Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I've been told I need advanced tools to remove trojans


  • This topic is locked This topic is locked
24 replies to this topic

#1 frank1927

frank1927

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 10 June 2012 - 01:12 PM

Previously posted in the "Am I infected?" forum
As per narexp I am posing in this forum & attaching necessary files


I must have been somewhere I shouldn't have been. I picked up a few trojans/malware
Adobe flash player installer 11.3 keeps popping up. If I accept, a ping.exe*32 appears in task manager. If I ignore, then the installer keeps popping up
I ran malwarebytes & it showed trojandropper.bcminer. It reappears after removal & reboot
I ran sophos virus removal & it showed troj/sirefef-ap. It too reappears after removal & reboot
I ran eset & found the following

C:\$RECYCLE.BIN\S-1-5-21-3754737950-2128793594-2955686338-1000\$RDSCHBE.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3754737950-2128793594-2955686338-1000\$RFPP3L7.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-3754737950-2128793594-2955686338-1000\$RLXGX8R.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.EZ trojan

Attached Files

  • Attached File  DDS.zip   5.74KB   3 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 11 June 2012 - 12:03 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 11 June 2012 - 04:30 PM

Hi gringo,
Thanks for helping
I think I became infected on June 9, 2012
In addition to the Adobe installer popping up every 2-5 minutes, there are the occasional random web page pop-ups & redirects
Step one complete
here is the frst file

Scan result of Farbar Recovery Scan Tool Version: 11-06-2012 03
Ran by SYSTEM at 11-06-2012 17:16:42
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM-x32\...\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe [285072 2012-03-01] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start [81920 2004-08-09] (InstallShield Software Corporation)
HKLM-x32\...\Run: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe [53248 2005-10-27] (Fellowes, Inc.)
HKU\Frank\...\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [108136 2012-03-20] (Siber Systems)
HKU\Frank\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Frank\...\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup [221184 2004-08-09] (InstallShield Software Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()

==================== Services (Whitelisted) ======

3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [86072 2011-09-09] (Hewlett-Packard Company)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /i CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [407 2012-05-20] ()
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-05-30] (Skype Technologies S.A.)
2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [1244224 2010-10-13] (Broadcom Corporation)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [1157240 2011-11-30] (Symantec Corporation)
3 camdrv42; C:\Windows\System32\Drivers\camdrv42.sys [1533952 2007-04-23] ()
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120224.002\IDSvia64.sys [488568 2011-12-15] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.018\ENG64.SYS [117880 2011-12-26] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.018\EX64.SYS [2048632 2011-12-26] (Symantec Corporation)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2010-02-03] (CACE Technologies, Inc.)
3 Ser2pl; C:\Windows\System32\DRIVERS\ser2pl64.sys [97280 2010-03-12] (Prolific Technology Inc.)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207010.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207010.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1207010.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1207010.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-26] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207010.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-11 17:16 - 2012-06-11 17:16 - 00000000 ____D C:\FRST
2012-06-11 12:20 - 2012-06-11 12:20 - 01402035 ____A C:\Users\Frank\Downloads\FRST64.exe
2012-06-10 10:00 - 2012-06-10 10:00 - 00302592 ____A C:\Users\Frank\Downloads\hx099mdk.exe
2012-06-10 09:59 - 2012-06-10 09:59 - 00005876 ____A C:\Users\Frank\Desktop\DDS.zip
2012-06-10 09:56 - 2012-06-10 09:56 - 00020416 ____A C:\Users\Frank\Desktop\DDS.txt
2012-06-10 09:54 - 2012-06-10 09:54 - 00607260 ____R (Swearware) C:\Users\Frank\Downloads\dds.scr
2012-06-10 09:13 - 2012-06-10 09:15 - 00004504 ____A C:\Users\Frank\Documents\aswMBR6.10.2012.txt
2012-06-10 09:13 - 2012-06-10 09:15 - 00000512 ____A C:\Users\Frank\Documents\MBR.dat
2012-06-10 08:57 - 2012-06-10 08:57 - 04731392 ____A (AVAST Software) C:\Users\Frank\Downloads\aswMBR.exe
2012-06-10 08:57 - 2012-06-10 08:57 - 00397451 ____A C:\Users\Frank\Downloads\MiniToolBox.exe
2012-06-10 08:56 - 2012-06-10 09:56 - 00130496 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_12.56.37_log.txt
2012-06-10 08:56 - 2012-06-10 08:56 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Frank\Downloads\tdsskiller.exe
2012-06-09 15:42 - 2012-06-09 15:45 - 00129110 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_19.42.55_log.txt
2012-06-09 15:42 - 2012-06-09 15:42 - 00000000 ____D C:\Users\Frank\Documents\tdsskiller
2012-06-09 15:36 - 2012-06-09 15:36 - 00003205 ____A C:\Users\Frank\Desktop\Sophos Virus Removal Tool.lnk
2012-06-09 15:36 - 2012-06-09 15:36 - 00000000 ____D C:\Users\All Users\Sophos
2012-06-09 15:36 - 2012-06-09 15:36 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-06-09 15:34 - 2012-06-09 15:35 - 84220328 ____A (Sophos Limited) C:\Users\Frank\Downloads\Sophos Virus Removal Tool.exe
2012-06-09 15:26 - 2012-06-09 15:27 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 15:25 - 2012-06-09 15:25 - 04539885 ____R (Swearware) C:\Users\Frank\Downloads\ComboFix.exe
2012-06-09 15:16 - 2012-06-09 15:16 - 02322184 ____A (ESET) C:\Users\Frank\Downloads\esetsmartinstaller_enu(1).exe
2012-06-09 13:53 - 2012-06-09 13:53 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Tific
2012-06-09 13:53 - 2012-06-09 13:53 - 00000000 ____D C:\Users\Frank\AppData\Local\Symantec
2012-06-09 13:14 - 2012-06-09 13:14 - 02322184 ____A (ESET) C:\Users\Frank\Downloads\esetsmartinstaller_enu.exe
2012-06-09 12:56 - 2012-06-09 12:56 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-09 12:51 - 2012-06-09 12:51 - 00000000 ____D C:\Users\All Users\Fellowes
2012-06-09 12:51 - 2012-06-09 12:51 - 00000000 ____D C:\Program Files (x86)\Fellowes
2012-06-09 12:37 - 2012-06-09 12:37 - 28749614 ____A (Fellowes ) C:\Users\Frank\Downloads\mediaface5037.exe
2012-06-09 12:37 - 2012-06-09 12:37 - 00000000 ____D C:\Windows\Downloaded Installations
2012-06-09 12:19 - 2012-06-09 12:19 - 00020575 ____A C:\Users\Frank\Documents\sherlock.jpg
2012-06-09 12:18 - 2012-06-09 12:18 - 00000000 ____D C:\Users\All Users\InstallShield
2012-06-09 12:15 - 2012-06-09 13:17 - 00000000 ____D C:\Users\All Users\blekko toolbars
2012-06-09 12:15 - 2012-06-09 12:16 - 41646140 ____A C:\Users\Frank\Downloads\exPressitSE3.1setup_Java1.6.zip
2012-06-09 12:15 - 2012-06-09 12:15 - 00000000 ____D C:\Users\Frank\AppData\Local\blekkotb_031
2012-06-09 12:15 - 2012-06-09 12:15 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-06-09 12:11 - 2012-06-09 12:11 - 00000000 ____D C:\Users\Frank\AppData\Local\{62FF71CB-4E10-4760-A29C-C4DB48601034}
2012-06-09 12:10 - 2012-06-09 12:11 - 00000000 ____D C:\Users\Frank\AppData\Local\{262F5B15-67A8-4EA8-958B-E6EDEAC16E6A}
2012-06-04 16:47 - 2012-06-04 16:47 - 00021653 ____A C:\Users\Frank\Documents\dadams2.jpg
2012-06-02 14:44 - 2012-06-02 14:44 - 00000000 ____D C:\Users\Frank\AppData\Roaming\WildTangent
2012-05-28 14:25 - 2012-05-28 14:25 - 01609070 ____A C:\Users\Frank\Downloads\photo11.jpg
2012-05-28 14:13 - 2012-05-28 14:13 - 02945923 ____A C:\Users\Frank\Downloads\photo1.jpg
2012-05-27 13:30 - 2012-05-27 13:30 - 02515813 ____A C:\Users\Frank\Downloads\photo(2).JPG
2012-05-27 13:29 - 2012-05-27 13:29 - 02975488 ____A C:\Users\Frank\Downloads\photo(1).JPG
2012-05-27 13:29 - 2012-05-27 13:29 - 02801089 ____A C:\Users\Frank\Downloads\photo.JPG
2012-05-24 16:23 - 2012-05-24 16:23 - 00001283 ____A C:\Users\Frank\Desktop\MyPublisher.lnk
2012-05-24 16:23 - 2012-05-24 16:23 - 00000000 ____D C:\Users\Frank\AppData\Roaming\MyPublisher
2012-05-24 16:23 - 2012-05-24 16:23 - 00000000 ____D C:\Program Files (x86)\MyPublisher
2012-05-13 08:47 - 2012-05-13 08:49 - 21908348 ____A C:\Users\Frank\Documents\Video2.mpg
2012-05-12 11:08 - 2012-05-13 08:48 - 00215488 ____A C:\Users\Frank\Documents\Image3.jpg
2012-05-12 11:08 - 2012-05-12 11:08 - 00038690 ____A C:\Users\Frank\Documents\Image2.jpg
2012-05-12 11:07 - 2012-05-12 11:07 - 00046193 ____A C:\Users\Frank\Documents\Image1.jpg

============ 3 Months Modified Files and Folders =============

2012-06-11 17:16 - 2012-06-11 17:16 - 00000000 ____D C:\FRST
2012-06-11 13:07 - 2011-12-26 12:59 - 01263682 ____A C:\Windows\WindowsUpdate.log
2012-06-11 13:07 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-11 13:07 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-11 13:04 - 2012-05-09 14:19 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Skype
2012-06-11 13:04 - 2012-04-20 13:07 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-11 13:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-11 13:03 - 2011-10-03 17:21 - 00000000 ____D C:\Users\All Users\PDFC
2012-06-11 13:03 - 2009-07-13 21:08 - 00017356 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 13:03 - 2009-07-13 20:51 - 00041011 ____A C:\Windows\setupact.log
2012-06-11 12:21 - 2009-07-13 21:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-11 12:20 - 2012-06-11 12:20 - 01402035 ____A C:\Users\Frank\Downloads\FRST64.exe
2012-06-11 12:13 - 2011-12-29 13:58 - 00002763 ____A C:\Users\Frank\Documents\passwords.txt
2012-06-11 12:12 - 2012-04-20 13:07 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-10 10:00 - 2012-06-10 10:00 - 00302592 ____A C:\Users\Frank\Downloads\hx099mdk.exe
2012-06-10 09:59 - 2012-06-10 09:59 - 00005876 ____A C:\Users\Frank\Desktop\DDS.zip
2012-06-10 09:56 - 2012-06-10 09:56 - 00020416 ____A C:\Users\Frank\Desktop\DDS.txt
2012-06-10 09:56 - 2012-06-10 08:56 - 00130496 ____A C:\TDSSKiller.2.7.36.0_10.06.2012_12.56.37_log.txt
2012-06-10 09:54 - 2012-06-10 09:54 - 00607260 ____R (Swearware) C:\Users\Frank\Downloads\dds.scr
2012-06-10 09:18 - 2011-12-26 13:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-06-10 09:15 - 2012-06-10 09:13 - 00004504 ____A C:\Users\Frank\Documents\aswMBR6.10.2012.txt
2012-06-10 09:15 - 2012-06-10 09:13 - 00000512 ____A C:\Users\Frank\Documents\MBR.dat
2012-06-10 08:57 - 2012-06-10 08:57 - 04731392 ____A (AVAST Software) C:\Users\Frank\Downloads\aswMBR.exe
2012-06-10 08:57 - 2012-06-10 08:57 - 00397451 ____A C:\Users\Frank\Downloads\MiniToolBox.exe
2012-06-10 08:56 - 2012-06-10 08:56 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Frank\Downloads\tdsskiller.exe
2012-06-10 06:52 - 2012-05-09 14:19 - 00000000 ____D C:\Users\All Users\Skype
2012-06-10 06:49 - 2010-11-20 19:47 - 00057782 ____A C:\Windows\PFRO.log
2012-06-10 05:12 - 2011-12-26 13:00 - 00000000 ____D C:\Users\Frank\AppData\LocalLow
2012-06-09 15:45 - 2012-06-09 15:42 - 00129110 ____A C:\TDSSKiller.2.7.36.0_09.06.2012_19.42.55_log.txt
2012-06-09 15:42 - 2012-06-09 15:42 - 00000000 ____D C:\Users\Frank\Documents\tdsskiller
2012-06-09 15:36 - 2012-06-09 15:36 - 00003205 ____A C:\Users\Frank\Desktop\Sophos Virus Removal Tool.lnk
2012-06-09 15:36 - 2012-06-09 15:36 - 00000000 ____D C:\Users\All Users\Sophos
2012-06-09 15:36 - 2012-06-09 15:36 - 00000000 ____D C:\Program Files (x86)\Sophos
2012-06-09 15:35 - 2012-06-09 15:34 - 84220328 ____A (Sophos Limited) C:\Users\Frank\Downloads\Sophos Virus Removal Tool.exe
2012-06-09 15:27 - 2012-06-09 15:26 - 00000000 ___SD C:\32788R22FWJFW
2012-06-09 15:25 - 2012-06-09 15:25 - 04539885 ____R (Swearware) C:\Users\Frank\Downloads\ComboFix.exe
2012-06-09 15:16 - 2012-06-09 15:16 - 02322184 ____A (ESET) C:\Users\Frank\Downloads\esetsmartinstaller_enu(1).exe
2012-06-09 13:53 - 2012-06-09 13:53 - 00000000 ____D C:\Users\Frank\AppData\Roaming\Tific
2012-06-09 13:53 - 2012-06-09 13:53 - 00000000 ____D C:\Users\Frank\AppData\Local\Symantec
2012-06-09 13:53 - 2009-07-13 20:45 - 00411312 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-09 13:23 - 2011-12-26 13:13 - 00108480 ____A C:\Users\Frank\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-09 13:17 - 2012-06-09 12:15 - 00000000 ____D C:\Users\All Users\blekko toolbars
2012-06-09 13:14 - 2012-06-09 13:14 - 02322184 ____A (ESET) C:\Users\Frank\Downloads\esetsmartinstaller_enu.exe
2012-06-09 12:56 - 2012-06-09 12:56 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-09 12:52 - 2011-10-03 17:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-06-09 12:51 - 2012-06-09 12:51 - 00000000 ____D C:\Users\All Users\Fellowes
2012-06-09 12:51 - 2012-06-09 12:51 - 00000000 ____D C:\Program Files (x86)\Fellowes
2012-06-09 12:45 - 2012-04-10 16:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-09 12:45 - 2011-12-26 14:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-09 12:37 - 2012-06-09 12:37 - 28749614 ____A (Fellowes ) C:\Users\Frank\Downloads\mediaface5037.exe
2012-06-09 12:37 - 2012-06-09 12:37 - 00000000 ____D C:\Windows\Downloaded Installations
2012-06-09 12:25 - 2012-03-03 16:29 - 00095744 __ASH C:\Users\Frank\Documents\Thumbs.db
2012-06-09 12:19 - 2012-06-09 12:19 - 00020575 ____A C:\Users\Frank\Documents\sherlock.jpg
2012-06-09 12:18 - 2012-06-09 12:18 - 00000000 ____D C:\Users\All Users\InstallShield
2012-06-09 12:18 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-06-09 12:16 - 2012-06-09 12:15 - 41646140 ____A C:\Users\Frank\Downloads\exPressitSE3.1setup_Java1.6.zip
2012-06-09 12:15 - 2012-06-09 12:15 - 00000000 ____D C:\Users\Frank\AppData\Local\blekkotb_031
2012-06-09 12:15 - 2012-06-09 12:15 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-06-09 12:11 - 2012-06-09 12:11 - 00000000 ____D C:\Users\Frank\AppData\Local\{62FF71CB-4E10-4760-A29C-C4DB48601034}
2012-06-09 12:11 - 2012-06-09 12:10 - 00000000 ____D C:\Users\Frank\AppData\Local\{262F5B15-67A8-4EA8-958B-E6EDEAC16E6A}
2012-06-09 07:28 - 2012-01-23 13:25 - 00000000 ____D C:\Users\Frank\AppData\Roaming\vlc
2012-06-09 06:23 - 2012-01-05 16:31 - 00000000 ____D C:\Users\Frank\AppData\Local\CrashDumps
2012-06-07 11:38 - 2012-01-05 17:33 - 00000000 ____D C:\Windows\Minidump
2012-06-07 11:38 - 2011-12-27 20:51 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForFrank.job
2012-06-07 11:38 - 2011-10-03 17:51 - 00285510 ____N C:\Windows\Minidump\060712-30903-01.dmp
2012-06-05 12:47 - 2011-12-27 18:30 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-06-05 12:47 - 2011-12-26 13:00 - 00000000 ____D C:\users\Frank
2012-06-05 12:46 - 2012-01-17 10:09 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-05 12:46 - 2011-12-27 18:29 - 00000000 ____D C:\Users\Frank\AppData\Roaming\HP Support Assistant
2012-06-05 12:46 - 2011-12-27 13:36 - 00000000 ____D C:\Users\Frank\AppData\Roaming\HpUpdate
2012-06-04 16:47 - 2012-06-04 16:47 - 00021653 ____A C:\Users\Frank\Documents\dadams2.jpg
2012-06-04 12:47 - 2011-10-03 17:51 - 00285126 ____N C:\Windows\Minidump\060412-24757-01.dmp
2012-06-03 15:30 - 2011-12-27 16:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-03 06:35 - 2012-02-05 06:34 - 00140800 __ASH C:\Users\Frank\Downloads\Thumbs.db
2012-06-02 14:44 - 2012-06-02 14:44 - 00000000 ____D C:\Users\Frank\AppData\Roaming\WildTangent
2012-06-02 14:44 - 2012-04-09 17:14 - 00002458 ____N C:\Users\Public\Desktop\WildTangent Games App - hp.lnk
2012-06-02 14:44 - 2011-10-03 17:15 - 00000000 ____D C:\Users\All Users\WildTangent
2012-05-30 23:17 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-28 14:25 - 2012-05-28 14:25 - 01609070 ____A C:\Users\Frank\Downloads\photo11.jpg
2012-05-28 14:13 - 2012-05-28 14:13 - 02945923 ____A C:\Users\Frank\Downloads\photo1.jpg
2012-05-27 13:30 - 2012-05-27 13:30 - 02515813 ____A C:\Users\Frank\Downloads\photo(2).JPG
2012-05-27 13:29 - 2012-05-27 13:29 - 02975488 ____A C:\Users\Frank\Downloads\photo(1).JPG
2012-05-27 13:29 - 2012-05-27 13:29 - 02801089 ____A C:\Users\Frank\Downloads\photo.JPG
2012-05-24 16:23 - 2012-05-24 16:23 - 00001283 ____A C:\Users\Frank\Desktop\MyPublisher.lnk
2012-05-24 16:23 - 2012-05-24 16:23 - 00000000 ____D C:\Users\Frank\AppData\Roaming\MyPublisher
2012-05-24 16:23 - 2012-05-24 16:23 - 00000000 ____D C:\Program Files (x86)\MyPublisher
2012-05-19 16:27 - 2011-12-26 14:40 - 00000000 ____D C:\Users\Frank\AppData\Local\Downloaded Installations
2012-05-17 16:57 - 2012-03-04 15:19 - 00041472 __ASH C:\Users\Frank\Thumbs.db
2012-05-13 08:49 - 2012-05-13 08:47 - 21908348 ____A C:\Users\Frank\Documents\Video2.mpg
2012-05-13 08:48 - 2012-05-12 11:08 - 00215488 ____A C:\Users\Frank\Documents\Image3.jpg
2012-05-13 08:48 - 2012-05-09 15:10 - 00000000 ___RD C:\Users\Frank\Documents\Scanned Documents
2012-05-12 11:08 - 2012-05-12 11:08 - 00038690 ____A C:\Users\Frank\Documents\Image2.jpg
2012-05-12 11:07 - 2012-05-12 11:07 - 00046193 ____A C:\Users\Frank\Documents\Image1.jpg
2012-05-12 11:07 - 2012-05-09 16:42 - 00000000 ____D C:\Users\Frank\Documents\VLounge Album
2012-05-11 23:28 - 2012-05-09 14:19 - 00000000 ____D C:\Users\All Users\boost_interprocess
2012-05-11 23:27 - 2011-10-03 17:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 23:10 - 2012-01-07 04:43 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 23:09 - 2012-02-21 13:54 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-11 23:00 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-10 15:06 - 2012-05-10 15:04 - 03920588 ____A C:\Users\Frank\Documents\Video1.mpg
2012-05-09 16:42 - 2012-05-09 16:42 - 00000000 ____D C:\Users\Frank\AppData\Roaming\ArcSoft
2012-05-09 16:41 - 2012-05-09 16:41 - 00001918 ____A C:\Users\Public\Desktop\VLounge.lnk
2012-05-09 16:41 - 2012-05-09 16:41 - 00000000 ____D C:\Program Files (x86)\Philips_VLounge
2012-05-09 16:41 - 2012-05-09 16:41 - 00000000 ____D C:\Program Files (x86)\Philips
2012-05-09 15:10 - 2012-05-09 15:10 - 00000000 ____D C:\Users\Frank\Documents\Fax
2012-05-09 14:19 - 2012-05-09 14:19 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-05-09 14:19 - 2012-05-09 14:19 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-05-07 14:53 - 2012-05-07 14:52 - 00528846 ____A C:\Users\Frank\DSCN0418.jpg
2012-05-06 07:09 - 2012-05-06 07:09 - 01993545 ____A C:\Users\Frank\DSCN0414.jpg
2012-05-04 15:14 - 2012-04-10 16:14 - 08744608 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 01:40 - 2012-05-04 01:40 - 00000000 ____D C:\Users\All Users\Mozilla
2012-05-04 01:40 - 2012-05-04 01:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-03 12:00 - 2012-05-03 12:03 - 00686467 ___RA C:\Users\Frank\Documents\Memorandum of Understanding_05032012.pdf
2012-05-03 11:52 - 2012-05-03 12:00 - 00286084 ____A C:\Users\Frank\Documents\memo of understanding.pdf
2012-05-03 11:52 - 2012-05-03 11:52 - 00286084 ____A C:\Users\Frank\Downloads\50778.pdf
2012-05-01 12:20 - 2011-12-26 13:01 - 00000000 ____D C:\Users\Frank\AppData\Local\Hewlett-Packard
2012-04-25 17:27 - 2012-04-25 17:27 - 00020522 ____A C:\Users\Frank\Documents\Mediation 20120422.11.docx
2012-04-24 13:16 - 2012-04-24 13:16 - 00022058 ____A C:\Users\Frank\Documents\Mediation 20120422.1.docx
2012-04-23 16:58 - 2012-04-23 16:58 - 00020940 ____A C:\Users\Frank\Documents\Mediation 20120422.docx
2012-04-23 16:57 - 2012-04-23 16:57 - 00006454 ____A C:\Users\Frank\Documents\Mediation 20120422.txt
2012-04-23 12:14 - 2012-04-23 12:14 - 00563569 ___RA C:\Users\Frank\Documents\451513r.pdf
2012-04-20 13:07 - 2012-04-20 13:07 - 00000000 ____D C:\Users\Frank\AppData\Local\Google
2012-04-20 13:07 - 2012-04-20 13:07 - 00000000 ____D C:\Program Files (x86)\Google
2012-04-15 11:40 - 2012-04-15 11:40 - 00243248 ___RA C:\Users\Frank\Documents\Return2011.pdf
2012-04-15 09:48 - 2012-04-15 09:48 - 00017445 ____A C:\Users\Frank\Documents\Terms of Enzo's Move-4.docx
2012-04-15 09:19 - 2011-10-03 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-15 09:19 - 2010-11-20 23:16 - 00000000 ____D C:\Windows\ShellNew
2012-04-15 09:16 - 2012-02-21 13:54 - 00000000 ____D C:\Users\Frank\AppData\Local\Microsoft Help
2012-04-11 14:02 - 2012-04-11 14:02 - 00007618 ____A C:\Users\Frank\AppData\Local\Resmon.ResmonCfg
2012-04-10 15:55 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-04-06 00:31 - 2011-10-03 17:26 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2012-04-06 00:30 - 2011-12-26 13:16 - 00002482 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk
2012-04-06 00:30 - 2011-10-03 17:51 - 00285510 ____N C:\Windows\Minidump\040612-31746-01.dmp
2012-04-04 11:56 - 2011-12-27 16:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-31 05:36 - 2011-10-03 17:51 - 00287622 ____N C:\Windows\Minidump\033112-25584-01.dmp
2012-03-30 22:05 - 2012-05-11 22:42 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-11 22:42 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-11 22:42 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-11 22:42 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-11 22:42 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-25 09:51 - 2012-03-25 09:51 - 01736049 ____A C:\Users\Frank\Downloads\101 Performance Projects for Your BMW 3 Series 1982-2000 (Motorbooks Workshop) PDF.pdf
2012-03-25 02:41 - 2011-10-03 17:51 - 00285446 ____N C:\Windows\Minidump\032512-26067-01.dmp
2012-03-24 21:00 - 2012-02-19 11:41 - 00000000 ____D C:\Users\Frank\AppData\Local\ElevatedDiagnostics
2012-03-22 11:45 - 2011-10-03 17:51 - 00285254 ____N C:\Windows\Minidump\032212-23431-01.dmp
2012-03-20 12:11 - 2012-03-20 12:11 - 00000000 ____D C:\Users\All Users\RoboForm
2012-03-20 12:10 - 2012-03-20 12:10 - 00000000 ____D C:\Program Files (x86)\Siber Systems
2012-03-19 13:00 - 2012-03-19 13:00 - 00000000 ____D C:\Users\Frank\Documents\My RoboForm Data
2012-03-16 23:58 - 2012-05-11 22:42 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 20:49 - 2012-03-16 20:49 - 00213119 ___RA C:\Users\Frank\Documents\Card01_hatena-1_ol.pdf
2012-03-16 20:46 - 2012-03-16 20:47 - 00706673 ___RA C:\Users\Frank\Documents\big_arcard.pdf
2012-03-16 12:22 - 2011-10-03 17:51 - 00285638 ____N C:\Windows\Minidump\031612-24382-01.dmp

ZeroAccess:
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\@
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\L
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\L\00000004.@
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\L\1afb2d56
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\L\201d3dde
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\00000004.@
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\000000cb.@
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000000.@
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000032.@
C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}\U\80000064.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 7935.29 MB
Available physical RAM: 6968.13 MB
Total Pagefile: 7933.48 MB
Available Pagefile: 6935.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:454.72 GB) (Free:377.04 GB) NTFS
2 Drive e: (HP_RECOVERY) (Fixed) (Total:10.94 GB) (Free:1.34 GB) NTFS
5 Drive h: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 250 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 454 GB 101 MB
Partition 3 Primary 10 GB 454 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 454 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E HP_RECOVERY NTFS Partition 10 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 249 MB 16 KB

======================================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT Removable 249 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-07 22:20

======================= End Of Log ==========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 11 June 2012 - 04:50 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 11 June 2012 - 05:13 PM

Wow, you respond quickly
Okay, the fix is in

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-06-2012 03
Ran by SYSTEM at 2012-06-11 18:08:35 Run:1
Running from H:\

==============================================

C:\Windows\Installer\{8de9e8c5-a59d-1316-70e5-a3ba5b167801} moved successfully.

==== End of Fixlog ====

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 11 June 2012 - 05:45 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 11 June 2012 - 06:31 PM

Combofix ran successfully with no hiccups
I did have to reboot, as any program I tried to run responded with "Illegal operation attempted on a registery key that has been marked for deletion."
But after reboot, things appear normal
Have not seen installer, pop-up or redirects since the frst.exe fix



ComboFix 12-06-11.04 - Frank 06/11/2012 19:00:33.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6718 [GMT -4:00]
Running from: c:\users\Frank\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-12 01:16 . 2012-06-12 01:17 -------- d-----w- C:\FRST
2012-06-11 23:03 . 2012-06-11 23:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 21:39 . 2012-06-11 22:09 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003
2012-06-09 23:36 . 2012-06-09 23:36 -------- d-----w- c:\programdata\Sophos
2012-06-09 23:36 . 2012-06-09 23:36 73728 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-09 23:36 . 2012-06-09 23:36 73728 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-09 23:36 . 2012-06-09 23:36 73728 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-09 23:36 . 2012-06-09 23:36 -------- d-----w- c:\program files (x86)\Sophos
2012-06-09 21:53 . 2012-06-09 21:53 -------- d-----w- c:\users\Frank\AppData\Roaming\Tific
2012-06-09 21:53 . 2012-06-09 21:53 -------- d-----w- c:\users\Frank\AppData\Local\Symantec
2012-06-09 20:56 . 2012-06-09 20:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-09 20:51 . 2012-06-09 20:51 -------- d-----w- c:\programdata\Fellowes
2012-06-09 20:51 . 2012-06-09 20:51 -------- d-----w- c:\program files (x86)\Fellowes
2012-06-09 20:18 . 2012-06-09 20:18 -------- d-----w- c:\programdata\InstallShield
2012-06-09 20:15 . 2012-06-09 21:17 -------- d-----w- c:\programdata\blekko toolbars
2012-06-09 20:15 . 2012-06-09 20:15 -------- d-----w- c:\users\Frank\AppData\Local\blekkotb_031
2012-06-09 20:15 . 2012-06-09 20:15 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-06-02 22:44 . 2012-06-02 22:44 -------- d-----w- c:\users\Frank\AppData\Roaming\WildTangent
2012-05-30 17:59 . 2012-05-30 17:59 4966600 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-25 00:23 . 2012-05-25 00:23 -------- d-----w- c:\users\Frank\AppData\Roaming\MyPublisher
2012-05-25 00:23 . 2012-05-25 00:23 -------- d-----w- c:\program files (x86)\MyPublisher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 20:45 . 2012-04-11 00:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 20:45 . 2011-12-26 22:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 02:56 . 2012-01-23 21:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-31 02:56 . 2012-01-23 21:11 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-31 02:56 . 2012-01-23 21:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-04 23:14 . 2012-04-11 00:14 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 19:56 . 2011-12-28 00:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-12 06:42 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 06:42 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 06:42 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 06:42 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 06:42 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-12 06:42 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-20 108136]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"MediaFace Integration"="c:\program files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 53248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-12-26 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 116648]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R3 camdrv42;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv42.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120224.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 21:07]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 21:07]
.
2012-06-07 c:\windows\Tasks\HPCeeScheduleForFrank.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"combofix"="c:\combofix\CF28786.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\dmodjx1d.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-11 19:09:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-11 23:09
.
Pre-Run: 427,697,537,024 bytes free
Post-Run: 428,168,163,328 bytes free
.
- - End Of File - - 05A3C9431625691028DF4A4ED5D4276C

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 11 June 2012 - 06:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 11 June 2012 - 07:01 PM

Okay, both programs ran without any problems
reports listed below


19:44:56.0804 3488 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
19:44:57.0038 3488 ============================================================
19:44:57.0038 3488 Current date / time: 2012/06/11 19:44:57.0038
19:44:57.0038 3488 SystemInfo:
19:44:57.0038 3488
19:44:57.0038 3488 OS Version: 6.1.7601 ServicePack: 1.0
19:44:57.0038 3488 Product type: Workstation
19:44:57.0038 3488 ComputerName: FRANK-HP
19:44:57.0038 3488 UserName: Frank
19:44:57.0038 3488 Windows directory: C:\Windows
19:44:57.0038 3488 System windows directory: C:\Windows
19:44:57.0038 3488 Running under WOW64
19:44:57.0038 3488 Processor architecture: Intel x64
19:44:57.0038 3488 Number of processors: 2
19:44:57.0038 3488 Page size: 0x1000
19:44:57.0038 3488 Boot type: Normal boot
19:44:57.0038 3488 ============================================================
19:44:58.0192 3488 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:44:58.0208 3488 Drive \Device\Harddisk1\DR1 - Size: 0xFA00000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:44:58.0208 3488 ============================================================
19:44:58.0208 3488 \Device\Harddisk0\DR0:
19:44:58.0208 3488 MBR partitions:
19:44:58.0208 3488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:44:58.0208 3488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38D71000
19:44:58.0208 3488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38DA3800, BlocksNum 0x15E2000
19:44:58.0208 3488 \Device\Harddisk1\DR1:
19:44:58.0223 3488 MBR partitions:
19:44:58.0223 3488 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7CF60
19:44:58.0223 3488 ============================================================
19:44:58.0254 3488 C: <-> \Device\Harddisk0\DR0\Partition1
19:44:58.0286 3488 D: <-> \Device\Harddisk0\DR0\Partition2
19:44:58.0286 3488 ============================================================
19:44:58.0286 3488 Initialize success
19:44:58.0286 3488 ============================================================
19:45:00.0953 2372 ============================================================
19:45:00.0953 2372 Scan started
19:45:00.0953 2372 Mode: Manual;
19:45:00.0953 2372 ============================================================
19:45:01.0998 2372 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:45:01.0998 2372 1394ohci - ok
19:45:02.0045 2372 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:45:02.0045 2372 ACPI - ok
19:45:02.0061 2372 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:45:02.0061 2372 AcpiPmi - ok
19:45:02.0123 2372 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
19:45:02.0123 2372 adp94xx - ok
19:45:02.0154 2372 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
19:45:02.0154 2372 adpahci - ok
19:45:02.0170 2372 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
19:45:02.0170 2372 adpu320 - ok
19:45:02.0201 2372 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
19:45:02.0201 2372 AeLookupSvc - ok
19:45:02.0279 2372 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
19:45:02.0279 2372 AFD - ok
19:45:02.0295 2372 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:45:02.0295 2372 agp440 - ok
19:45:02.0310 2372 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
19:45:02.0310 2372 ALG - ok
19:45:02.0357 2372 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:45:02.0373 2372 aliide - ok
19:45:02.0420 2372 AMD External Events Utility (ca0d6c1390f4b3baf2a0a69d1a7f8332) C:\Windows\system32\atiesrxx.exe
19:45:02.0435 2372 AMD External Events Utility - ok
19:45:02.0451 2372 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:45:02.0451 2372 amdide - ok
19:45:02.0451 2372 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
19:45:02.0466 2372 AmdK8 - ok
19:45:02.0716 2372 amdkmdag (75e4baca583ae02c11e9ac8747e2abe0) C:\Windows\system32\DRIVERS\atikmdag.sys
19:45:02.0856 2372 amdkmdag - ok
19:45:02.0981 2372 amdkmdap (b765cf4b32f347be747b21ae22641025) C:\Windows\system32\DRIVERS\atikmpag.sys
19:45:02.0981 2372 amdkmdap - ok
19:45:03.0028 2372 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
19:45:03.0028 2372 AmdPPM - ok
19:45:03.0090 2372 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:45:03.0090 2372 amdsata - ok
19:45:03.0153 2372 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
19:45:03.0153 2372 amdsbs - ok
19:45:03.0168 2372 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:45:03.0168 2372 amdxata - ok
19:45:03.0200 2372 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\Windows\system32\drivers\amd_sata.sys
19:45:03.0200 2372 amd_sata - ok
19:45:03.0200 2372 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\Windows\system32\drivers\amd_xata.sys
19:45:03.0200 2372 amd_xata - ok
19:45:03.0246 2372 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:45:03.0246 2372 AppID - ok
19:45:03.0278 2372 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
19:45:03.0278 2372 AppIDSvc - ok
19:45:03.0309 2372 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
19:45:03.0309 2372 Appinfo - ok
19:45:03.0356 2372 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
19:45:03.0356 2372 arc - ok
19:45:03.0371 2372 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
19:45:03.0371 2372 arcsas - ok
19:45:03.0465 2372 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:45:03.0496 2372 aspnet_state - ok
19:45:03.0558 2372 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:45:03.0558 2372 AsyncMac - ok
19:45:03.0590 2372 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:45:03.0605 2372 atapi - ok
19:45:03.0668 2372 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\drivers\AtiPcie64.sys
19:45:03.0668 2372 AtiPcie - ok
19:45:03.0746 2372 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:45:03.0761 2372 AudioEndpointBuilder - ok
19:45:03.0761 2372 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
19:45:03.0761 2372 AudioSrv - ok
19:45:03.0792 2372 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
19:45:03.0792 2372 AxInstSV - ok
19:45:03.0839 2372 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
19:45:03.0855 2372 b06bdrv - ok
19:45:03.0886 2372 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:45:03.0886 2372 b57nd60a - ok
19:45:04.0026 2372 BCMH43XX (23d68a29d1e12e593e99a7cf8f5f1b95) C:\Windows\system32\DRIVERS\bcmwlhigh664.sys
19:45:04.0042 2372 BCMH43XX - ok
19:45:04.0058 2372 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
19:45:04.0058 2372 BDESVC - ok
19:45:04.0073 2372 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:45:04.0073 2372 Beep - ok
19:45:04.0151 2372 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
19:45:04.0167 2372 BFE - ok
19:45:04.0323 2372 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys
19:45:04.0338 2372 BHDrvx64 - ok
19:45:04.0494 2372 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
19:45:04.0510 2372 BITS - ok
19:45:04.0557 2372 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
19:45:04.0557 2372 blbdrive - ok
19:45:04.0604 2372 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:45:04.0619 2372 bowser - ok
19:45:04.0666 2372 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
19:45:04.0666 2372 BrFiltLo - ok
19:45:04.0682 2372 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
19:45:04.0682 2372 BrFiltUp - ok
19:45:04.0697 2372 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
19:45:04.0697 2372 BridgeMP - ok
19:45:04.0728 2372 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
19:45:04.0728 2372 Browser - ok
19:45:04.0744 2372 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:45:04.0760 2372 Brserid - ok
19:45:04.0775 2372 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:45:04.0775 2372 BrSerWdm - ok
19:45:04.0791 2372 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:45:04.0791 2372 BrUsbMdm - ok
19:45:04.0806 2372 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:45:04.0806 2372 BrUsbSer - ok
19:45:04.0822 2372 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
19:45:04.0822 2372 BTHMODEM - ok
19:45:04.0884 2372 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
19:45:04.0884 2372 bthserv - ok
19:45:05.0056 2372 camdrv42 (19c8e65dc74d8240c3c8be0f8751b17e) C:\Windows\system32\DRIVERS\camdrv42.sys
19:45:05.0103 2372 camdrv42 - ok
19:45:05.0134 2372 catchme - ok
19:45:05.0290 2372 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:45:05.0306 2372 cdfs - ok
19:45:05.0352 2372 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
19:45:05.0368 2372 cdrom - ok
19:45:05.0415 2372 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:45:05.0415 2372 CertPropSvc - ok
19:45:05.0477 2372 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
19:45:05.0477 2372 circlass - ok
19:45:05.0508 2372 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:45:05.0524 2372 CLFS - ok
19:45:05.0571 2372 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:45:05.0571 2372 clr_optimization_v2.0.50727_32 - ok
19:45:05.0618 2372 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:45:05.0618 2372 clr_optimization_v2.0.50727_64 - ok
19:45:05.0696 2372 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:45:05.0742 2372 clr_optimization_v4.0.30319_32 - ok
19:45:05.0774 2372 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:45:05.0774 2372 clr_optimization_v4.0.30319_64 - ok
19:45:05.0805 2372 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
19:45:05.0805 2372 CmBatt - ok
19:45:05.0820 2372 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:45:05.0836 2372 cmdide - ok
19:45:05.0883 2372 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:45:05.0883 2372 CNG - ok
19:45:05.0914 2372 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
19:45:05.0914 2372 Compbatt - ok
19:45:05.0961 2372 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:45:05.0961 2372 CompositeBus - ok
19:45:05.0992 2372 COMSysApp - ok
19:45:06.0008 2372 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
19:45:06.0023 2372 crcdisk - ok
19:45:06.0039 2372 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
19:45:06.0039 2372 CryptSvc - ok
19:45:06.0086 2372 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:45:06.0101 2372 DcomLaunch - ok
19:45:06.0117 2372 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
19:45:06.0117 2372 defragsvc - ok
19:45:06.0148 2372 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:45:06.0148 2372 DfsC - ok
19:45:06.0164 2372 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
19:45:06.0164 2372 Dhcp - ok
19:45:06.0179 2372 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:45:06.0179 2372 discache - ok
19:45:06.0242 2372 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
19:45:06.0242 2372 Disk - ok
19:45:06.0273 2372 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
19:45:06.0288 2372 Dnscache - ok
19:45:06.0320 2372 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
19:45:06.0320 2372 dot3svc - ok
19:45:06.0351 2372 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
19:45:06.0351 2372 DPS - ok
19:45:06.0398 2372 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:45:06.0413 2372 drmkaud - ok
19:45:06.0460 2372 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:45:06.0476 2372 DXGKrnl - ok
19:45:06.0476 2372 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
19:45:06.0491 2372 EapHost - ok
19:45:06.0632 2372 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
19:45:06.0678 2372 ebdrv - ok
19:45:06.0741 2372 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:45:06.0756 2372 eeCtrl - ok
19:45:06.0881 2372 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
19:45:06.0897 2372 EFS - ok
19:45:06.0975 2372 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
19:45:06.0975 2372 ehRecvr - ok
19:45:07.0022 2372 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
19:45:07.0022 2372 ehSched - ok
19:45:07.0115 2372 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
19:45:07.0131 2372 elxstor - ok
19:45:07.0224 2372 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:45:07.0224 2372 EraserUtilRebootDrv - ok
19:45:07.0256 2372 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:45:07.0256 2372 ErrDev - ok
19:45:07.0302 2372 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
19:45:07.0302 2372 EventSystem - ok
19:45:07.0334 2372 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:45:07.0334 2372 exfat - ok
19:45:07.0349 2372 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:45:07.0365 2372 fastfat - ok
19:45:07.0427 2372 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
19:45:07.0427 2372 Fax - ok
19:45:07.0458 2372 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
19:45:07.0458 2372 fdc - ok
19:45:07.0505 2372 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
19:45:07.0505 2372 fdPHost - ok
19:45:07.0505 2372 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
19:45:07.0505 2372 FDResPub - ok
19:45:07.0552 2372 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:45:07.0552 2372 FileInfo - ok
19:45:07.0583 2372 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:45:07.0583 2372 Filetrace - ok
19:45:07.0599 2372 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
19:45:07.0599 2372 flpydisk - ok
19:45:07.0614 2372 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:45:07.0614 2372 FltMgr - ok
19:45:07.0677 2372 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
19:45:07.0708 2372 FontCache - ok
19:45:07.0739 2372 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:45:07.0739 2372 FontCache3.0.0.0 - ok
19:45:07.0786 2372 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:45:07.0786 2372 FsDepends - ok
19:45:07.0802 2372 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
19:45:07.0802 2372 Fs_Rec - ok
19:45:07.0864 2372 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:45:07.0864 2372 fvevol - ok
19:45:07.0911 2372 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
19:45:07.0926 2372 gagp30kx - ok
19:45:08.0020 2372 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:45:08.0020 2372 GamesAppService - ok
19:45:08.0082 2372 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
19:45:08.0098 2372 gpsvc - ok
19:45:08.0176 2372 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:45:08.0192 2372 gupdate - ok
19:45:08.0192 2372 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:45:08.0192 2372 gupdatem - ok
19:45:08.0223 2372 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:45:08.0223 2372 hcw85cir - ok
19:45:08.0301 2372 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:45:08.0301 2372 HdAudAddService - ok
19:45:08.0363 2372 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:45:08.0363 2372 HDAudBus - ok
19:45:08.0379 2372 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
19:45:08.0379 2372 HidBatt - ok
19:45:08.0394 2372 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
19:45:08.0410 2372 HidBth - ok
19:45:08.0441 2372 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
19:45:08.0441 2372 HidIr - ok
19:45:08.0457 2372 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
19:45:08.0457 2372 hidserv - ok
19:45:08.0504 2372 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:45:08.0504 2372 HidUsb - ok
19:45:08.0535 2372 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
19:45:08.0535 2372 hkmsvc - ok
19:45:08.0566 2372 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
19:45:08.0566 2372 HomeGroupListener - ok
19:45:08.0582 2372 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
19:45:08.0582 2372 HomeGroupProvider - ok
19:45:08.0675 2372 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:45:08.0675 2372 HP Support Assistant Service - ok
19:45:08.0769 2372 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
19:45:08.0769 2372 HPClientSvc - ok
19:45:08.0831 2372 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:45:08.0831 2372 HPDrvMntSvc.exe - ok
19:45:08.0925 2372 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
19:45:08.0940 2372 hpqwmiex - ok
19:45:09.0128 2372 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:45:09.0128 2372 HpSAMD - ok
19:45:09.0206 2372 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:45:09.0221 2372 HTTP - ok
19:45:09.0237 2372 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:45:09.0237 2372 hwpolicy - ok
19:45:09.0284 2372 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:45:09.0284 2372 i8042prt - ok
19:45:09.0362 2372 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:45:09.0362 2372 iaStorV - ok
19:45:09.0502 2372 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:45:09.0502 2372 IDriverT - ok
19:45:09.0627 2372 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:45:09.0642 2372 idsvc - ok
19:45:09.0798 2372 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120224.002\IDSvia64.sys
19:45:09.0798 2372 IDSVia64 - ok
19:45:10.0220 2372 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:45:10.0329 2372 igfx - ok
19:45:10.0469 2372 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
19:45:10.0485 2372 iirsp - ok
19:45:10.0578 2372 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
19:45:10.0594 2372 IKEEXT - ok
19:45:10.0766 2372 IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
19:45:10.0781 2372 IntcAzAudAddService - ok
19:45:10.0906 2372 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:45:10.0906 2372 intelide - ok
19:45:10.0953 2372 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
19:45:10.0953 2372 intelppm - ok
19:45:10.0984 2372 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
19:45:11.0000 2372 IPBusEnum - ok
19:45:11.0015 2372 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:45:11.0015 2372 IpFilterDriver - ok
19:45:11.0062 2372 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
19:45:11.0078 2372 iphlpsvc - ok
19:45:11.0109 2372 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:45:11.0109 2372 IPMIDRV - ok
19:45:11.0156 2372 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:45:11.0156 2372 IPNAT - ok
19:45:11.0202 2372 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:45:11.0218 2372 IRENUM - ok
19:45:11.0234 2372 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:45:11.0234 2372 isapnp - ok
19:45:11.0249 2372 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:45:11.0265 2372 iScsiPrt - ok
19:45:11.0312 2372 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:45:11.0312 2372 kbdclass - ok
19:45:11.0327 2372 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:45:11.0327 2372 kbdhid - ok
19:45:11.0358 2372 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:11.0358 2372 KeyIso - ok
19:45:11.0374 2372 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:45:11.0374 2372 KSecDD - ok
19:45:11.0390 2372 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:45:11.0405 2372 KSecPkg - ok
19:45:11.0421 2372 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:45:11.0421 2372 ksthunk - ok
19:45:11.0499 2372 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
19:45:11.0514 2372 KtmRm - ok
19:45:11.0577 2372 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
19:45:11.0577 2372 LanmanServer - ok
19:45:11.0624 2372 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
19:45:11.0624 2372 LanmanWorkstation - ok
19:45:11.0686 2372 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:45:11.0686 2372 lltdio - ok
19:45:11.0717 2372 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
19:45:11.0733 2372 lltdsvc - ok
19:45:11.0764 2372 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
19:45:11.0764 2372 lmhosts - ok
19:45:11.0811 2372 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
19:45:11.0811 2372 LSI_FC - ok
19:45:11.0842 2372 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
19:45:11.0842 2372 LSI_SAS - ok
19:45:11.0842 2372 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
19:45:11.0842 2372 LSI_SAS2 - ok
19:45:11.0889 2372 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
19:45:11.0889 2372 LSI_SCSI - ok
19:45:11.0904 2372 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:45:11.0920 2372 luafv - ok
19:45:11.0951 2372 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
19:45:11.0951 2372 Mcx2Svc - ok
19:45:11.0967 2372 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
19:45:11.0967 2372 megasas - ok
19:45:11.0998 2372 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
19:45:11.0998 2372 MegaSR - ok
19:45:12.0014 2372 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:45:12.0014 2372 MMCSS - ok
19:45:12.0029 2372 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:45:12.0029 2372 Modem - ok
19:45:12.0092 2372 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:45:12.0092 2372 monitor - ok
19:45:12.0138 2372 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:45:12.0138 2372 mouclass - ok
19:45:12.0170 2372 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:45:12.0170 2372 mouhid - ok
19:45:12.0201 2372 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:45:12.0201 2372 mountmgr - ok
19:45:12.0279 2372 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:45:12.0279 2372 MozillaMaintenance - ok
19:45:12.0310 2372 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:45:12.0310 2372 mpio - ok
19:45:12.0326 2372 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:45:12.0326 2372 mpsdrv - ok
19:45:12.0450 2372 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
19:45:12.0466 2372 MpsSvc - ok
19:45:12.0482 2372 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:45:12.0497 2372 MRxDAV - ok
19:45:12.0513 2372 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:45:12.0528 2372 mrxsmb - ok
19:45:12.0544 2372 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:45:12.0544 2372 mrxsmb10 - ok
19:45:12.0560 2372 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:45:12.0560 2372 mrxsmb20 - ok
19:45:12.0575 2372 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:45:12.0575 2372 msahci - ok
19:45:12.0606 2372 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:45:12.0606 2372 msdsm - ok
19:45:12.0622 2372 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
19:45:12.0622 2372 MSDTC - ok
19:45:12.0653 2372 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:45:12.0653 2372 Msfs - ok
19:45:12.0700 2372 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:45:12.0700 2372 mshidkmdf - ok
19:45:12.0716 2372 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:45:12.0716 2372 msisadrv - ok
19:45:12.0747 2372 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
19:45:12.0747 2372 MSiSCSI - ok
19:45:12.0747 2372 msiserver - ok
19:45:12.0794 2372 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:45:12.0794 2372 MSKSSRV - ok
19:45:12.0809 2372 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:45:12.0809 2372 MSPCLOCK - ok
19:45:12.0809 2372 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:45:12.0809 2372 MSPQM - ok
19:45:12.0840 2372 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:45:12.0856 2372 MsRPC - ok
19:45:12.0872 2372 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:45:12.0872 2372 mssmbios - ok
19:45:12.0887 2372 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:45:12.0887 2372 MSTEE - ok
19:45:12.0887 2372 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
19:45:12.0887 2372 MTConfig - ok
19:45:12.0903 2372 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:45:12.0903 2372 Mup - ok
19:45:12.0950 2372 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
19:45:12.0950 2372 napagent - ok
19:45:12.0996 2372 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:45:12.0996 2372 NativeWifiP - ok
19:45:13.0090 2372 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.018\ENG64.SYS
19:45:13.0106 2372 NAVENG - ok
19:45:13.0184 2372 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120224.018\EX64.SYS
19:45:13.0230 2372 NAVEX15 - ok
19:45:13.0449 2372 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:45:13.0449 2372 NDIS - ok
19:45:13.0496 2372 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:45:13.0496 2372 NdisCap - ok
19:45:13.0542 2372 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:45:13.0542 2372 NdisTapi - ok
19:45:13.0589 2372 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:45:13.0589 2372 Ndisuio - ok
19:45:13.0605 2372 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:45:13.0620 2372 NdisWan - ok
19:45:13.0636 2372 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:45:13.0636 2372 NDProxy - ok
19:45:13.0652 2372 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:45:13.0652 2372 NetBIOS - ok
19:45:13.0667 2372 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:45:13.0667 2372 NetBT - ok
19:45:13.0698 2372 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:13.0698 2372 Netlogon - ok
19:45:13.0745 2372 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
19:45:13.0761 2372 Netman - ok
19:45:13.0854 2372 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:45:13.0870 2372 NetMsmqActivator - ok
19:45:13.0870 2372 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:45:13.0886 2372 NetPipeActivator - ok
19:45:13.0917 2372 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
19:45:13.0917 2372 netprofm - ok
19:45:13.0917 2372 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:45:13.0932 2372 NetTcpActivator - ok
19:45:13.0932 2372 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:45:13.0932 2372 NetTcpPortSharing - ok
19:45:13.0995 2372 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
19:45:13.0995 2372 nfrd960 - ok
19:45:14.0151 2372 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
19:45:14.0151 2372 NIS - ok
19:45:14.0213 2372 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
19:45:14.0229 2372 NlaSvc - ok
19:45:14.0416 2372 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
19:45:14.0478 2372 NOBU - ok
19:45:14.0588 2372 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:45:14.0588 2372 Npfs - ok
19:45:14.0603 2372 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
19:45:14.0603 2372 nsi - ok
19:45:14.0619 2372 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:45:14.0619 2372 nsiproxy - ok
19:45:14.0728 2372 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:45:14.0759 2372 Ntfs - ok
19:45:14.0900 2372 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:45:14.0900 2372 Null - ok
19:45:14.0962 2372 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:45:14.0962 2372 nvraid - ok
19:45:14.0993 2372 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:45:14.0993 2372 nvstor - ok
19:45:15.0024 2372 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:45:15.0024 2372 nv_agp - ok
19:45:15.0056 2372 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:45:15.0056 2372 ohci1394 - ok
19:45:15.0134 2372 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:45:15.0149 2372 ose - ok
19:45:15.0446 2372 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:45:15.0539 2372 osppsvc - ok
19:45:15.0695 2372 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:45:15.0695 2372 p2pimsvc - ok
19:45:15.0726 2372 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
19:45:15.0726 2372 p2psvc - ok
19:45:15.0789 2372 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
19:45:15.0804 2372 Parport - ok
19:45:15.0820 2372 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
19:45:15.0820 2372 partmgr - ok
19:45:15.0851 2372 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
19:45:15.0851 2372 PcaSvc - ok
19:45:15.0867 2372 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:45:15.0867 2372 pci - ok
19:45:15.0898 2372 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:45:15.0898 2372 pciide - ok
19:45:15.0914 2372 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
19:45:15.0914 2372 pcmcia - ok
19:45:15.0945 2372 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:45:15.0945 2372 pcw - ok
19:45:15.0976 2372 pdfcDispatcher - ok
19:45:16.0038 2372 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:45:16.0038 2372 PEAUTH - ok
19:45:16.0132 2372 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
19:45:16.0132 2372 PerfHost - ok
19:45:16.0226 2372 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
19:45:16.0257 2372 pla - ok
19:45:16.0319 2372 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
19:45:16.0335 2372 PlugPlay - ok
19:45:16.0350 2372 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
19:45:16.0350 2372 PNRPAutoReg - ok
19:45:16.0382 2372 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
19:45:16.0382 2372 PNRPsvc - ok
19:45:16.0413 2372 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
19:45:16.0428 2372 PolicyAgent - ok
19:45:16.0444 2372 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
19:45:16.0460 2372 Power - ok
19:45:16.0491 2372 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:45:16.0491 2372 PptpMiniport - ok
19:45:16.0522 2372 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
19:45:16.0522 2372 Processor - ok
19:45:16.0538 2372 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
19:45:16.0538 2372 ProfSvc - ok
19:45:16.0569 2372 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:16.0569 2372 ProtectedStorage - ok
19:45:16.0616 2372 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:45:16.0616 2372 Psched - ok
19:45:16.0756 2372 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
19:45:16.0787 2372 ql2300 - ok
19:45:16.0928 2372 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
19:45:16.0928 2372 ql40xx - ok
19:45:16.0959 2372 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
19:45:16.0974 2372 QWAVE - ok
19:45:17.0006 2372 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:45:17.0006 2372 QWAVEdrv - ok
19:45:17.0021 2372 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:45:17.0021 2372 RasAcd - ok
19:45:17.0068 2372 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:45:17.0068 2372 RasAgileVpn - ok
19:45:17.0099 2372 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
19:45:17.0099 2372 RasAuto - ok
19:45:17.0130 2372 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:45:17.0130 2372 Rasl2tp - ok
19:45:17.0177 2372 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
19:45:17.0177 2372 RasMan - ok
19:45:17.0193 2372 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:45:17.0208 2372 RasPppoe - ok
19:45:17.0208 2372 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:45:17.0208 2372 RasSstp - ok
19:45:17.0224 2372 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:45:17.0240 2372 rdbss - ok
19:45:17.0255 2372 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
19:45:17.0255 2372 rdpbus - ok
19:45:17.0302 2372 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:17.0302 2372 RDPCDD - ok
19:45:17.0333 2372 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:45:17.0333 2372 RDPENCDD - ok
19:45:17.0349 2372 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:45:17.0349 2372 RDPREFMP - ok
19:45:17.0380 2372 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
19:45:17.0380 2372 RDPWD - ok
19:45:17.0427 2372 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:45:17.0442 2372 rdyboost - ok
19:45:17.0458 2372 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
19:45:17.0458 2372 RemoteAccess - ok
19:45:17.0505 2372 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
19:45:17.0505 2372 RemoteRegistry - ok
19:45:17.0567 2372 RoxioNow Service (085d18c71ab2611a3d61528132b6501e) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
19:45:17.0583 2372 RoxioNow Service - ok
19:45:17.0598 2372 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
19:45:17.0598 2372 RpcEptMapper - ok
19:45:17.0614 2372 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
19:45:17.0614 2372 RpcLocator - ok
19:45:17.0645 2372 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
19:45:17.0661 2372 RpcSs - ok
19:45:17.0723 2372 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:45:17.0723 2372 rspndr - ok
19:45:17.0801 2372 RTL8167 (afc12dfa4c7b089673ad67402ca19edb) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:45:17.0801 2372 RTL8167 - ok
19:45:17.0832 2372 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:17.0848 2372 SamSs - ok
19:45:17.0926 2372 SamsungAllShareV2.0 (328100af2efd951eab657384ec361b6f) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
19:45:17.0926 2372 SamsungAllShareV2.0 - ok
19:45:17.0957 2372 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:45:17.0957 2372 sbp2port - ok
19:45:17.0988 2372 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
19:45:18.0004 2372 SCardSvr - ok
19:45:18.0020 2372 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:45:18.0020 2372 scfilter - ok
19:45:18.0066 2372 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
19:45:18.0082 2372 Schedule - ok
19:45:18.0113 2372 SCMNdisP (6011cdf54bb6f4c69f38faccdad73d7e) C:\Windows\system32\DRIVERS\scmndisp.sys
19:45:18.0113 2372 SCMNdisP - ok
19:45:18.0129 2372 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
19:45:18.0129 2372 SCPolicySvc - ok
19:45:18.0144 2372 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
19:45:18.0160 2372 SDRSVC - ok
19:45:18.0191 2372 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:45:18.0191 2372 secdrv - ok
19:45:18.0207 2372 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
19:45:18.0207 2372 seclogon - ok
19:45:18.0222 2372 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
19:45:18.0222 2372 SENS - ok
19:45:18.0238 2372 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
19:45:18.0254 2372 SensrSvc - ok
19:45:18.0456 2372 Ser2pl (9f6490423ac3271e84a90a0dd9d30a3b) C:\Windows\system32\DRIVERS\ser2pl64.sys
19:45:18.0456 2372 Ser2pl - ok
19:45:18.0503 2372 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:45:18.0503 2372 Serenum - ok
19:45:18.0550 2372 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
19:45:18.0550 2372 Serial - ok
19:45:18.0581 2372 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
19:45:18.0581 2372 sermouse - ok
19:45:18.0644 2372 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
19:45:18.0644 2372 SessionEnv - ok
19:45:18.0659 2372 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:45:18.0659 2372 sffdisk - ok
19:45:18.0675 2372 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:45:18.0675 2372 sffp_mmc - ok
19:45:18.0690 2372 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:45:18.0690 2372 sffp_sd - ok
19:45:18.0690 2372 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
19:45:18.0690 2372 sfloppy - ok
19:45:18.0784 2372 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
19:45:18.0784 2372 SharedAccess - ok
19:45:18.0831 2372 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
19:45:18.0831 2372 ShellHWDetection - ok
19:45:18.0924 2372 SimpleSlideShowServer (1980fe1f5a32067dad1d8776b63c2669) C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
19:45:18.0924 2372 SimpleSlideShowServer - ok
19:45:18.0971 2372 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
19:45:18.0971 2372 SiSRaid2 - ok
19:45:19.0002 2372 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
19:45:19.0002 2372 SiSRaid4 - ok
19:45:19.0252 2372 Skype C2C Service (4ca43b85f22c7739311788b651a779cb) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:45:19.0330 2372 Skype C2C Service - ok
19:45:19.0392 2372 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:45:19.0392 2372 SkypeUpdate - ok
19:45:19.0533 2372 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:45:19.0533 2372 Smb - ok
19:45:19.0595 2372 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
19:45:19.0595 2372 SNMPTRAP - ok
19:45:19.0611 2372 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:45:19.0626 2372 spldr - ok
19:45:19.0658 2372 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
19:45:19.0658 2372 Spooler - ok
19:45:19.0782 2372 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
19:45:19.0845 2372 sppsvc - ok
19:45:19.0954 2372 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
19:45:19.0954 2372 sppuinotify - ok
19:45:20.0110 2372 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
19:45:20.0126 2372 SRTSP - ok
19:45:20.0141 2372 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
19:45:20.0141 2372 SRTSPX - ok
19:45:20.0188 2372 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:45:20.0204 2372 srv - ok
19:45:20.0219 2372 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:45:20.0235 2372 srv2 - ok
19:45:20.0250 2372 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:45:20.0250 2372 srvnet - ok
19:45:20.0297 2372 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
19:45:20.0313 2372 SSDPSRV - ok
19:45:20.0328 2372 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
19:45:20.0328 2372 SstpSvc - ok
19:45:20.0344 2372 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
19:45:20.0344 2372 stexstor - ok
19:45:20.0438 2372 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
19:45:20.0453 2372 stisvc - ok
19:45:20.0453 2372 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:45:20.0453 2372 swenum - ok
19:45:20.0500 2372 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
19:45:20.0500 2372 swprv - ok
19:45:20.0609 2372 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
19:45:20.0625 2372 SymDS - ok
19:45:20.0687 2372 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
19:45:20.0687 2372 SymEFA - ok
19:45:20.0734 2372 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:45:20.0750 2372 SymEvent - ok
19:45:20.0781 2372 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
19:45:20.0781 2372 SymIRON - ok
19:45:20.0796 2372 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
19:45:20.0812 2372 SymNetS - ok
19:45:20.0906 2372 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
19:45:20.0937 2372 SysMain - ok
19:45:21.0062 2372 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
19:45:21.0062 2372 TabletInputService - ok
19:45:21.0093 2372 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
19:45:21.0108 2372 TapiSrv - ok
19:45:21.0124 2372 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
19:45:21.0124 2372 TBS - ok
19:45:21.0218 2372 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
19:45:21.0280 2372 Tcpip - ok
19:45:21.0483 2372 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
19:45:21.0498 2372 TCPIP6 - ok
19:45:21.0561 2372 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:45:21.0561 2372 tcpipreg - ok
19:45:21.0592 2372 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:45:21.0592 2372 TDPIPE - ok
19:45:21.0623 2372 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
19:45:21.0639 2372 TDTCP - ok
19:45:21.0654 2372 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:45:21.0670 2372 tdx - ok
19:45:21.0717 2372 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:45:21.0717 2372 TermDD - ok
19:45:21.0779 2372 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
19:45:21.0795 2372 TermService - ok
19:45:21.0810 2372 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
19:45:21.0810 2372 Themes - ok
19:45:21.0842 2372 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
19:45:21.0842 2372 THREADORDER - ok
19:45:21.0857 2372 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
19:45:21.0857 2372 TrkWks - ok
19:45:21.0888 2372 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
19:45:21.0888 2372 TrustedInstaller - ok
19:45:21.0920 2372 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:21.0920 2372 tssecsrv - ok
19:45:21.0951 2372 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:45:21.0966 2372 TsUsbFlt - ok
19:45:21.0982 2372 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
19:45:21.0982 2372 TsUsbGD - ok
19:45:22.0029 2372 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:45:22.0044 2372 tunnel - ok
19:45:22.0060 2372 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
19:45:22.0060 2372 uagp35 - ok
19:45:22.0091 2372 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:45:22.0091 2372 udfs - ok
19:45:22.0122 2372 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
19:45:22.0122 2372 UI0Detect - ok
19:45:22.0169 2372 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:45:22.0169 2372 uliagpkx - ok
19:45:22.0232 2372 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:45:22.0232 2372 umbus - ok
19:45:22.0232 2372 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
19:45:22.0247 2372 UmPass - ok
19:45:22.0278 2372 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
19:45:22.0278 2372 upnphost - ok
19:45:22.0341 2372 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\DRIVERS\usbaudio.sys
19:45:22.0341 2372 usbaudio - ok
19:45:22.0388 2372 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:22.0388 2372 usbccgp - ok
19:45:22.0419 2372 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:45:22.0419 2372 usbcir - ok
19:45:22.0434 2372 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:45:22.0434 2372 usbehci - ok
19:45:22.0450 2372 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\drivers\usbfilter.sys
19:45:22.0450 2372 usbfilter - ok
19:45:22.0497 2372 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:45:22.0497 2372 usbhub - ok
19:45:22.0512 2372 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:45:22.0512 2372 usbohci - ok
19:45:22.0528 2372 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:45:22.0528 2372 usbprint - ok
19:45:22.0544 2372 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:22.0544 2372 USBSTOR - ok
19:45:22.0559 2372 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:45:22.0559 2372 usbuhci - ok
19:45:22.0590 2372 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
19:45:22.0590 2372 UxSms - ok
19:45:22.0622 2372 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
19:45:22.0622 2372 VaultSvc - ok
19:45:22.0668 2372 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:45:22.0668 2372 vdrvroot - ok
19:45:22.0700 2372 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
19:45:22.0700 2372 vds - ok
19:45:22.0731 2372 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:22.0731 2372 vga - ok
19:45:22.0746 2372 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:45:22.0746 2372 VgaSave - ok
19:45:22.0778 2372 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:45:22.0778 2372 vhdmp - ok
19:45:22.0809 2372 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:45:22.0809 2372 viaide - ok
19:45:22.0840 2372 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:45:22.0840 2372 volmgr - ok
19:45:22.0871 2372 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:45:22.0871 2372 volmgrx - ok
19:45:22.0887 2372 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:45:22.0902 2372 volsnap - ok
19:45:22.0934 2372 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
19:45:22.0949 2372 vsmraid - ok
19:45:23.0027 2372 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
19:45:23.0058 2372 VSS - ok
19:45:23.0199 2372 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:45:23.0199 2372 vwifibus - ok
19:45:23.0230 2372 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:45:23.0230 2372 vwififlt - ok
19:45:23.0246 2372 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:45:23.0246 2372 vwifimp - ok
19:45:23.0308 2372 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
19:45:23.0308 2372 W32Time - ok
19:45:23.0339 2372 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
19:45:23.0339 2372 WacomPen - ok
19:45:23.0386 2372 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:23.0386 2372 WANARP - ok
19:45:23.0417 2372 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:23.0417 2372 Wanarpv6 - ok
19:45:23.0573 2372 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
19:45:23.0604 2372 WatAdminSvc - ok
19:45:23.0682 2372 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
19:45:23.0714 2372 wbengine - ok
19:45:23.0823 2372 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
19:45:23.0838 2372 WbioSrvc - ok
19:45:23.0870 2372 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
19:45:23.0885 2372 wcncsvc - ok
19:45:23.0901 2372 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
19:45:23.0901 2372 WcsPlugInService - ok
19:45:23.0948 2372 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
19:45:23.0948 2372 Wd - ok
19:45:24.0010 2372 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:45:24.0026 2372 Wdf01000 - ok
19:45:24.0041 2372 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:45:24.0041 2372 WdiServiceHost - ok
19:45:24.0057 2372 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
19:45:24.0057 2372 WdiSystemHost - ok
19:45:24.0088 2372 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
19:45:24.0088 2372 WebClient - ok
19:45:24.0119 2372 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
19:45:24.0119 2372 Wecsvc - ok
19:45:24.0135 2372 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
19:45:24.0135 2372 wercplsupport - ok
19:45:24.0182 2372 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
19:45:24.0182 2372 WerSvc - ok
19:45:24.0244 2372 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:24.0244 2372 WfpLwf - ok
19:45:24.0275 2372 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:45:24.0275 2372 WIMMount - ok
19:45:24.0306 2372 WinDefend - ok
19:45:24.0306 2372 WinHttpAutoProxySvc - ok
19:45:24.0353 2372 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
19:45:24.0369 2372 Winmgmt - ok
19:45:24.0509 2372 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
19:45:24.0556 2372 WinRM - ok
19:45:24.0759 2372 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
19:45:24.0774 2372 Wlansvc - ok
19:45:24.0837 2372 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:45:24.0837 2372 wlcrasvc - ok
19:45:24.0993 2372 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:45:25.0040 2372 wlidsvc - ok
19:45:25.0196 2372 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:45:25.0196 2372 WmiAcpi - ok
19:45:25.0242 2372 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
19:45:25.0258 2372 wmiApSrv - ok
19:45:25.0305 2372 WMPNetworkSvc - ok
19:45:25.0367 2372 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
19:45:25.0383 2372 WPCSvc - ok
19:45:25.0398 2372 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
19:45:25.0398 2372 WPDBusEnum - ok
19:45:25.0430 2372 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:45:25.0430 2372 ws2ifsl - ok
19:45:25.0476 2372 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
19:45:25.0476 2372 wscsvc - ok
19:45:25.0476 2372 WSearch - ok
19:45:25.0523 2372 WSWNA3100 (d0697918519a4cf059c2c7e3b9e93a53) C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
19:45:25.0523 2372 WSWNA3100 - ok
19:45:25.0617 2372 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
19:45:25.0695 2372 wuauserv - ok
19:45:25.0866 2372 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:45:25.0866 2372 WudfPf - ok
19:45:25.0929 2372 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:25.0929 2372 WUDFRd - ok
19:45:25.0960 2372 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
19:45:25.0960 2372 wudfsvc - ok
19:45:25.0991 2372 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
19:45:25.0991 2372 WwanSvc - ok
19:45:26.0038 2372 MBR (0x1B8) (0dae970f10554d1bafc1dc103d707182) \Device\Harddisk0\DR0
19:45:26.0256 2372 \Device\Harddisk0\DR0 - ok
19:45:26.0272 2372 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
19:45:28.0050 2372 \Device\Harddisk1\DR1 - ok
19:45:28.0082 2372 Boot (0x1200) (cbd7ff01756e9b86e30866b9787cbae5) \Device\Harddisk0\DR0\Partition0
19:45:28.0082 2372 \Device\Harddisk0\DR0\Partition0 - ok
19:45:28.0097 2372 Boot (0x1200) (615c998af39914b9c67b660df2b078cc) \Device\Harddisk0\DR0\Partition1
19:45:28.0097 2372 \Device\Harddisk0\DR0\Partition1 - ok
19:45:28.0128 2372 Boot (0x1200) (ec01c9cb0417ca1eb64d638cd91b482f) \Device\Harddisk0\DR0\Partition2
19:45:28.0128 2372 \Device\Harddisk0\DR0\Partition2 - ok
19:45:28.0144 2372 Boot (0x1200) (f3a7c38507b5f11e171e6270718dcec6) \Device\Harddisk1\DR1\Partition0
19:45:28.0144 2372 \Device\Harddisk1\DR1\Partition0 - ok
19:45:28.0144 2372 ============================================================
19:45:28.0144 2372 Scan finished
19:45:28.0144 2372 ============================================================
19:45:28.0175 2536 Detected object count: 0
19:45:28.0175 2536 Actual detected object count: 0
19:48:43.0234 3376 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 19:49:53

-----------------------------
19:49:53.333 OS Version: Windows x64 6.1.7601 Service Pack 1
19:49:53.333 Number of processors: 2 586 0x603
19:49:53.333 ComputerName: FRANK-HP UserName: Frank
19:49:59.401 Initialze error C0000034 - driver not loaded
19:50:35.338 AVAST engine defs: 12061101
19:50:48.894 Service scanning
19:51:08.488 Modules scanning
19:51:08.488 Disk 0 trace - called modules:
19:51:08.503
19:51:14.229 AVAST engine scan C:\Windows
19:51:19.533 AVAST engine scan C:\Windows\system32
19:54:09.760 AVAST engine scan C:\Windows\system32\drivers
19:54:24.268 AVAST engine scan C:\Users\Frank
19:57:05.073 AVAST engine scan C:\ProgramData
19:57:41.718 Scan finished successfully
19:58:11.717 The log file has been saved successfully to "C:\Users\Frank\Documents\aswMBR611.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 11 June 2012 - 07:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 11 June 2012 - 07:41 PM

Everything ran smoothly & the computer appears to be running fine
Here's the combofix log
& I must log out for the evening
thank,
=frank

ComboFix 12-06-11.04 - Frank 06/11/2012 20:22:50.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6454 [GMT -4:00]
Running from: c:\users\Frank\Desktop\ComboFix.exe
Command switches used :: c:\users\Frank\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-12 01:16 . 2012-06-12 01:17 -------- d-----w- C:\FRST
2012-06-12 00:26 . 2012-06-12 00:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-11 21:39 . 2012-06-11 22:09 -------- d-----w- c:\windows\system32\drivers\NISx64\1207020.003
2012-06-09 23:36 . 2012-06-09 23:36 -------- d-----w- c:\programdata\Sophos
2012-06-09 23:36 . 2012-06-09 23:36 73728 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-09 23:36 . 2012-06-09 23:36 73728 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-06-09 23:36 . 2012-06-09 23:36 73728 ----a-r- c:\users\Frank\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-06-09 23:36 . 2012-06-09 23:36 -------- d-----w- c:\program files (x86)\Sophos
2012-06-09 21:53 . 2012-06-09 21:53 -------- d-----w- c:\users\Frank\AppData\Roaming\Tific
2012-06-09 21:53 . 2012-06-09 21:53 -------- d-----w- c:\users\Frank\AppData\Local\Symantec
2012-06-09 20:56 . 2012-06-09 20:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-09 20:51 . 2012-06-09 20:51 -------- d-----w- c:\programdata\Fellowes
2012-06-09 20:51 . 2012-06-09 20:51 -------- d-----w- c:\program files (x86)\Fellowes
2012-06-09 20:18 . 2012-06-09 20:18 -------- d-----w- c:\programdata\InstallShield
2012-06-09 20:15 . 2012-06-09 21:17 -------- d-----w- c:\programdata\blekko toolbars
2012-06-09 20:15 . 2012-06-09 20:15 -------- d-----w- c:\users\Frank\AppData\Local\blekkotb_031
2012-06-09 20:15 . 2012-06-09 20:15 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-06-02 22:44 . 2012-06-02 22:44 -------- d-----w- c:\users\Frank\AppData\Roaming\WildTangent
2012-05-30 17:59 . 2012-05-30 17:59 4966600 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-25 00:23 . 2012-05-25 00:23 -------- d-----w- c:\users\Frank\AppData\Roaming\MyPublisher
2012-05-25 00:23 . 2012-05-25 00:23 -------- d-----w- c:\program files (x86)\MyPublisher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-09 20:45 . 2012-04-11 00:01 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-09 20:45 . 2011-12-26 22:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 02:56 . 2012-01-23 21:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-05-31 02:56 . 2012-01-23 21:11 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-31 02:56 . 2012-01-23 21:11 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-04 23:14 . 2012-04-11 00:14 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 19:56 . 2011-12-28 00:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 06:05 . 2012-05-12 06:42 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39 . 2012-05-12 06:42 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-12 06:42 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10 . 2012-05-12 06:42 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:35 . 2012-05-12 06:42 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:58 . 2012-05-12 06:42 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-11_23.05.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-11 23:19 40248 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-11 23:19 40184 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-02-11 19:25 . 2012-06-11 22:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-02-11 19:25 . 2012-06-11 23:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-11 19:25 . 2012-06-11 22:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-11 19:25 . 2012-06-11 23:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-11 22:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-11 23:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-26 22:05 . 2012-06-11 22:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:05 . 2012-06-11 23:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:05 . 2012-06-11 23:19 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-26 22:05 . 2012-06-11 22:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-26 22:05 . 2012-06-11 23:19 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-26 22:05 . 2012-06-11 22:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-12-26 22:05 . 2012-06-11 22:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-26 22:05 . 2012-06-12 00:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-26 22:05 . 2012-06-11 22:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-26 22:05 . 2012-06-12 00:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-05-12 07:26 . 2012-06-11 23:16 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-28 08:58 . 2012-06-11 23:19 8408 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3754737950-2128793594-2955686338-1000_UserData.bin
+ 2012-06-12 00:26 . 2012-06-12 00:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-11 23:05 . 2012-06-11 23:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-12 00:26 . 2012-06-12 00:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-11 23:05 . 2012-06-11 23:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:12 . 2012-06-11 23:22 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2012-06-11 22:11 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-06-11 23:04 383688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-12 00:26 383688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-12-28 08:55 . 2012-06-11 23:04 2639320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3754737950-2128793594-2955686338-1000-8192.dat
+ 2011-12-28 08:55 . 2012-06-12 00:26 2639320 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3754737950-2128793594-2955686338-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-20 108136]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-08-09 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-02-01 656920]
"AllShareAgent"="c:\program files (x86)\Samsung\AllShare\AllShareAgent.exe" [2012-03-02 285072]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"MediaFace Integration"="c:\program files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe" [2005-10-27 53248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-12-26 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 116648]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-08-26 285152]
R3 camdrv42;Philips SPC 900NC PC Camera;c:\windows\system32\DRIVERS\camdrv42.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-03-02 27584]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2011-12-01 1157240]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120224.002\IDSvia64.sys [2011-12-15 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-03-02 25504]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-05-30 3048136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 21:07]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-20 21:07]
.
2012-06-07 c:\windows\Tasks\HPCeeScheduleForFrank.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\dmodjx1d.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-11 20:30:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-12 00:30
ComboFix2.txt 2012-06-11 23:09
.
Pre-Run: 428,219,437,056 bytes free
Post-Run: 428,026,920,960 bytes free
.
- - End Of File - - B62B5C55AE53A0B9DF61D3EC58306ACC

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 12 June 2012 - 07:55 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 12 June 2012 - 02:46 PM

Well, it seems the computer is running fine, no abhorrent behavior
Here's the combofix list
-funny. most of these programs I have never used, some I'm not even familiar with

7-Zip 9.20
A-Men Technologies USB-to-Serial
Adobe AIR
Agatha Christie - Peril at End House
Any Video Converter 3.3.2
AVI Player
Bejeweled 2 Deluxe
Bejeweled 3
Bing Rewards Client Installer
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Compaq Setup Manager
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
ESET Online Scanner v3
Farm Frenzy
FATE - The Traitor Soul
Google Earth Plug-in
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.2.0
HiJackThis
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Customer Experience Enhancements
HP Games
HP MovieStore
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
Huge Pine USB to UART Driver
Junk Mail filter update
Kobo
LabelPrint
Mah Jong Medley
Malwarebytes Anti-Malware version 1.61.0.1400
MediaFACE 5.0
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Stolen in San Francisco
Namco All-Stars PAC-MAN
NETGEAR WNA3100 wireless USB 2.0 adapter
Norton Internet Security
Norton Online Backup
PDF Complete Special Edition
Penguins!
Philips VLounge
Photo-Brush 5.30
PL-2303 USB-to-Serial
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PressReader
Realtek High Definition Audio Driver
Recovery Manager
RoboForm 7-7-4 (All Users)
RoxioNow Player
Samsung AllShare
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
Slingo Supreme
Sophos Virus Removal Tool
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.11
Wheel of Fortune 2
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:23 PM

Posted 12 June 2012 - 09:44 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Rewards Client Installer [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 frank1927

frank1927
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 13 June 2012 - 06:21 AM

I was unable to uninstall the Bing Rewards Client Installer. It did not appear in either Add/Remove or Revo
I have not noticed any problems. Speed & function all seem normal
-frank

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.13.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Frank :: FRANK-HP [administrator]

6/13/2012 5:28:48 AM
mbam-log-2012-06-13 (05-28-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212395
Time elapsed: 2 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:12:39 AM, on 6/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [AllShareAgent] C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung AllShare PC (SamsungAllShareV2.0) - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
O23 - Service: SimpleSlideShowServer - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

--
End of file - 13187 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users