Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS/Google redirect


  • This topic is locked This topic is locked
14 replies to this topic

#1 bearnick

bearnick

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 18 June 2012 - 03:09 PM

From what I've read, typical symptoms: google link redirect, random IE running in the background... I'm afraid it's a little beyond my depth

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 19 June 2012 - 12:00 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bearnick

bearnick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 19 June 2012 - 09:59 PM

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor 8.0
Spybot - Search & Destroy
Spy Sweeper
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 30
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (13.0)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_30
Run by Nicholas at 21:54:11 on 2012-06-19
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\DIRECTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxcycoms.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Windows\System32\ico.exe
C:\Windows\System32\Pmxmiced.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Nicholas\AppData\Local\Akamai\netsession_win.exe
C:\Users\Nicholas\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Nicholas\AppData\Local\Akamai\netsession_win.exe
c:\blp\API\office tools\bxlartd.exe
c:\blp\API\office tools\bxlaui.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Nicholas\Downloads\Defogger.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\notepad.exe
C:\Windows\System32\ping.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nicholas\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071008
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071008
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0071008
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\nicholas\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter
uRun: [CLRHost] c:\blp\api\office tools\bbxlcmd.exe
uRun: [Akamai NetSession Interface] "c:\users\nicholas\appdata\local\akamai\netsession_win.exe"
uRun: [Octoshape Streaming Services] "c:\users\nicholas\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [PMX Daemon] ICO.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvSvc] "RUNDLL32.EXE" c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [lxcymon.exe] "c:\program files\lexmark 3400 series\lxcymon.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [dscactivate] "c:\dell\dsca.exe" 3
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: mswsock.dll
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - hxxp://mywebcast.cc/tvants/tvants.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.com/download/SOPCORE.CAB
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{08AC596B-AD54-4168-B3A7-004CB9DDBBA6} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{138720B7-1FBF-4935-AC57-E7B8ABC46A25} : NameServer = 208.67.222.222,4.2.2.6
TCP: Interfaces\{138720B7-1FBF-4935-AC57-E7B8ABC46A25} : DhcpNameServer = 68.87.68.166 68.87.74.166
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
Notify: WRNotifier - WRLogonNTF.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nicholas\appdata\roaming\mozilla\firefox\profiles\6y3i6z4x.default\
FF - component: c:\program files\pc tools security\bdt\firefox\platform\winnt_x86-msvc\components\libheuristic.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\sony\reader\data\bin\npebldetectmoz.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\nicholas\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\nicholas\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\nicholas\appdata\roaming\mozilla\firefox\profiles\6y3i6z4x.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\users\nicholas\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\nicholas\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\nicholas\appdata\roaming\mozilla\plugins\npicaN.dll
FF - plugin: c:\users\nicholas\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\users\nicholas\downloads\divx web player\npdivx32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? MozillaMaintenance;Mozilla Maintenance Service
R? WDC_SAM;WD SCSI Pass Thru driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Akamai;Akamai NetSession Interface
S? Browser Defender Update Service;Browser Defender Update Service
S? CLDTVHNService;CLDTVHNService
S? IDSvix86;Symantec Intrusion Prevention Driver
S? lxcy_device;lxcy_device
S? ntk_dtv;ntk_dtv
S? PCTCore;PCTools KDS
S? pctDS;PC Tools Data Store
S? pmxmouse;pmxmouse
S? pmxusblf;pmxusblf
S? sdAuxService;PC Tools Auxiliary Service
S? sdCoreService;PC Tools Security Service
S? SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8
S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
S? Symantec Core LC;Symantec Core LC
S? SYMNDISV;SYMNDISV
S? WDDMService;WD SmartWare Drive Manager
S? WDSmartWareBackgroundService;WD SmartWare Background Service
S? WebrootSpySweeperService;Webroot Spy Sweeper Engine
.
=============== Created Last 30 ================
.
2012-06-18 02:21:51 -------- d-----w- c:\program files\HitmanPro
2012-06-18 02:21:18 -------- d-----w- c:\programdata\HitmanPro
2012-06-14 00:39:51 -------- d-----w- c:\users\nicholas\appdata\roaming\QuickScan
2012-06-13 11:17:51 -------- d-----w- c:\windows\system32\MpEngineStore
2012-06-12 01:55:41 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-12 01:55:41 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-12 00:50:20 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e4abefb0-a952-4889-ab7d-7e8fa1e19ba2}\mpengine.dll
.
==================== Find3M ====================
.
2012-06-12 01:35:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 01:35:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 21:56:03.72 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 19 June 2012 - 10:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bearnick

bearnick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 20 June 2012 - 05:28 AM

The first time I ran combofix it froze halfway thru (let it run overnight to be sure). The second time it appeared to complete, but did not generate a log.... I checked the PC after this: the google redirect was solved, but random commercials were still playing in the background. I went to run combofix a third time, and got this error (for the first time):

Error opening a file for writing:
C:\32788R22FWJFW\License\iexplore.exe

After this error, Combofix could not continue. I ran it one last time, 'ignoring' this error. Again it appeared to almost complete, but did not produce a log.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 20 June 2012 - 07:34 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bearnick

bearnick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 21 June 2012 - 05:13 AM

I returned home today to find the following error on my screen:
Host Process for Windows Services has stopped working
A problem caused the program to stop working correctly. Windows will close the program and notify if a solution is available. [Debug] [Close program]

Since this error appeared, I cannot get firefox to load. It appears to be running in the background, and is visible in the taskbar. As a result I opted to run Chrome, which got me back to the forums... but not before the dreaded advertisement pop-ups returned. The error window also will not close.

Here are the logs:

21:32:35.0590 5368 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
21:32:36.0025 5368 ============================================================
21:32:36.0025 5368 Current date / time: 2012/06/20 21:32:36.0025
21:32:36.0025 5368 SystemInfo:
21:32:36.0025 5368
21:32:36.0025 5368 OS Version: 6.0.6001 ServicePack: 1.0
21:32:36.0025 5368 Product type: Workstation
21:32:36.0025 5368 ComputerName: SARAH-PC
21:32:36.0026 5368 UserName: Nicholas
21:32:36.0026 5368 Windows directory: C:\Windows
21:32:36.0026 5368 System windows directory: C:\Windows
21:32:36.0026 5368 Processor architecture: Intel x86
21:32:36.0026 5368 Number of processors: 2
21:32:36.0026 5368 Page size: 0x1000
21:32:36.0026 5368 Boot type: Normal boot
21:32:36.0026 5368 ============================================================
21:32:36.0689 5368 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:32:36.0852 5368 ============================================================
21:32:36.0866 5368 \Device\Harddisk0\DR0:
21:32:36.0876 5368 MBR partitions:
21:32:36.0876 5368 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1400000
21:32:36.0876 5368 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1414000, BlocksNum 0x1BD94800
21:32:36.0876 5368 ============================================================
21:32:37.0076 5368 C: <-> \Device\Harddisk0\DR0\Partition1
21:32:37.0117 5368 D: <-> \Device\Harddisk0\DR0\Partition0
21:32:37.0118 5368 ============================================================
21:32:37.0118 5368 Initialize success
21:32:37.0118 5368 ============================================================
21:32:47.0318 7288 ============================================================
21:32:47.0318 7288 Scan started
21:32:47.0318 7288 Mode: Manual;
21:32:47.0318 7288 ============================================================
21:32:48.0589 7288 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
21:32:48.0600 7288 ACPI - ok
21:32:48.0698 7288 AdobeActiveFileMonitor5.0 (63ab43534cbf5d7f3eb81dfdc8161490) C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
21:32:48.0703 7288 AdobeActiveFileMonitor5.0 - ok
21:32:48.0750 7288 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
21:32:48.0766 7288 adp94xx - ok
21:32:48.0791 7288 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
21:32:48.0811 7288 adpahci - ok
21:32:48.0830 7288 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
21:32:48.0836 7288 adpu160m - ok
21:32:48.0855 7288 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
21:32:48.0869 7288 adpu320 - ok
21:32:48.0899 7288 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
21:32:48.0901 7288 AeLookupSvc - ok
21:32:48.0986 7288 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
21:32:48.0996 7288 AFD - ok
21:32:49.0041 7288 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
21:32:49.0044 7288 agp440 - ok
21:32:49.0071 7288 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
21:32:49.0074 7288 aic78xx - ok
21:32:49.0282 7288 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
21:32:49.0283 7288 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
21:32:49.0293 7288 Akamai ( HiddenFile.Multi.Generic ) - warning
21:32:49.0293 7288 Akamai - detected HiddenFile.Multi.Generic (1)
21:32:49.0382 7288 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
21:32:49.0385 7288 ALG - ok
21:32:49.0437 7288 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
21:32:49.0439 7288 aliide - ok
21:32:49.0467 7288 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
21:32:49.0470 7288 amdagp - ok
21:32:49.0507 7288 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
21:32:49.0509 7288 amdide - ok
21:32:49.0522 7288 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
21:32:49.0525 7288 AmdK7 - ok
21:32:49.0553 7288 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
21:32:49.0555 7288 AmdK8 - ok
21:32:49.0597 7288 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
21:32:49.0599 7288 Appinfo - ok
21:32:49.0697 7288 Apple Mobile Device (3a4982df893f198a2dfbccd4ce10f93a) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
21:32:49.0703 7288 Apple Mobile Device - ok
21:32:49.0745 7288 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
21:32:49.0748 7288 arc - ok
21:32:49.0776 7288 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
21:32:49.0779 7288 arcsas - ok
21:32:49.0808 7288 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
21:32:49.0810 7288 AsyncMac - ok
21:32:49.0844 7288 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
21:32:49.0845 7288 atapi - ok
21:32:49.0869 7288 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
21:32:49.0878 7288 AudioEndpointBuilder - ok
21:32:49.0885 7288 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
21:32:49.0889 7288 Audiosrv - ok
21:32:49.0948 7288 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
21:32:49.0954 7288 Automatic LiveUpdate Scheduler - ok
21:32:50.0016 7288 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
21:32:50.0031 7288 BCM43XV - ok
21:32:50.0061 7288 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
21:32:50.0063 7288 Beep - ok
21:32:50.0132 7288 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
21:32:50.0146 7288 BFE - ok
21:32:50.0230 7288 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
21:32:50.0263 7288 BITS - ok
21:32:50.0268 7288 blbdrive - ok
21:32:50.0332 7288 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
21:32:50.0335 7288 bowser - ok
21:32:50.0373 7288 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
21:32:50.0375 7288 BrFiltLo - ok
21:32:50.0391 7288 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
21:32:50.0393 7288 BrFiltUp - ok
21:32:50.0415 7288 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
21:32:50.0418 7288 Browser - ok
21:32:50.0547 7288 Browser Defender Update Service (f2dddf1e0c0c9c1122e45d1993cf92c9) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
21:32:50.0558 7288 Browser Defender Update Service - ok
21:32:50.0586 7288 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
21:32:50.0589 7288 Brserid - ok
21:32:50.0624 7288 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
21:32:50.0627 7288 BrSerWdm - ok
21:32:50.0636 7288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
21:32:50.0638 7288 BrUsbMdm - ok
21:32:50.0648 7288 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
21:32:50.0650 7288 BrUsbSer - ok
21:32:50.0661 7288 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
21:32:50.0663 7288 BTHMODEM - ok
21:32:50.0722 7288 ccEvtMgr (e7aab1a32ac2eea4c4b735b8d034c802) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:32:50.0728 7288 ccEvtMgr - ok
21:32:50.0737 7288 ccSetMgr (e7aab1a32ac2eea4c4b735b8d034c802) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:32:50.0739 7288 ccSetMgr - ok
21:32:50.0765 7288 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
21:32:50.0768 7288 cdfs - ok
21:32:50.0796 7288 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
21:32:50.0799 7288 cdrom - ok
21:32:50.0820 7288 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
21:32:50.0823 7288 CertPropSvc - ok
21:32:50.0852 7288 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
21:32:50.0854 7288 circlass - ok
21:32:50.0951 7288 CLDTVHNService (6c99de57c87d6f3ee85998a7e49f7bf9) C:\Program Files\DIRECTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
21:32:50.0955 7288 CLDTVHNService - ok
21:32:50.0994 7288 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
21:32:51.0004 7288 CLFS - ok
21:32:51.0062 7288 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:32:51.0065 7288 clr_optimization_v2.0.50727_32 - ok
21:32:51.0121 7288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:32:51.0134 7288 clr_optimization_v4.0.30319_32 - ok
21:32:51.0140 7288 CLTNetCnService (e7aab1a32ac2eea4c4b735b8d034c802) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:32:51.0143 7288 CLTNetCnService - ok
21:32:51.0170 7288 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
21:32:51.0172 7288 cmdide - ok
21:32:51.0217 7288 comHost (7ce352882828c12dd7632b172253a02c) C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
21:32:51.0220 7288 comHost - ok
21:32:51.0241 7288 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
21:32:51.0243 7288 Compbatt - ok
21:32:51.0248 7288 COMSysApp - ok
21:32:51.0260 7288 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
21:32:51.0262 7288 crcdisk - ok
21:32:51.0293 7288 Creative Labs Licensing Service (0c629820aad9c90e456b221c94d640ca) C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
21:32:51.0296 7288 Creative Labs Licensing Service - ok
21:32:51.0326 7288 Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\Windows\system32\CTsvcCDA.exe
21:32:51.0329 7288 Creative Service for CDROM Access - ok
21:32:51.0341 7288 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
21:32:51.0344 7288 Crusoe - ok
21:32:51.0383 7288 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
21:32:51.0397 7288 CryptSvc - ok
21:32:51.0448 7288 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
21:32:51.0468 7288 DcomLaunch - ok
21:32:51.0517 7288 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
21:32:51.0520 7288 DfsC - ok
21:32:51.0645 7288 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
21:32:51.0711 7288 DFSR - ok
21:32:51.0809 7288 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
21:32:51.0812 7288 Dhcp - ok
21:32:51.0857 7288 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
21:32:51.0860 7288 disk - ok
21:32:51.0914 7288 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
21:32:51.0927 7288 Dnscache - ok
21:32:51.0967 7288 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
21:32:51.0981 7288 dot3svc - ok
21:32:52.0008 7288 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
21:32:52.0021 7288 DPS - ok
21:32:52.0045 7288 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
21:32:52.0047 7288 drmkaud - ok
21:32:52.0124 7288 DSBrokerService (245f62a2aa67f4a61f10174bf1017327) C:\Program Files\DellSupport\brkrsvc.exe
21:32:52.0127 7288 DSBrokerService - ok
21:32:52.0138 7288 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
21:32:52.0140 7288 DSproct - ok
21:32:52.0150 7288 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
21:32:52.0152 7288 dsunidrv - ok
21:32:52.0208 7288 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
21:32:52.0228 7288 DXGKrnl - ok
21:32:52.0267 7288 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
21:32:52.0279 7288 e1express - ok
21:32:52.0306 7288 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
21:32:52.0312 7288 E1G60 - ok
21:32:52.0356 7288 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
21:32:52.0358 7288 EapHost - ok
21:32:52.0402 7288 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
21:32:52.0415 7288 Ecache - ok
21:32:52.0457 7288 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
21:32:52.0467 7288 ehRecvr - ok
21:32:52.0495 7288 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
21:32:52.0509 7288 ehSched - ok
21:32:52.0525 7288 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
21:32:52.0527 7288 ehstart - ok
21:32:52.0579 7288 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
21:32:52.0593 7288 elxstor - ok
21:32:52.0651 7288 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
21:32:52.0669 7288 EMDMgmt - ok
21:32:52.0710 7288 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
21:32:52.0715 7288 EventSystem - ok
21:32:52.0759 7288 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
21:32:52.0764 7288 exfat - ok
21:32:52.0794 7288 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
21:32:52.0799 7288 fastfat - ok
21:32:52.0830 7288 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
21:32:52.0833 7288 fdc - ok
21:32:52.0860 7288 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
21:32:52.0862 7288 fdPHost - ok
21:32:52.0883 7288 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
21:32:52.0885 7288 FDResPub - ok
21:32:52.0910 7288 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
21:32:52.0913 7288 FileInfo - ok
21:32:52.0929 7288 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
21:32:52.0931 7288 Filetrace - ok
21:32:52.0947 7288 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
21:32:52.0949 7288 flpydisk - ok
21:32:52.0976 7288 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
21:32:52.0989 7288 FltMgr - ok
21:32:53.0047 7288 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:32:53.0049 7288 FontCache3.0.0.0 - ok
21:32:53.0073 7288 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
21:32:53.0076 7288 Fs_Rec - ok
21:32:53.0098 7288 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
21:32:53.0100 7288 gagp30kx - ok
21:32:53.0139 7288 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\Windows\system32\Drivers\GEARAspiWDM.sys
21:32:53.0141 7288 GEARAspiWDM - ok
21:32:53.0294 7288 GoogleDesktopManager (5b393073c7c3e5d1701f70680e65965d) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
21:32:53.0349 7288 GoogleDesktopManager - ok
21:32:53.0405 7288 GoToAssist (9d28b83e5830c143c37d6678c7409304) C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
21:32:53.0407 7288 GoToAssist - ok
21:32:53.0526 7288 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
21:32:53.0553 7288 gpsvc - ok
21:32:53.0618 7288 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys
21:32:53.0620 7288 grmnusb - ok
21:32:53.0698 7288 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:53.0711 7288 gupdate - ok
21:32:53.0733 7288 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:32:53.0735 7288 gupdatem - ok
21:32:53.0771 7288 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:32:53.0774 7288 HDAudBus - ok
21:32:53.0829 7288 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
21:32:53.0831 7288 HidBth - ok
21:32:53.0876 7288 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
21:32:53.0879 7288 HidIr - ok
21:32:53.0904 7288 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
21:32:53.0907 7288 hidserv - ok
21:32:53.0948 7288 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
21:32:53.0951 7288 HidUsb - ok
21:32:53.0983 7288 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
21:32:53.0987 7288 hkmsvc - ok
21:32:54.0012 7288 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
21:32:54.0015 7288 HpCISSs - ok
21:32:54.0083 7288 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:32:54.0119 7288 HSF_DPV - ok
21:32:54.0141 7288 HSXHWBS2 (ed98350ecd4a5a9c9f1e641c09872bb2) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
21:32:54.0151 7288 HSXHWBS2 - ok
21:32:54.0202 7288 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
21:32:54.0217 7288 HTTP - ok
21:32:54.0242 7288 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
21:32:54.0245 7288 i2omp - ok
21:32:54.0297 7288 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
21:32:54.0300 7288 i8042prt - ok
21:32:54.0329 7288 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
21:32:54.0340 7288 iaStorV - ok
21:32:54.0443 7288 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
21:32:54.0446 7288 IDriverT - ok
21:32:54.0552 7288 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:32:54.0593 7288 idsvc - ok
21:32:54.0704 7288 IDSvix86 (b719025ba318425bbd1b05c999c98778) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071120.002\IDSvix86.sys
21:32:54.0717 7288 IDSvix86 - ok
21:32:54.0805 7288 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
21:32:54.0807 7288 iirsp - ok
21:32:54.0850 7288 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
21:32:54.0864 7288 IKEEXT - ok
21:32:54.0977 7288 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
21:32:55.0025 7288 IntcAzAudAddService - ok
21:32:55.0139 7288 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
21:32:55.0141 7288 intelide - ok
21:32:55.0161 7288 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
21:32:55.0164 7288 intelppm - ok
21:32:55.0191 7288 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
21:32:55.0195 7288 IPBusEnum - ok
21:32:55.0226 7288 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:32:55.0228 7288 IpFilterDriver - ok
21:32:55.0408 7288 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
21:32:55.0424 7288 iphlpsvc - ok
21:32:55.0429 7288 IpInIp - ok
21:32:55.0452 7288 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
21:32:55.0455 7288 IPMIDRV - ok
21:32:55.0477 7288 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
21:32:55.0484 7288 IPNAT - ok
21:32:55.0555 7288 iPod Service (97bad81620e9f115f86d79952c625916) C:\Program Files\iPod\bin\iPodService.exe
21:32:55.0567 7288 iPod Service - ok
21:32:55.0588 7288 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
21:32:55.0590 7288 IRENUM - ok
21:32:55.0619 7288 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
21:32:55.0621 7288 isapnp - ok
21:32:55.0673 7288 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
21:32:55.0685 7288 iScsiPrt - ok
21:32:55.0736 7288 ISPwdSvc (36474fde02f8422b8b1a52ead9894dbc) C:\Program Files\Norton Internet Security\isPwdSvc.exe
21:32:55.0739 7288 ISPwdSvc - ok
21:32:55.0762 7288 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
21:32:55.0764 7288 iteatapi - ok
21:32:55.0787 7288 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
21:32:55.0789 7288 iteraid - ok
21:32:55.0821 7288 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:32:55.0824 7288 kbdclass - ok
21:32:55.0834 7288 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
21:32:55.0836 7288 kbdhid - ok
21:32:55.0865 7288 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:32:55.0867 7288 KeyIso - ok
21:32:55.0903 7288 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
21:32:55.0934 7288 KSecDD - ok
21:32:55.0988 7288 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
21:32:56.0030 7288 KtmRm - ok
21:32:56.0082 7288 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
21:32:56.0097 7288 LanmanServer - ok
21:32:56.0153 7288 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
21:32:56.0159 7288 LanmanWorkstation - ok
21:32:56.0335 7288 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
21:32:56.0360 7288 LiveUpdate - ok
21:32:56.0411 7288 LiveUpdate Notice Ex (e7aab1a32ac2eea4c4b735b8d034c802) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
21:32:56.0414 7288 LiveUpdate Notice Ex - ok
21:32:56.0469 7288 LiveUpdate Notice Service (2d1389e05a807d956829f44bd4b60389) C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
21:32:56.0505 7288 LiveUpdate Notice Service - ok
21:32:56.0612 7288 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
21:32:56.0615 7288 lltdio - ok
21:32:56.0636 7288 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
21:32:56.0648 7288 lltdsvc - ok
21:32:56.0671 7288 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
21:32:56.0674 7288 lmhosts - ok
21:32:56.0705 7288 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
21:32:56.0708 7288 LSI_FC - ok
21:32:56.0724 7288 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
21:32:56.0727 7288 LSI_SAS - ok
21:32:56.0750 7288 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
21:32:56.0753 7288 LSI_SCSI - ok
21:32:56.0781 7288 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
21:32:56.0787 7288 luafv - ok
21:32:56.0827 7288 lvpopflt (af280405c10f0d20f37670b7432e5c2f) C:\Windows\system32\DRIVERS\lvpopflt.sys
21:32:56.0833 7288 lvpopflt - ok
21:32:56.0850 7288 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:32:56.0852 7288 LVPr2Mon - ok
21:32:56.0922 7288 LVPrcSrv (2333057542c91ae8228bdccc2e5f2632) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
21:32:56.0924 7288 LVPrcSrv - ok
21:32:56.0948 7288 LVRS (e52f5a2cadcf08d07f559962f807a0a2) C:\Windows\system32\DRIVERS\lvrs.sys
21:32:56.0958 7288 LVRS - ok
21:32:57.0149 7288 LVUVC (3703406af0726badd24c5e552493e5b1) C:\Windows\system32\DRIVERS\lvuvc.sys
21:32:57.0253 7288 LVUVC - ok
21:32:57.0336 7288 lxcy_device - ok
21:32:57.0380 7288 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
21:32:57.0384 7288 Mcx2Svc - ok
21:32:57.0423 7288 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:32:57.0425 7288 mdmxsdk - ok
21:32:57.0468 7288 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
21:32:57.0470 7288 megasas - ok
21:32:57.0512 7288 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:32:57.0515 7288 MMCSS - ok
21:32:57.0530 7288 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
21:32:57.0533 7288 Modem - ok
21:32:57.0564 7288 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
21:32:57.0567 7288 monitor - ok
21:32:57.0581 7288 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
21:32:57.0584 7288 mouclass - ok
21:32:57.0591 7288 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
21:32:57.0595 7288 mouhid - ok
21:32:57.0632 7288 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
21:32:57.0634 7288 MountMgr - ok
21:32:57.0689 7288 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:32:57.0691 7288 MozillaMaintenance - ok
21:32:57.0720 7288 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
21:32:57.0724 7288 mpio - ok
21:32:57.0741 7288 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
21:32:57.0744 7288 mpsdrv - ok
21:32:57.0759 7288 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
21:32:57.0762 7288 Mraid35x - ok
21:32:57.0783 7288 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
21:32:57.0790 7288 MRxDAV - ok
21:32:57.0852 7288 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:32:57.0857 7288 mrxsmb - ok
21:32:57.0897 7288 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:32:57.0908 7288 mrxsmb10 - ok
21:32:57.0931 7288 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:32:57.0934 7288 mrxsmb20 - ok
21:32:57.0956 7288 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
21:32:57.0958 7288 msahci - ok
21:32:57.0973 7288 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
21:32:57.0976 7288 msdsm - ok
21:32:58.0007 7288 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
21:32:58.0021 7288 MSDTC - ok
21:32:58.0042 7288 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
21:32:58.0045 7288 Msfs - ok
21:32:58.0068 7288 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
21:32:58.0070 7288 msisadrv - ok
21:32:58.0108 7288 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
21:32:58.0122 7288 MSiSCSI - ok
21:32:58.0127 7288 msiserver - ok
21:32:58.0139 7288 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
21:32:58.0141 7288 MSKSSRV - ok
21:32:58.0167 7288 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
21:32:58.0169 7288 MSPCLOCK - ok
21:32:58.0178 7288 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
21:32:58.0181 7288 MSPQM - ok
21:32:58.0196 7288 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
21:32:58.0210 7288 MsRPC - ok
21:32:58.0237 7288 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
21:32:58.0239 7288 mssmbios - ok
21:32:58.0248 7288 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
21:32:58.0250 7288 MSTEE - ok
21:32:58.0258 7288 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
21:32:58.0261 7288 Mup - ok
21:32:58.0300 7288 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
21:32:58.0318 7288 napagent - ok
21:32:58.0356 7288 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
21:32:58.0369 7288 NativeWifiP - ok
21:32:58.0444 7288 NAVENG - ok
21:32:58.0452 7288 NAVEX15 - ok
21:32:58.0508 7288 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
21:32:58.0532 7288 NDIS - ok
21:32:58.0544 7288 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
21:32:58.0546 7288 NdisTapi - ok
21:32:58.0557 7288 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
21:32:58.0559 7288 Ndisuio - ok
21:32:58.0574 7288 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
21:32:58.0579 7288 NdisWan - ok
21:32:58.0589 7288 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
21:32:58.0591 7288 NDProxy - ok
21:32:58.0604 7288 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
21:32:58.0606 7288 NetBIOS - ok
21:32:58.0623 7288 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
21:32:58.0636 7288 netbt - ok
21:32:58.0667 7288 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:32:58.0669 7288 Netlogon - ok
21:32:58.0704 7288 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
21:32:58.0716 7288 Netman - ok
21:32:58.0756 7288 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
21:32:58.0767 7288 netprofm - ok
21:32:58.0827 7288 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:32:58.0842 7288 NetTcpPortSharing - ok
21:32:58.0863 7288 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
21:32:58.0866 7288 nfrd960 - ok
21:32:58.0889 7288 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
21:32:58.0902 7288 NlaSvc - ok
21:32:58.0930 7288 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
21:32:58.0933 7288 Npfs - ok
21:32:58.0955 7288 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
21:32:58.0958 7288 nsi - ok
21:32:58.0971 7288 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
21:32:58.0974 7288 nsiproxy - ok
21:32:59.0036 7288 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
21:32:59.0065 7288 Ntfs - ok
21:32:59.0197 7288 ntk_dtv (8ad12622c7fa674cb9979e3448ab89c6) C:\Program Files\DIRECTV\DirecTV\Kernel\DMP\ntk_dtv.sys
21:32:59.0202 7288 ntk_dtv - ok
21:32:59.0304 7288 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
21:32:59.0306 7288 ntrigdigi - ok
21:32:59.0332 7288 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
21:32:59.0334 7288 Null - ok
21:32:59.0417 7288 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
21:32:59.0473 7288 NVENETFD - ok
21:32:59.0887 7288 nvlddmkm (183d63bc27381d96e3b409116feb50fd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:33:00.0097 7288 nvlddmkm - ok
21:33:00.0220 7288 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
21:33:00.0227 7288 nvraid - ok
21:33:00.0256 7288 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
21:33:00.0258 7288 nvstor - ok
21:33:00.0312 7288 nvsvc (c0c06edc2f4bc1fc12ba2c3687027c04) C:\Windows\system32\nvvsvc.exe
21:33:00.0324 7288 nvsvc - ok
21:33:00.0340 7288 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
21:33:00.0346 7288 nv_agp - ok
21:33:00.0351 7288 NwlnkFlt - ok
21:33:00.0359 7288 NwlnkFwd - ok
21:33:00.0469 7288 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:33:00.0492 7288 odserv - ok
21:33:00.0536 7288 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
21:33:00.0539 7288 ohci1394 - ok
21:33:00.0576 7288 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:00.0589 7288 ose - ok
21:33:00.0647 7288 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:33:00.0691 7288 p2pimsvc - ok
21:33:00.0701 7288 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:33:00.0709 7288 p2psvc - ok
21:33:00.0741 7288 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
21:33:00.0744 7288 Parport - ok
21:33:00.0775 7288 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
21:33:00.0778 7288 partmgr - ok
21:33:00.0792 7288 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
21:33:00.0794 7288 Parvdm - ok
21:33:00.0802 7288 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
21:33:00.0806 7288 PcaSvc - ok
21:33:00.0845 7288 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
21:33:00.0859 7288 pci - ok
21:33:00.0891 7288 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
21:33:00.0894 7288 pciide - ok
21:33:00.0918 7288 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
21:33:00.0931 7288 pcmcia - ok
21:33:00.0988 7288 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
21:33:00.0992 7288 PCTCore - ok
21:33:01.0023 7288 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
21:33:01.0065 7288 pctDS - ok
21:33:01.0129 7288 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
21:33:01.0184 7288 PEAUTH - ok
21:33:01.0286 7288 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
21:33:01.0337 7288 pla - ok
21:33:01.0436 7288 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
21:33:01.0473 7288 PlugPlay - ok
21:33:01.0522 7288 pmxmouse (854ec63c35f8bcd8a1c48903f1b1d223) C:\Windows\system32\DRIVERS\pmxmouse.sys
21:33:01.0524 7288 pmxmouse - ok
21:33:01.0547 7288 pmxusblf (020eae9dfe3cd277994ce60e4c2c71cf) C:\Windows\system32\DRIVERS\pmxusblf.sys
21:33:01.0549 7288 pmxusblf - ok
21:33:01.0605 7288 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:33:01.0612 7288 PNRPAutoReg - ok
21:33:01.0622 7288 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
21:33:01.0629 7288 PNRPsvc - ok
21:33:01.0677 7288 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
21:33:01.0694 7288 PolicyAgent - ok
21:33:01.0727 7288 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
21:33:01.0729 7288 PptpMiniport - ok
21:33:01.0760 7288 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
21:33:01.0763 7288 Processor - ok
21:33:01.0792 7288 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
21:33:01.0805 7288 ProfSvc - ok
21:33:01.0832 7288 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:33:01.0835 7288 ProtectedStorage - ok
21:33:01.0864 7288 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
21:33:01.0866 7288 PSched - ok
21:33:01.0903 7288 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
21:33:01.0906 7288 PxHelp20 - ok
21:33:01.0970 7288 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
21:33:02.0029 7288 ql2300 - ok
21:33:02.0067 7288 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
21:33:02.0073 7288 ql40xx - ok
21:33:02.0113 7288 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
21:33:02.0124 7288 QWAVE - ok
21:33:02.0136 7288 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
21:33:02.0138 7288 QWAVEdrv - ok
21:33:02.0248 7288 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
21:33:02.0298 7288 R300 - ok
21:33:02.0401 7288 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
21:33:02.0404 7288 RasAcd - ok
21:33:02.0432 7288 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
21:33:02.0447 7288 RasAuto - ok
21:33:02.0484 7288 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:33:02.0489 7288 Rasl2tp - ok
21:33:02.0519 7288 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
21:33:02.0529 7288 RasMan - ok
21:33:02.0543 7288 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
21:33:02.0545 7288 RasPppoe - ok
21:33:02.0560 7288 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
21:33:02.0564 7288 RasSstp - ok
21:33:02.0595 7288 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
21:33:02.0609 7288 rdbss - ok
21:33:02.0641 7288 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:33:02.0643 7288 RDPCDD - ok
21:33:02.0682 7288 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
21:33:02.0693 7288 rdpdr - ok
21:33:02.0698 7288 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
21:33:02.0701 7288 RDPENCDD - ok
21:33:02.0726 7288 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
21:33:02.0738 7288 RDPWD - ok
21:33:02.0773 7288 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
21:33:02.0776 7288 RemoteAccess - ok
21:33:02.0790 7288 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
21:33:02.0805 7288 RemoteRegistry - ok
21:33:02.0839 7288 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
21:33:02.0841 7288 RimUsb - ok
21:33:02.0887 7288 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
21:33:02.0890 7288 RimVSerPort - ok
21:33:02.0917 7288 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
21:33:02.0919 7288 ROOTMODEM - ok
21:33:02.0932 7288 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
21:33:02.0935 7288 RpcLocator - ok
21:33:02.0992 7288 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
21:33:02.0999 7288 RpcSs - ok
21:33:03.0035 7288 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
21:33:03.0038 7288 rspndr - ok
21:33:03.0065 7288 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
21:33:03.0068 7288 SamSs - ok
21:33:03.0088 7288 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
21:33:03.0091 7288 sbp2port - ok
21:33:03.0133 7288 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
21:33:03.0148 7288 SCardSvr - ok
21:33:03.0197 7288 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
21:33:03.0227 7288 Schedule - ok
21:33:03.0256 7288 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
21:33:03.0258 7288 SCPolicySvc - ok
21:33:03.0334 7288 sdAuxService (a1089ac7683826e6c7c9fab9723dd80f) C:\Program Files\PC Tools Security\pctsAuxs.exe
21:33:03.0338 7288 sdAuxService - ok
21:33:03.0393 7288 sdCoreService (ed6c2efeb47524bff4d5e5109fb1a2bb) C:\Program Files\PC Tools Security\pctsSvc.exe
21:33:03.0403 7288 sdCoreService - ok
21:33:03.0495 7288 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
21:33:03.0509 7288 SDRSVC - ok
21:33:03.0553 7288 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:33:03.0555 7288 secdrv - ok
21:33:03.0566 7288 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
21:33:03.0570 7288 seclogon - ok
21:33:03.0603 7288 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
21:33:03.0608 7288 SENS - ok
21:33:03.0628 7288 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
21:33:03.0631 7288 Serenum - ok
21:33:03.0650 7288 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
21:33:03.0658 7288 Serial - ok
21:33:03.0684 7288 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
21:33:03.0687 7288 sermouse - ok
21:33:03.0713 7288 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
21:33:03.0720 7288 SessionEnv - ok
21:33:03.0729 7288 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
21:33:03.0731 7288 sffdisk - ok
21:33:03.0737 7288 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
21:33:03.0740 7288 sffp_mmc - ok
21:33:03.0752 7288 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
21:33:03.0754 7288 sffp_sd - ok
21:33:03.0768 7288 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
21:33:03.0770 7288 sfloppy - ok
21:33:03.0803 7288 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
21:33:03.0814 7288 ShellHWDetection - ok
21:33:03.0829 7288 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
21:33:03.0832 7288 sisagp - ok
21:33:03.0846 7288 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
21:33:03.0850 7288 SiSRaid2 - ok
21:33:03.0864 7288 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
21:33:03.0867 7288 SiSRaid4 - ok
21:33:04.0002 7288 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
21:33:04.0099 7288 slsvc - ok
21:33:04.0216 7288 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
21:33:04.0223 7288 SLUINotify - ok
21:33:04.0250 7288 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
21:33:04.0253 7288 Smb - ok
21:33:04.0281 7288 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
21:33:04.0285 7288 SNMPTRAP - ok
21:33:04.0349 7288 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
21:33:04.0352 7288 Sony SCSI Helper Service - ok
21:33:04.0406 7288 SPBBCDrv (905782bcf15b6e5af9905b77923c7fa2) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
21:33:04.0423 7288 SPBBCDrv - ok
21:33:04.0448 7288 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
21:33:04.0451 7288 spldr - ok
21:33:04.0486 7288 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
21:33:04.0500 7288 Spooler - ok
21:33:04.0540 7288 SRTSP (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS
21:33:04.0550 7288 SRTSP - ok
21:33:04.0575 7288 SRTSPL (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS
21:33:04.0592 7288 SRTSPL - ok
21:33:04.0608 7288 SRTSPX (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS
21:33:04.0611 7288 SRTSPX - ok
21:33:04.0670 7288 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
21:33:04.0679 7288 srv - ok
21:33:04.0731 7288 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
21:33:04.0745 7288 srv2 - ok
21:33:04.0760 7288 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
21:33:04.0766 7288 srvnet - ok
21:33:04.0795 7288 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
21:33:04.0810 7288 SSDPSRV - ok
21:33:04.0840 7288 SSFS0BB8 (7a9a9755f409f0ec05d63864f974f9c9) C:\Windows\system32\Drivers\SSFS0BB8.SYS
21:33:04.0843 7288 SSFS0BB8 - ok
21:33:04.0858 7288 SSHRMD (7c064a1fc53122a561023a191b346059) C:\Windows\system32\Drivers\SSHRMD.SYS
21:33:04.0861 7288 SSHRMD - ok
21:33:04.0881 7288 SSIDRV (251b33acabd600c2319ac7fd468f64a3) C:\Windows\system32\Drivers\SSIDRV.SYS
21:33:04.0894 7288 SSIDRV - ok
21:33:04.0933 7288 SSKBFD (ebd6812d59908a2e259a0a4bf67188e4) C:\Windows\system32\Drivers\sskbfd.sys
21:33:04.0936 7288 SSKBFD - ok
21:33:04.0962 7288 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
21:33:04.0977 7288 SstpSvc - ok
21:33:05.0039 7288 Stereo Service (004401aa9e3780de7da79a3e05a4520a) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:33:05.0051 7288 Stereo Service - ok
21:33:05.0099 7288 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
21:33:05.0115 7288 stisvc - ok
21:33:05.0154 7288 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:33:05.0157 7288 stllssvr - ok
21:33:05.0184 7288 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
21:33:05.0187 7288 swenum - ok
21:33:05.0224 7288 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
21:33:05.0229 7288 swprv - ok
21:33:05.0340 7288 Symantec Core LC (fa2f6a8849219b16460bf44f9d1f3aa7) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
21:33:05.0350 7288 Symantec Core LC - ok
21:33:05.0378 7288 SymAppCore (2fe779b1a07747fed8074c433c3c4604) C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
21:33:05.0380 7288 SymAppCore - ok
21:33:05.0667 7288 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
21:33:05.0669 7288 Symc8xx - ok
21:33:05.0709 7288 SYMDNS (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS
21:33:05.0712 7288 SYMDNS - ok
21:33:05.0757 7288 SymEvent (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS
21:33:05.0770 7288 SymEvent - ok
21:33:05.0798 7288 SYMFW (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS
21:33:05.0812 7288 SYMFW - ok
21:33:05.0837 7288 SYMIDS (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS
21:33:05.0840 7288 SYMIDS - ok
21:33:05.0869 7288 SYMNDISV (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS
21:33:05.0872 7288 SYMNDISV - ok
21:33:05.0899 7288 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
21:33:05.0902 7288 SYMREDRV - ok
21:33:05.0952 7288 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
21:33:05.0961 7288 SYMTDI - ok
21:33:05.0979 7288 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
21:33:05.0982 7288 Sym_hi - ok
21:33:06.0009 7288 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
21:33:06.0012 7288 Sym_u3 - ok
21:33:06.0068 7288 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
21:33:06.0113 7288 SysMain - ok
21:33:06.0136 7288 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
21:33:06.0141 7288 TabletInputService - ok
21:33:06.0198 7288 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
21:33:06.0209 7288 TapiSrv - ok
21:33:06.0222 7288 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
21:33:06.0227 7288 TBS - ok
21:33:06.0323 7288 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
21:33:06.0359 7288 Tcpip - ok
21:33:06.0373 7288 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
21:33:06.0380 7288 Tcpip6 - ok
21:33:06.0404 7288 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
21:33:06.0406 7288 tcpipreg - ok
21:33:06.0418 7288 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
21:33:06.0420 7288 TDPIPE - ok
21:33:06.0435 7288 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
21:33:06.0437 7288 TDTCP - ok
21:33:06.0455 7288 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
21:33:06.0458 7288 tdx - ok
21:33:06.0472 7288 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
21:33:06.0475 7288 TermDD - ok
21:33:06.0519 7288 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
21:33:06.0543 7288 TermService - ok
21:33:06.0577 7288 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
21:33:06.0582 7288 Themes - ok
21:33:06.0617 7288 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
21:33:06.0621 7288 THREADORDER - ok
21:33:06.0639 7288 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
21:33:06.0644 7288 TrkWks - ok
21:33:06.0691 7288 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
21:33:06.0693 7288 TrustedInstaller - ok
21:33:06.0713 7288 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:33:06.0715 7288 tssecsrv - ok
21:33:06.0743 7288 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
21:33:06.0746 7288 tunmp - ok
21:33:06.0764 7288 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
21:33:06.0768 7288 tunnel - ok
21:33:06.0801 7288 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
21:33:06.0804 7288 uagp35 - ok
21:33:06.0845 7288 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
21:33:06.0856 7288 udfs - ok
21:33:06.0911 7288 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
21:33:06.0916 7288 UI0Detect - ok
21:33:06.0936 7288 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
21:33:06.0938 7288 uliagpkx - ok
21:33:06.0965 7288 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
21:33:06.0976 7288 uliahci - ok
21:33:06.0990 7288 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
21:33:06.0996 7288 UlSata - ok
21:33:07.0011 7288 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
21:33:07.0017 7288 ulsata2 - ok
21:33:07.0051 7288 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
21:33:07.0053 7288 umbus - ok
21:33:07.0089 7288 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
21:33:07.0100 7288 upnphost - ok
21:33:07.0141 7288 usbaudio (292a25bb75a568ae2c67169ba2c6365a) C:\Windows\system32\drivers\usbaudio.sys
21:33:07.0145 7288 usbaudio - ok
21:33:07.0163 7288 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
21:33:07.0166 7288 usbccgp - ok
21:33:07.0191 7288 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
21:33:07.0194 7288 usbcir - ok
21:33:07.0223 7288 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
21:33:07.0225 7288 usbehci - ok
21:33:07.0261 7288 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
21:33:07.0274 7288 usbhub - ok
21:33:07.0286 7288 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
21:33:07.0289 7288 usbohci - ok
21:33:07.0310 7288 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
21:33:07.0312 7288 usbprint - ok
21:33:07.0344 7288 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
21:33:07.0347 7288 usbscan - ok
21:33:07.0373 7288 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:33:07.0376 7288 USBSTOR - ok
21:33:07.0399 7288 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
21:33:07.0402 7288 usbuhci - ok
21:33:07.0435 7288 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
21:33:07.0449 7288 usbvideo - ok
21:33:07.0464 7288 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
21:33:07.0468 7288 UxSms - ok
21:33:07.0507 7288 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
21:33:07.0523 7288 vds - ok
21:33:07.0555 7288 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
21:33:07.0558 7288 vga - ok
21:33:07.0570 7288 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
21:33:07.0573 7288 VgaSave - ok
21:33:07.0604 7288 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
21:33:07.0606 7288 viaagp - ok
21:33:07.0619 7288 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
21:33:07.0622 7288 ViaC7 - ok
21:33:07.0642 7288 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
21:33:07.0644 7288 viaide - ok
21:33:07.0679 7288 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
21:33:07.0682 7288 volmgr - ok
21:33:07.0722 7288 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
21:33:07.0733 7288 volmgrx - ok
21:33:07.0772 7288 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
21:33:07.0783 7288 volsnap - ok
21:33:07.0806 7288 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
21:33:07.0812 7288 vsmraid - ok
21:33:07.0887 7288 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
21:33:07.0944 7288 VSS - ok
21:33:07.0990 7288 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
21:33:08.0009 7288 W32Time - ok
21:33:08.0037 7288 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
21:33:08.0040 7288 WacomPen - ok
21:33:08.0077 7288 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:33:08.0080 7288 Wanarp - ok
21:33:08.0085 7288 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
21:33:08.0087 7288 Wanarpv6 - ok
21:33:08.0119 7288 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
21:33:08.0136 7288 wcncsvc - ok
21:33:08.0160 7288 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
21:33:08.0165 7288 WcsPlugInService - ok
21:33:08.0188 7288 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
21:33:08.0190 7288 Wd - ok
21:33:08.0231 7288 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
21:33:08.0233 7288 WDC_SAM - ok
21:33:08.0322 7288 WDDMService (300b4847e1157bdd7a306b18ed65a97e) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
21:33:08.0328 7288 WDDMService - ok
21:33:08.0380 7288 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
21:33:08.0401 7288 Wdf01000 - ok
21:33:08.0411 7288 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:33:08.0416 7288 WdiServiceHost - ok
21:33:08.0420 7288 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
21:33:08.0425 7288 WdiSystemHost - ok
21:33:08.0489 7288 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
21:33:08.0491 7288 WDSmartWareBackgroundService - ok
21:33:08.0513 7288 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
21:33:08.0525 7288 WebClient - ok
21:33:08.0699 7288 WebrootSpySweeperService (691fdaabee6df477acc0a2c389b01aa8) C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
21:33:08.0783 7288 WebrootSpySweeperService - ok
21:33:08.0883 7288 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
21:33:08.0897 7288 Wecsvc - ok
21:33:08.0945 7288 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
21:33:08.0950 7288 wercplsupport - ok
21:33:08.0985 7288 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
21:33:08.0999 7288 WerSvc - ok
21:33:09.0065 7288 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:33:09.0086 7288 winachsf - ok
21:33:09.0180 7288 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
21:33:09.0190 7288 WinDefend - ok
21:33:09.0198 7288 WinHttpAutoProxySvc - ok
21:33:09.0256 7288 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
21:33:09.0269 7288 Winmgmt - ok
21:33:09.0339 7288 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
21:33:09.0407 7288 WinRM - ok
21:33:09.0471 7288 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
21:33:09.0493 7288 Wlansvc - ok
21:33:09.0533 7288 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
21:33:09.0535 7288 WmiAcpi - ok
21:33:09.0593 7288 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
21:33:09.0606 7288 wmiApSrv - ok
21:33:09.0707 7288 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:33:09.0738 7288 WMPNetworkSvc - ok
21:33:09.0778 7288 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
21:33:09.0791 7288 WPCSvc - ok
21:33:09.0804 7288 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
21:33:09.0809 7288 WPDBusEnum - ok
21:33:09.0852 7288 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
21:33:09.0855 7288 WpdUsb - ok
21:33:09.0978 7288 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:33:10.0002 7288 WPFFontCache_v0400 - ok
21:33:10.0047 7288 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
21:33:10.0050 7288 ws2ifsl - ok
21:33:10.0062 7288 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
21:33:10.0067 7288 wscsvc - ok
21:33:10.0072 7288 WSearch - ok
21:33:10.0181 7288 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
21:33:10.0232 7288 wuauserv - ok
21:33:10.0346 7288 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:33:10.0353 7288 WUDFRd - ok
21:33:10.0370 7288 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
21:33:10.0375 7288 wudfsvc - ok
21:33:10.0392 7288 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
21:33:10.0394 7288 XAudio - ok
21:33:10.0432 7288 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
21:33:10.0449 7288 XAudioService - ok
21:33:10.0464 7288 {79007602-0CDB-4405-9DBF-1257BB3226EE} - ok
21:33:10.0482 7288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
21:33:10.0685 7288 \Device\Harddisk0\DR0 - ok
21:33:10.0706 7288 Boot (0x1200) (839949b70b2ea3deb1b3b4ce6de773b1) \Device\Harddisk0\DR0\Partition0
21:33:10.0708 7288 \Device\Harddisk0\DR0\Partition0 - ok
21:33:10.0713 7288 Boot (0x1200) (f9798802c6b594d3be75fa242aa8ef07) \Device\Harddisk0\DR0\Partition1
21:33:10.0715 7288 \Device\Harddisk0\DR0\Partition1 - ok
21:33:10.0716 7288 ============================================================
21:33:10.0716 7288 Scan finished
21:33:10.0716 7288 ============================================================
21:33:10.0731 18856 Detected object count: 1
21:33:10.0731 18856 Actual detected object count: 1
21:34:13.0117 18856 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:34:13.0117 18856 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip











aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-20 21:35:10
-----------------------------
21:35:10.022 OS Version: Windows 6.0.6001 Service Pack 1
21:35:10.022 Number of processors: 2 586 0x6B01
21:35:10.025 ComputerName: SARAH-PC UserName: Nicholas
21:35:13.684 Initialize success
21:36:31.029 AVAST engine defs: 12062001
21:36:40.557 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000064
21:36:40.561 Disk 0 Vendor: ST325082 3.AD Size: 238418MB BusType: 8
21:36:40.605 Disk 0 MBR read successfully
21:36:40.608 Disk 0 MBR scan
21:36:40.626 Disk 0 Windows VISTA default MBR code
21:36:40.639 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:36:40.680 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 81920
21:36:40.701 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228137 MB offset 21053440
21:36:40.716 Disk 0 scanning sectors +488278016
21:36:40.872 Disk 0 scanning C:\Windows\system32\drivers
21:36:54.429 Service scanning
21:37:23.880 Modules scanning
21:37:30.640 Disk 0 trace - called modules:
21:37:30.659 ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll storport.sys nvstor.sys SYMTDI.SYS
21:37:30.665 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b47820]
21:37:30.671 3 CLASSPNP.SYS[837a9745] -> nt!IofCallDriver -> [0x86a441b8]
21:37:30.678 5 PCTCore.sys[807b6099] -> nt!IofCallDriver -> [0x85088120]
21:37:30.684 7 acpi.sys[8063d6a0] -> nt!IofCallDriver -> \Device\00000064[0x85088b58]
21:37:32.215 AVAST engine scan C:\Windows
21:37:36.447 AVAST engine scan C:\Windows\system32
21:39:50.346 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
21:40:58.308 AVAST engine scan C:\Windows\system32\drivers
21:41:16.342 AVAST engine scan C:\Users\Nicholas
21:54:50.474 File: C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\L\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
21:54:50.562 File: C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\n **INFECTED** Win32:ZAccess-FV [Trj]
21:54:50.873 File: C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\000000cb.@ **INFECTED** Win32:Malware-gen
21:54:50.958 File: C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\80000000.@ **INFECTED** Win64:Sirefef-A [Trj]
21:54:51.055 File: C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
22:00:24.515 AVAST engine scan C:\ProgramData
22:09:50.216 Scan finished successfully
05:11:48.470 Disk 0 MBR has been saved successfully to "C:\Users\Nicholas\Documents\MBR.dat"
05:11:48.845 The log file has been saved successfully to "C:\Users\Nicholas\Documents\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 21 June 2012 - 08:13 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bearnick

bearnick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 21 June 2012 - 11:11 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 21-06-2012 22:49:38
Running from I:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [67752 2006-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [PMX Daemon] ICO.EXE [x]
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [385024 2008-01-31] (Apple Inc.)
HKLM\...\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [398728 2008-01-29] (Symantec Corporation)
HKLM\...\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray [5355832 2007-06-21] (Webroot Software, Inc.)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Reader Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe [906648 2010-07-12] (Sony Corporation)
HKLM\...\Run: [PCTools FGuard] C:\Program Files\PC Tools Security\BDT\FGuard.exe [108496 2011-01-07] (Threat Expert Ltd.)
HKLM\...\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r [180224 2006-11-27] (Creative Technology Ltd)
HKLM\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM\...\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart [764448 2009-08-06] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2009-08-06] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup [13904416 2009-08-06] (NVIDIA Corporation)
HKLM\...\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" [291760 2006-11-29] ()
HKLM\...\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [79136 2008-10-24] (Macrovision Corporation)
HKLM\...\Run: [dscactivate] "c:\dell\dsca.exe" 3 [16384 2007-07-30] ( )
HKLM\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI [1589208 2011-01-13] (PC Tools)
HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)
HKU\Default User\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [460784 2007-03-15] (Gteko Ltd.)
HKU\Nicholas\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Nicholas\...\Run: [Google Update] "C:\Users\Nicholas\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-11-27] (Google Inc.)
HKU\Nicholas\...\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter [x]
HKU\Nicholas\...\Run: [CLRHost] C:\blp\API\Office Tools\bbxlcmd.exe [102400 2011-02-17] ()
HKU\Nicholas\...\Run: [Akamai NetSession Interface] "C:\Users\Nicholas\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-05-07] (Akamai Technologies, Inc)
HKU\Nicholas\...\Run: [Octoshape Streaming Services] "C:\Users\Nicholas\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [107800 2011-03-24] (Octoshape ApS)
HKU\Sarah\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Sarah\...\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized [21741864 2008-08-11] (Skype Technologies S.A.)
HKU\Sarah\...\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [202240 2008-01-18] (Microsoft Corporation)
HKU\Sarah\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [206112 2008-10-24] (Macrovision Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [X]
Winlogon\Notify\WRNotifier: WRLogonNTF.dll (Webroot Software, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
Tcpip\..\Interfaces\{138720B7-1FBF-4935-AC57-E7B8ABC46A25}: [NameServer]208.67.222.222,4.2.2.6
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

================================ Services (Whitelisted) ==================

2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
2 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" [110592 2007-09-06] (Apple, Inc.)
2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation)
2 Browser Defender Update Service; "C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe" [247760 2011-01-07] (Threat Expert Ltd.)
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-12-03] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-12-03] (Symantec Corporation)
2 CLDTVHNService; C:\Program Files\DIRECTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-12-03] (Symantec Corporation)
3 comHost; "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [49296 2006-12-03] (Symantec Corporation)
2 Creative Labs Licensing Service; "C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe" [72704 2007-10-07] (Creative Labs)
2 Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd)
3 DSBrokerService; "C:\Program Files\DellSupport\brkrsvc.exe" [70656 2007-03-19] ()
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [292352 2008-01-18] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [131072 2006-11-02] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
3 GoogleDesktopManager; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [1862144 2007-10-07] (Google)
3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service [16936 2007-11-12] (Citrix Online, a division of Citrix Systems, Inc.)
3 ISPwdSvc; "C:\Program Files\Norton Internet Security\isPwdSvc.exe" [80552 2006-12-03] (Symantec Corporation)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
2 LiveUpdate Notice Ex; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-12-03] (Symantec Corporation)
2 LiveUpdate Notice Service; "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" [537992 2008-04-10] (Symantec Corporation)
2 LVPrcSrv; "C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe" [162648 2010-05-07] (Logitech Inc.)
2 lxcy_device; C:\Windows\system32\lxcycoms.exe -service [537520 2006-11-29] ( )
2 sdAuxService; C:\Program Files\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
2 sdCoreService; C:\Program Files\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
3 Sony SCSI Helper Service; "C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe" [73728 2010-04-02] (Sony Corporation)
2 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [239648 2009-08-06] (NVIDIA Corporation)
3 Symantec Core LC; "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [1251720 2010-02-12] ()
2 SymAppCore; "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" [46736 2006-12-03] (Symantec Corporation)
2 WDDMService; "C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe" [98304 2009-08-17] (WDC)
2 WDSmartWareBackgroundService; "C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" [20480 2009-06-16] (Memeo)
2 WebrootSpySweeperService; "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [3562296 2007-06-21] (Webroot Software, Inc.)
2 Akamai; c:\program files\common files\akamai/netsession_win_80c2ffa.dll [x]

========================== Drivers (Whitelisted) =============

3 DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.)
3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
3 HSXHWBS2; C:\Windows\System32\DRIVERS\HSXHWBS2.sys [258048 2006-10-18] (Conexant Systems, Inc.)
1 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071120.002\IDSvix86.sys [180272 2007-11-06] (Symantec Corporation)
3 lvpopflt; C:\Windows\System32\DRIVERS\lvpopflt.sys [114784 2010-05-14] (Logitech Inc.)
3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
3 LVRS; C:\Windows\System32\DRIVERS\lvrs.sys [276448 2010-05-14] (Logitech Inc.)
3 LVUVC; C:\Windows\System32\DRIVERS\lvuvc.sys [4323040 2010-11-09] (Logitech Inc.)
2 ntk_dtv; \??\C:\Program Files\DIRECTV\DirecTV\Kernel\DMP\ntk_dtv.sys [119792 2009-09-17] (Cyberlink Corp.)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [239168 2010-12-10] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS.sys [338880 2010-07-16] (PC Tools)
3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [8192 2008-01-18] (Microsoft Corporation)
1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-12-03] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2007-11-30] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2007-11-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2007-11-30] (Symantec Corporation)
0 SSFS0BB8; C:\Windows\System32\Drivers\SSFS0BB8.SYS [20280 2007-06-21] (Webroot Software Inc (www.webroot.com))
0 SSHRMD; C:\Windows\System32\Drivers\SSHRMD.SYS [21816 2007-06-21] (Webroot Software Inc (www.webroot.com))
0 SSIDRV; C:\Windows\System32\Drivers\SSIDRV.SYS [160056 2007-06-21] (Webroot Software Inc (www.webroot.com))
3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23864 2007-06-21] (Webroot Software Inc (www.webroot.com))
3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [12720 2009-08-03] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124464 2010-02-12] (Symantec Corporation)
3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [145968 2009-08-03] (Symantec Corporation)
3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [39856 2009-08-03] (Symantec Corporation)
3 SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [38448 2009-08-03] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-08-03] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-08-03] (Symantec Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071121.002\NAVENG.SYS [x]
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20071121.002\NAVEX15.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 {79007602-0CDB-4405-9DBF-1257BB3226EE}; Combo-Fix.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-21 22:49 - 2012-06-21 22:49 - 00000000 ____D C:\FRST
2012-06-21 02:11 - 2012-06-21 02:11 - 00002916 ____A C:\Users\Nicholas\Desktop\aswMBR.txt
2012-06-21 02:11 - 2012-06-21 02:11 - 00000512 ____A C:\Users\Nicholas\Documents\MBR.dat
2012-06-20 18:28 - 2012-06-20 18:29 - 04731392 ____A (AVAST Software) C:\Users\Nicholas\Desktop\aswMBR.exe
2012-06-20 18:28 - 2012-06-20 18:28 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Nicholas\Desktop\tdsskiller.exe
2012-06-20 02:27 - 2012-06-20 02:28 - 00000000 ____D C:\ComboFix
2012-06-20 02:19 - 2012-06-20 02:27 - 00000332 ____A C:\Start_.cmd
2012-06-19 19:32 - 2012-06-20 02:28 - 00000000 ___SD C:\32788R22FWJFW
2012-06-19 19:32 - 2012-06-19 19:32 - 00000000 ____D C:\Windows\erdnt
2012-06-19 19:32 - 2012-06-19 19:32 - 00000000 ____D C:\Qoobox
2012-06-19 19:27 - 2012-06-19 19:27 - 04562361 ____R (Swearware) C:\Users\Nicholas\Desktop\ComboFix.exe
2012-06-19 19:27 - 2012-06-19 19:27 - 04562361 ____A (Swearware) C:\Users\Nicholas\Downloads\ComboFix(1).exe
2012-06-19 18:53 - 2012-06-19 18:53 - 00001321 ____A C:\Users\Nicholas\Documents\checkup.txt
2012-06-19 18:52 - 2012-06-19 18:52 - 00607260 ____R (Swearware) C:\Users\Nicholas\Desktop\dds.scr
2012-06-19 18:22 - 2012-06-19 18:22 - 00881475 ____A C:\Users\Nicholas\Desktop\SecurityCheck.exe
2012-06-19 18:21 - 2012-06-19 18:22 - 00000478 ____A C:\Windows\System32\defogger_disable.log
2012-06-19 18:21 - 2012-06-19 18:21 - 00050477 ____A C:\Users\Nicholas\Downloads\Defogger.exe
2012-06-19 18:21 - 2012-06-19 18:21 - 00000000 ____A C:\Users\Nicholas\defogger_reenable
2012-06-17 18:32 - 2012-06-17 18:32 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-17 18:21 - 2012-06-17 18:21 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-17 18:21 - 2012-06-17 18:21 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-17 18:20 - 2012-06-17 18:21 - 07287176 ____A (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro36.exe
2012-06-17 18:20 - 2012-06-17 18:20 - 08298672 ____A (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro36_x64.exe
2012-06-17 17:56 - 2012-06-17 17:57 - 00739808 ____A (Google Inc.) C:\Users\Nicholas\Downloads\ChromeSetup.exe
2012-06-17 17:52 - 2012-06-17 17:53 - 72870944 ____A (Microsoft Corporation) C:\Users\Nicholas\Downloads\msert(1).exe
2012-06-13 16:39 - 2012-06-13 16:39 - 00000000 ____D C:\Users\Nicholas\AppData\Roaming\QuickScan
2012-06-13 03:17 - 2012-06-17 17:54 - 00000000 ____D C:\Windows\System32\MpEngineStore
2012-06-12 17:57 - 2012-06-12 17:58 - 72757280 ____A (Microsoft Corporation) C:\Users\Nicholas\Downloads\msert.exe

============ 3 Months Modified Files and Folders ===============

2012-06-21 19:42 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-21 19:42 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-21 19:41 - 2007-10-07 09:28 - 01425495 ____A C:\Windows\WindowsUpdate.log
2012-06-21 19:41 - 2006-11-02 05:01 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-21 19:41 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-21 19:36 - 2010-08-15 14:38 - 00121900 ____A C:\Users\All Users\nvModes.001
2012-06-21 19:36 - 2010-08-15 14:36 - 00121900 ____A C:\Users\All Users\nvModes.dat
2012-06-21 04:16 - 2011-02-05 16:34 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-21 04:14 - 2010-11-27 19:33 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-829418449-491043782-716907647-1001UA.job
2012-06-21 04:14 - 2010-11-27 19:33 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-829418449-491043782-716907647-1001Core.job
2012-06-21 02:11 - 2012-06-21 02:11 - 00002916 ____A C:\Users\Nicholas\Desktop\aswMBR.txt
2012-06-21 02:11 - 2012-06-21 02:11 - 00000512 ____A C:\Users\Nicholas\Documents\MBR.dat
2012-06-20 18:29 - 2012-06-20 18:28 - 04731392 ____A (AVAST Software) C:\Users\Nicholas\Desktop\aswMBR.exe
2012-06-20 18:28 - 2012-06-20 18:28 - 02127960 ____A (Kaspersky Lab ZAO) C:\Users\Nicholas\Desktop\tdsskiller.exe
2012-06-20 18:25 - 2012-04-25 16:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-20 18:25 - 2007-10-15 14:25 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-20 13:45 - 2006-11-02 02:33 - 00721114 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-20 13:40 - 2011-02-05 16:34 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-20 02:28 - 2012-06-20 02:27 - 00000000 ____D C:\ComboFix
2012-06-20 02:28 - 2012-06-19 19:32 - 00000000 ___SD C:\32788R22FWJFW
2012-06-20 02:27 - 2012-06-20 02:19 - 00000332 ____A C:\Start_.cmd
2012-06-20 02:27 - 2012-06-19 19:32 - 00000000 ____D C:\Windows\erdnt
2012-06-20 00:01 - 2011-03-20 20:26 - 00000000 ____D C:\Program Files\PC Tools Security
2012-06-19 19:32 - 2012-06-19 19:32 - 00000000 ____D C:\Qoobox
2012-06-19 19:27 - 2012-06-19 19:27 - 04562361 ____R (Swearware) C:\Users\Nicholas\Desktop\ComboFix.exe
2012-06-19 19:27 - 2012-06-19 19:27 - 04562361 ____A (Swearware) C:\Users\Nicholas\Downloads\ComboFix(1).exe
2012-06-19 19:27 - 2007-10-12 18:29 - 00061208 ____A C:\Users\Nicholas\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-19 18:53 - 2012-06-19 18:53 - 00001321 ____A C:\Users\Nicholas\Documents\checkup.txt
2012-06-19 18:52 - 2012-06-19 18:52 - 00607260 ____R (Swearware) C:\Users\Nicholas\Desktop\dds.scr
2012-06-19 18:22 - 2012-06-19 18:22 - 00881475 ____A C:\Users\Nicholas\Desktop\SecurityCheck.exe
2012-06-19 18:22 - 2012-06-19 18:21 - 00000478 ____A C:\Windows\System32\defogger_disable.log
2012-06-19 18:21 - 2012-06-19 18:21 - 00050477 ____A C:\Users\Nicholas\Downloads\Defogger.exe
2012-06-19 18:21 - 2012-06-19 18:21 - 00000000 ____A C:\Users\Nicholas\defogger_reenable
2012-06-19 18:21 - 2007-10-12 18:28 - 00000000 ____D C:\users\Nicholas
2012-06-19 17:48 - 2009-06-08 15:47 - 00000000 ____D C:\Users\Public\Documents\Symantec
2012-06-19 17:40 - 2010-12-18 07:47 - 00000000 ____D C:\Windows\System32\logishrd
2012-06-19 17:40 - 2010-03-06 21:03 - 00000000 ____D C:\Program Files\Common Files\Akamai
2012-06-19 17:40 - 2009-05-06 14:22 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-06-17 18:49 - 2011-03-20 20:29 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-17 18:32 - 2012-06-17 18:32 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Nicholas\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-17 18:21 - 2012-06-17 18:21 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-06-17 18:21 - 2012-06-17 18:21 - 00000000 ____D C:\Program Files\HitmanPro
2012-06-17 18:21 - 2012-06-17 18:20 - 07287176 ____A (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro36.exe
2012-06-17 18:20 - 2012-06-17 18:20 - 08298672 ____A (SurfRight B.V.) C:\Users\Nicholas\Downloads\HitmanPro36_x64.exe
2012-06-17 17:57 - 2012-06-17 17:56 - 00739808 ____A (Google Inc.) C:\Users\Nicholas\Downloads\ChromeSetup.exe
2012-06-17 17:54 - 2012-06-13 03:17 - 00000000 ____D C:\Windows\System32\MpEngineStore
2012-06-17 17:53 - 2012-06-17 17:52 - 72870944 ____A (Microsoft Corporation) C:\Users\Nicholas\Downloads\msert(1).exe
2012-06-13 16:39 - 2012-06-13 16:39 - 00000000 ____D C:\Users\Nicholas\AppData\Roaming\QuickScan
2012-06-13 00:01 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-12 17:58 - 2012-06-12 17:57 - 72757280 ____A (Microsoft Corporation) C:\Users\Nicholas\Downloads\msert.exe
2012-06-12 16:57 - 2011-03-20 20:29 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy
2012-06-11 17:35 - 2012-03-28 16:38 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-11 17:35 - 2011-06-10 08:04 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-11 17:21 - 2011-03-20 20:32 - 00001973 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-06-07 20:01 - 2011-07-26 19:32 - 00000000 ____D C:\Users\Nicholas\Documents\Wedding
2012-05-21 16:18 - 2011-11-09 19:10 - 00000000 ____D C:\Users\Nicholas\AppData\Local\Akamai
2012-05-10 15:34 - 2008-08-17 14:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-09 19:12 - 2007-10-07 09:50 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-04-25 16:50 - 2012-04-25 16:50 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-04 12:56 - 2011-03-20 20:29 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-03-30 11:23 - 2011-06-08 09:07 - 00000000 ____D C:\Users\Nicholas\Documents\Jobs
2012-03-28 16:39 - 2012-03-28 16:39 - 00826648 ____A (Octoshape ApS) C:\Users\Nicholas\Downloads\octosetup.exe
2012-03-28 16:39 - 2012-03-28 16:39 - 00000000 ____D C:\Users\Nicholas\AppData\Roaming\Octoshape
2012-03-28 16:39 - 2012-03-28 16:39 - 00000000 ____D C:\Users\Nicholas\AppData\Local\Octoshape


ZeroAccess:
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\L
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\L\00000004.@
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\00000004.@
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\00000008.@
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\000000cb.@
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\80000000.@
C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\80000032.@

ZeroAccess:
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\@
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\L
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\n
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\L\00000004.@
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\L\80000032.@
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\00000004.@
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\00000008.@
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\000000cb.@
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\80000000.@
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}\U\80000032.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe
[2008-12-09 14:28] - [2008-10-28 22:29] - 2927104 ____A (Microsoft Corporation) 4F554999D7D5F05DAAEBBA7B5BA1089D

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2010-08-09 15:07] - [2008-01-18 19:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\System32\User32.dll
[2010-08-09 15:05] - [2008-01-18 19:36] - 0627200 ____A (Microsoft Corporation) B974D9F06DC7D1908E825DC201681269

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2010-08-09 15:04] - [2008-01-18 19:42] - 0227896 ____A (Microsoft Corporation) D8B4A53DD2769F226B3EB374374987C9


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 2045.88 MB
Available physical RAM: 1767.75 MB
Total Pagefile: 1977.55 MB
Available Pagefile: 1839.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:222.79 GB) (Free:81.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (Tots Begin 2011) (CDROM) (Total:3.17 GB) (Free:0 GB) UDF
7 Drive i: (USB DISK) (Removable) (Total:0.96 GB) (Free:0.41 GB) FAT
8 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.54 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 1391 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 984 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 32 KB
Partition 2 Primary 10 GB 40 MB
Partition 3 Primary 223 GB 10 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 X RECOVERY NTFS Partition 10 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 C OS NTFS Partition 223 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 984 MB 32 KB

======================================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 I USB DISK FAT Removable 984 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-20 17:55

======================= End Of Log ==========================

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 22 June 2012 - 12:15 AM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 bearnick

bearnick
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:55 AM

Posted 24 June 2012 - 08:27 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-24 20:18:43 Run:1
Running from I:\

==============================================

C:\Windows\Installer\{9a21f02e-7068-e219-30fb-6f284c6b8e3c} moved successfully.
C:\Users\Nicholas\AppData\Local\{9a21f02e-7068-e219-30fb-6f284c6b8e3c} moved successfully.

==== End of Fixlog ====


Google links appear to be OK for now. Have not yet heard ghost advertisements running in the background... I'll continue to monitor

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 24 June 2012 - 08:46 PM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 27 June 2012 - 12:30 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 29 June 2012 - 11:15 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:55 AM

Posted 02 July 2012 - 11:48 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users