012 - 03:00 PM

Ok assuming that the :Run CFScript: was not a link i went ahead and created the notepad entry and put it into the combofix program and re-ran it as you said. Here is the new ComboFix logfile:


ComboFix 12-03-22.01 - Todd 03/24/2012 15:42:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1629 [GMT -4:00]
Running from: c:\users\Todd\Desktop\ComboFix.exe
Command switches used :: c:\users\Todd\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2012-03-24 19:51 . 2012-03-24 19:52 -------- d-----w- c:\users\Todd\AppData\Local\temp
2012-03-24 19:51 . 2012-03-24 19:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 18:46 . 2012-03-19 18:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-19 04:37 . 2012-03-01 18:34 6552120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{8B019C62-3A73-4D7C-9C9B-9318410F7A3E}\mpengine.dll ERROR(0x00000005)
2012-03-19 01:13 . 2012-03-19 01:13 -------- d-----w- c:\users\Todd\AppData\Roaming\SUPERAntiSpyware.com
2012-03-19 00:35 . 2012-03-19 00:35 388096 ----a-r- c:\users\Todd\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-19 00:35 . 2012-03-19 00:35 -------- d-----w- c:\program files\Trend Micro
2012-03-19 00:28 . 2012-03-19 18:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-18 23:32 . 2012-03-18 23:32 -------- d-----w- c:\program files\VS Revo Group
2012-03-18 21:18 . 2012-03-18 21:18 -------- d-----w- c:\program files\CCleaner
2012-03-17 04:12 . 2012-03-18 21:22 -------- d-----w- c:\program files\Defraggler
2012-03-17 03:46 . 2012-03-17 03:46 -------- d-----w- c:\users\Todd\AppData\Roaming\Malwarebytes
2012-03-17 03:46 . 2012-03-18 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-17 03:46 . 2011-12-10 19:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 02:55 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-15 02:55 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-15 02:55 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-15 02:55 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-15 02:55 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-15 02:55 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-15 02:55 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-15 02:55 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-15 02:55 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-19 04:22 . 2010-04-19 21:21 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 13:18 . 2010-05-25 14:44 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-17 4615552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"dcmsvc"="c:\program files\dcmsvc\dcmsvc.exe" [2009-04-07 30440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Warner Bros.lnk - c:\program files\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2009-12-9 95744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Todd^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Warner Bros.lnk]
path=c:\users\Todd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk
backup=c:\windows\pss\Warner Bros.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 21:35 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-30 04:46 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 06:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2010-05-10 19:12 439568 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 05:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 14:40 1348904 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-11-11 17:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 22065448
*NewlyCreated* - 42533932
*NewlyCreated* - ASWMBR
*Deregistered* - 22065448
*Deregistered* - 42533932
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 04:16]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-07 04:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0F4BB8A1-D730-44E1-A157-41C6455E84A4}: NameServer = 208.67.222.222,208.67.220.220
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-24 15:52
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4508)
c:\windows\system32\ACTXPRXY.DLL
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\mssprxy.dll
.
Completion time: 2012-03-24 15:54:37
ComboFix-quarantined-files.txt 2012-03-24 19:54
ComboFix2.txt 2012-03-24 15:07
.
Pre-Run: 135,405,637,632 bytes free
Post-Run: 135,505,612,800 bytes free
.
- - End Of File - - 72C223DAF67DE200058BD0E4CC18F893

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:47 AM

Posted 24 March 2012 - 06:24 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.5
Bing Bar
Bing Rewards Client Installer
Java™ 6 Update 6
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users