Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus that reactivates on restart


  • This topic is locked This topic is locked
29 replies to this topic

#1 Aaron.R

Aaron.R

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 05 July 2012 - 05:49 PM

Mod Edit:Contains OTL log and moved to Virus,Trojan and Malware Removal Logs ~~boopme


Hello, ran into a problem i had an anti-virus and windows firewall until a virus that i thought i got rid of killed it off im at a loss about what to do
i found it in "service.exe" and around my computer.

i found it in c:\windows\sysnative\services.exe
and
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}


Here is my MBAM Log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aaron Rousch :: AARONROUSCH-PC [administrator]

Protection: Enabled

7/5/2012 2:35:21 PM
mbam-log-2012-07-05 (14-35-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224613
Time elapsed: 2 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

What Webroot Found
Webroot Scan Log (Version v8.0.1.203)
Log saved at Thu 2012-07-05 14:32:53

v8.0.1.203
Windows 7 Service Pack 1 (Build 7601) 64bit (Hostname: AARONROUSCH-PC - Local IP: 127.0.0.1)
Scan Started: Thu 2012-07-05 14:14:51
Files Scanned: 1
Malicious Files: 1
Duration: 1s

Some legitimate files are not included in this log
c:\windows\sysnative\services.exe [MD5: 014A9CB92514E27C0107614DF764BC06] [Flags: 50090020.4466]

Previous Scan Results

INFECTED - [Thu 2012-07-05 14:02:14] 42056 files scanned, 1 infection found in 2m 2s
INFECTED - [Thu 2012-07-05 13:50:44] 42049 files scanned, 1 infection found in 2m 3s
INFECTED - [Thu 2012-07-05 13:47:17] 42576 files scanned, 1 infection found in 2m 43s
INFECTED - [Thu 2012-07-05 13:05:43] 44064 files scanned, 1 infection found in 2m 44s
INFECTED - [Thu 2012-07-05 12:11:54] 43002 files scanned, 1 infection found in 2m 22s
INFECTED - [Thu 2012-07-05 09:24:55] 38109 files scanned, 1 infection found in 3m 48s

Current Session System Statistics

[01:59 PM] - CPU: 51%, Physical Memory: 16%, Virtual Memory: 4%, Page File: 8%, Processes: 17


Processes: 0, Modules: 0 (Depth: 20, Type: 16, Analyzed: 1, Threads: 0, Center: 0 - 0)
--- End of Scan Log ---

Thu 2012-07-05 09:24:53.0197 Begin Installation
Thu 2012-07-05 09:24:53.0774 Installation successfully completed (WSARETAIL.EXE/2713)
Thu 2012-07-05 09:24:53.0961 >>> Service started [v8.0.1.203]
Thu 2012-07-05 09:24:54.0070 User process connected successfully from PID 4032, Session 1
Thu 2012-07-05 09:24:55.0225 Protection enabled
Thu 2012-07-05 09:24:55.0584 Scan Started: [ID: 1 - Flags: 551/16]
Thu 2012-07-05 09:24:55.0989 Connecting to 32 - 32
Thu 2012-07-05 09:24:56.0566 SLevel updated to CA0EBXDNBB000000NB000000OV000000RH000000SC000000MM000000
Thu 2012-07-05 09:26:34.0457 Connected to B5
Thu 2012-07-05 09:26:34.0472 SLevel updated to CA0EBXDNBB000002NB0000C8OV0000C8RH0000C8SC000064MM0000C8
Thu 2012-07-05 09:26:42.0756 SLevel updated to CA0EBXDNBB000002NB000181OV000190RH000190SC0000C8MM000190
Thu 2012-07-05 09:26:52.0771 SLevel updated to CA0EBXDNBB000002NB000181OV000258RH000258SC00012CMM000258
Thu 2012-07-05 09:26:54.0534 SLevel updated to CA0EBXDNBB000002NB000181OV000320RH000320SC000190MM000320
Thu 2012-07-05 09:26:56.0484 SLevel updated to CA0EBXDNBB000002NB000181OV0003E8RH0003E8SC0001F4MM0003E8
Thu 2012-07-05 09:26:58.0122 SLevel updated to CA0EBXDNBB000002NB000181OV0004B0RH0004B0SC000258MM0004B0
Thu 2012-07-05 09:27:00.0119 SLevel updated to CA0EBXDNBB000002NB000181OV000578RH0004EDSC000287MM000578

and finaly my OTL logs

OTL logfile created on: 7/5/2012 2:20:07 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Aaron Rousch\Desktop\Infected Info
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 68.47% Memory free
7.20 Gb Paging File | 5.83 Gb Available in Paging File | 81.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.92 Gb Total Space | 211.02 Gb Free Space | 74.59% Space Free | Partition Type: NTFS
Drive D: | 1.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: AARONROUSCH-PC | User Name: Aaron Rousch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 13:12:54 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron Rousch\Desktop\Infected Info\OTL.exe
PRC - [2012/07/05 09:24:51 | 000,688,424 | ---- | M] (Webroot) -- C:\Program Files\Webroot\WRSA.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/05 09:24:51 | 000,688,424 | ---- | M] (Webroot) [Auto | Running] -- C:\Program Files\Webroot\WRSA.exe -- (WRSVC)
SRV:64bit: - [2011/06/09 21:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/07 21:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/17 14:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 14:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/11 17:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/07/05 09:24:53 | 000,113,232 | ---- | M] (Webroot) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WRkrn.sys -- (WRkrn)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/07 22:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/07 21:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 12:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/08 19:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 01:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 12:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 07:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 07:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 11:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/27 15:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/07/30 20:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 09:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3CE3275D-C85B-4011-89D1-AC1D9F2112D4}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKCU\..\SearchScopes\{3CE3275D-C85B-4011-89D1-AC1D9F2112D4}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS486
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Aaron Rousch\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Aaron Rousch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Aaron Rousch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Starcraft Zeratul (1366x786) = C:\Users\Aaron Rousch\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhbeaaojbkobdpcgpklkahmefbchnb\1.0.0_0\
CHR - Extension: Gmail = C:\Users\Aaron Rousch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WRSVC] C:\Program Files\Webroot\WRSA.exe (Webroot)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88B80B82-28A6-415D-80DD-C6F6E6A6C343}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (digest.dll) - File not found
O29:64bit: - HKLM SecurityProviders - (msnsspc.dll) - File not found
O29 - HKLM SecurityProviders - (msapsspc.dll) - File not found
O29 - HKLM SecurityProviders - (digest.dll) - File not found
O29 - HKLM SecurityProviders - (msnsspc.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/23 19:23:01 | 000,000,049 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{91150c73-7299-11e1-b9c5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{91150c73-7299-11e1-b9c5-806e6f6e6963}\Shell\AutoRun\command - "" = D:\WRSetupCD.exe -- [2011/08/23 19:23:01 | 000,583,136 | R--- | M] (Webroot)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{DDC88C71-D52A-4CBE-9387-CC2A96B5C129} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig


MsConfig:64bit - StartUpReg: NortonOnlineBackupReminder - hkey= - key= - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: TCrdMain - hkey= - key= - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: ToshibaAppPlace - hkey= - key= - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
MsConfig:64bit - StartUpReg: ToshibaServiceStation - hkey= - key= - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
MsConfig:64bit - StartUpReg: [b]TPwrMain
- hkey= - key= - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 14:19:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/05 13:43:09 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Aaron Rousch\Desktop\TFC.exe
[2012/07/05 12:02:21 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/07/05 11:31:58 | 000,000,000 | ---D | C] -- C:\Users\Aaron Rousch\Desktop\Infected Info
[2012/07/05 10:22:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/05 10:06:24 | 000,000,000 | ---D | C] -- C:\Users\Aaron Rousch\AppData\Local\Diagnostics
[2012/07/05 09:51:23 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/05 09:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/05 09:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/07/05 09:44:34 | 000,000,000 | ---D | C] -- C:\Users\Aaron Rousch\AppData\Roaming\DriverCure
[2012/07/05 09:44:33 | 000,000,000 | ---D | C] -- C:\Users\Aaron Rousch\AppData\Roaming\SpeedyPC Software
[2012/07/05 09:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/05 09:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
[2012/07/05 09:24:53 | 000,148,728 | ---- | C] (Webroot) -- C:\windows\SysWow64\WRusr.dll
[2012/07/05 09:24:53 | 000,113,232 | ---- | C] (Webroot) -- C:\windows\SysNative\drivers\WRkrn.sys
[2012/07/05 09:24:53 | 000,101,872 | ---- | C] (Webroot) -- C:\windows\SysNative\WRusr.dll
[2012/07/05 09:24:51 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2012/07/05 09:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\WRData
[2012/07/04 23:57:57 | 000,000,000 | ---D | C] -- C:\Users\Aaron Rousch\AppData\Roaming\Malwarebytes
[2012/07/04 23:57:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/04 23:57:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/04 23:57:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/07/04 23:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/04 23:56:16 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
[2012/07/03 21:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCGEN
[2012/06/19 18:24:32 | 000,000,000 | ---D | C] -- C:\Users\Aaron Rousch\Desktop\folders
[2012/06/19 17:36:39 | 000,000,000 | ---D | C] -- C:\data
[2012/06/19 12:44:06 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
[2012/06/13 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\Aaron Rousch\AppData\Roaming\WildTangent
[2012/06/13 23:10:01 | 000,000,000 | ---D | C] -- C:\Users\Aaron Rousch\AppData\Local\CrashDumps

========== Files - Modified Within 30 Days ==========

[2012/07/05 14:19:40 | 000,000,162 | -H-- | M] () -- C:\Users\Aaron Rousch\Desktop\~$cument.rtf
[2012/07/05 14:15:46 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 14:15:46 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/05 14:08:32 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 14:08:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/05 14:08:10 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 14:00:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 13:51:25 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/07/05 13:51:25 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/07/05 13:51:25 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/07/05 13:25:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Aaron Rousch\Desktop\TFC.exe
[2012/07/05 13:15:42 | 000,000,539 | ---- | M] () -- C:\Users\Aaron Rousch\Desktop\Document.rtf
[2012/07/05 12:02:34 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SpeedyPC Registration3.job
[2012/07/05 12:02:34 | 000,000,478 | ---- | M] () -- C:\windows\tasks\SpeedyPC Update Version3.job
[2012/07/05 12:02:34 | 000,000,434 | ---- | M] () -- C:\windows\tasks\SpeedyPC Pro.job
[2012/07/05 12:02:12 | 243,811,194 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/07/05 09:24:53 | 000,148,728 | ---- | M] (Webroot) -- C:\windows\SysWow64\WRusr.dll
[2012/07/05 09:24:53 | 000,113,232 | ---- | M] (Webroot) -- C:\windows\SysNative\drivers\WRkrn.sys
[2012/07/05 09:24:53 | 000,101,872 | ---- | M] (Webroot) -- C:\windows\SysNative\WRusr.dll
[2012/07/05 00:21:41 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/07/04 23:57:50 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/04 23:51:03 | 000,743,534 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/06/25 12:37:15 | 000,301,372 | ---- | M] () -- C:\Users\Aaron Rousch\Desktop\accuplacerteststudyguide.pdf
[2012/06/19 18:56:21 | 000,001,111 | ---- | M] () -- C:\Users\Aaron Rousch\Desktop\Mame32 - Shortcut.lnk
[2012/06/14 16:29:27 | 000,342,720 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/05 14:19:40 | 000,000,162 | -H-- | C] () -- C:\Users\Aaron Rousch\Desktop\~$cument.rtf
[2012/07/05 13:17:37 | 000,000,539 | ---- | C] () -- C:\Users\Aaron Rousch\Desktop\Document.rtf
[2012/07/05 12:02:12 | 243,811,194 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/07/05 09:44:41 | 000,000,506 | ---- | C] () -- C:\windows\tasks\SpeedyPC Registration3.job
[2012/07/05 09:44:24 | 000,000,478 | ---- | C] () -- C:\windows\tasks\SpeedyPC Update Version3.job
[2012/07/05 09:44:22 | 000,000,434 | ---- | C] () -- C:\windows\tasks\SpeedyPC Pro.job
[2012/07/05 09:22:52 | 000,000,804 | ---- | C] () -- C:\windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\L\00000004.@
[2012/07/04 23:57:50 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 12:37:15 | 000,301,372 | ---- | C] () -- C:\Users\Aaron Rousch\Desktop\accuplacerteststudyguide.pdf
[2012/06/19 18:56:21 | 000,001,111 | ---- | C] () -- C:\Users\Aaron Rousch\Desktop\Mame32 - Shortcut.lnk
[2012/05/29 16:55:25 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\@
[2012/05/29 16:55:25 | 000,002,048 | -HS- | C] () -- C:\Users\Aaron Rousch\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}\@
[2012/05/28 10:13:15 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/20 07:42:41 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/03/20 07:29:19 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/03/20 07:25:50 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2012/07/05 09:44:34 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Roaming\DriverCure
[2012/07/05 09:44:33 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Roaming\SpeedyPC Software
[2012/05/28 11:58:59 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Roaming\Tific
[2012/05/28 10:05:02 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Roaming\Toshiba
[2012/06/13 23:10:10 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Roaming\WildTangent
[2012/05/28 11:57:23 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Roaming\WinBatch
[2009/07/13 22:08:49 | 000,032,160 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/07/05 12:02:34 | 000,000,434 | ---- | M] () -- C:\windows\Tasks\SpeedyPC Pro.job
[2012/07/05 12:02:34 | 000,000,506 | ---- | M] () -- C:\windows\Tasks\SpeedyPC Registration3.job
[2012/07/05 12:02:34 | 000,000,478 | ---- | M] () -- C:\windows\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2012/06/01 23:25:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011/10/30 23:33:54 | 000,000,000 | -HSD | M] -- C:\Boot
[2012/05/28 10:24:09 | 000,000,000 | ---D | M] -- C:\cab25409cb9585313f0168
[2012/07/05 12:08:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2012/06/19 17:36:39 | 000,000,000 | ---D | M] -- C:\data
[2009/07/13 22:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012/05/28 11:37:11 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012/07/05 13:01:20 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/07/05 12:11:38 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/07/05 09:44:18 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012/07/05 10:22:16 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2012/07/05 14:22:15 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/06/01 23:25:01 | 000,000,000 | R--D | M] -- C:\Users
[2012/07/05 13:44:30 | 000,000,000 | ---D | M] -- C:\Windows
[2012/07/05 14:19:51 | 000,000,000 | ---D | M] -- C:\_OTL

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >
[2012/07/05 13:01:21 | 000,000,000 | -HSD | M] -- C:\windows\installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}
[2012/07/05 00:21:34 | 000,000,000 | ---D | M] -- C:\windows\installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}

< %localappdata%\*. /5 >
[2012/07/05 10:17:06 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Local\CrashDumps
[2012/07/05 10:06:24 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Local\Diagnostics
[2012/07/05 13:04:41 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Local\Microsoft
[2012/07/04 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Local\Microsoft Games
[2012/07/05 14:19:38 | 000,000,000 | ---D | M] -- C:\Users\Aaron Rousch\AppData\Local\Temp

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USER32.DLL >
[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 20:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 20:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

< End of report >

Every time i think i get it it re-installs itself

any help would be appreciated thanks :thumbup2:

Edited by boopme, 05 July 2012 - 09:18 PM.

Do what you gotta do to survive

BC AdBot (Login to Remove)

 


#2 Aaron.R

Aaron.R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 05 July 2012 - 06:00 PM

Edited from the 1st post because the scan took one second looked odd and wrong so here is the updated log
sorry about that

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.05.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Aaron Rousch :: AARONROUSCH-PC [administrator]

Protection: Enabled

7/5/2012 5:55:53 PM
mbam-log-2012-07-05 (17-58-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224962
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U\00000008.$ (Trojan.Dropper.BCMiner) -> No action taken.

(end)
Do what you gotta do to survive

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 05 July 2012 - 11:46 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Aaron.R

Aaron.R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 06 July 2012 - 10:03 AM

Hi Gringo, Thanks for the help, im headed out to do some errands i've Downloaded combo fix and will run it as soon as i get back and im disconnecting from the internet
untill then here are my Security check logs


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 25
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Edited by Aaron.R, 06 July 2012 - 10:07 AM.

Do what you gotta do to survive

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 06 July 2012 - 10:26 AM

Ok I will wait for the report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Aaron.R

Aaron.R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 06 July 2012 - 02:41 PM

Gringo, Just wanted to let you know im back Combofix is still running
Do what you gotta do to survive

#7 Aaron.R

Aaron.R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 06 July 2012 - 03:04 PM

Gringo Here is the ComboFix log,Edit: Sorry gringo im dumber than a sack of cheese i just had to reset my computer the internet works fine now :mellow:
ComboFix 12-07-06.01 - Aaron Rousch 07/06/2012 10:17:10.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2596 [GMT -7:00]
Running from: c:\users\Aaron Rousch\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 21:44 . 2012-07-06 21:44 -------- d-----w- c:\users\Elliot\AppData\Local\temp
2012-07-06 21:44 . 2012-07-06 21:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 05:54 . 2012-07-06 05:54 -------- d-----w- c:\program files (x86)\Sirtech
2012-07-05 21:19 . 2012-07-05 21:19 -------- d-----w- C:\_OTL
2012-07-05 17:06 . 2012-07-05 17:06 -------- d-----w- c:\users\Aaron Rousch\AppData\Local\Diagnostics
2012-07-05 16:51 . 2012-07-05 17:22 -------- d-----w- C:\sh4ldr
2012-07-05 16:51 . 2012-07-05 16:51 -------- d-----w- c:\program files\Enigma Software Group
2012-07-05 16:50 . 2012-07-05 16:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-05 16:44 . 2012-07-05 16:44 -------- d-----w- c:\users\Aaron Rousch\AppData\Roaming\DriverCure
2012-07-05 16:44 . 2012-07-05 16:44 -------- d-----w- c:\users\Aaron Rousch\AppData\Roaming\SpeedyPC Software
2012-07-05 16:44 . 2012-07-05 17:22 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-05 16:24 . 2012-07-05 16:24 148728 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-07-05 16:24 . 2012-07-05 16:24 113232 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-05 16:24 . 2012-07-05 16:24 101872 ----a-w- c:\windows\system32\WRusr.dll
2012-07-05 16:24 . 2012-07-06 02:24 -------- d-----w- c:\program files\Webroot
2012-07-05 16:24 . 2012-07-06 21:44 -------- d-----w- c:\programdata\WRData
2012-07-05 07:16 . 2012-07-05 07:16 328704 ----a-w- c:\windows\system32\services.exe.F484D25ABC2666F0
2012-07-05 07:12 . 2012-07-05 07:12 328704 ----a-w- c:\windows\system32\services.exe.A48CDD3EFB5FA9B9
2012-07-05 07:07 . 2012-07-05 07:07 328704 ----a-w- c:\windows\system32\services.exe.C18504BA207190FC
2012-07-05 07:01 . 2012-07-05 07:01 328704 ----a-w- c:\windows\system32\services.exe.C79E99E86B912C32
2012-07-05 06:57 . 2012-07-05 06:57 -------- d-----w- c:\users\Aaron Rousch\AppData\Roaming\Malwarebytes
2012-07-05 06:57 . 2012-07-05 06:57 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 06:57 . 2012-07-05 06:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 06:57 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 06:56 . 2012-07-05 06:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 02:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 02:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 02:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 02:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 02:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 02:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 02:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 02:10 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 02:10 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 00:36 . 2012-06-20 00:36 -------- d-----w- C:\data
2012-06-19 19:44 . 2012-07-05 02:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 19:44 . 2012-06-19 19:44 -------- d-----w- c:\windows\system32\Macromed
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Aaron Rousch\AppData\Roaming\WildTangent
2012-06-14 06:10 . 2012-07-06 17:00 -------- d-----w- c:\users\Aaron Rousch\AppData\Local\CrashDumps
2012-06-14 05:16 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 05:16 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 05:16 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 05:16 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 05:16 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 05:16 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 05:16 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 05:16 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 05:16 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 05:16 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 05:16 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 05:15 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 05:15 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 05:15 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 05:15 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 05:15 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 05:15 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 02:39 . 2011-10-31 03:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 18:57 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-05 688424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
R1 gdmjpazs;gdmjpazs;c:\windows\system32\drivers\gdmjpazs.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 136176]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-30 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-07-05 113232]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-07-05 688424]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 15:23]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 15:23]
.
2012-07-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-06 14:53:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-06 21:53
.
Pre-Run: 223,676,284,928 bytes free
Post-Run: 223,246,491,648 bytes free
.
- - End Of File - - 1D2F5892FE35EB9106003B80B4BAF18E

Edited by Aaron.R, 06 July 2012 - 04:29 PM.

Do what you gotta do to survive

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 07 July 2012 - 12:12 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Aaron.R

Aaron.R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 07 July 2012 - 08:49 AM

TDSSKiller Logs

08:35:51.0322 4048 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
08:35:52.0196 4048 ============================================================
08:35:52.0196 4048 Current date / time: 2012/07/07 08:35:52.0196
08:35:52.0196 4048 SystemInfo:
08:35:52.0196 4048
08:35:52.0196 4048 OS Version: 6.1.7601 ServicePack: 1.0
08:35:52.0196 4048 Product type: Workstation
08:35:52.0196 4048 ComputerName: AARONROUSCH-PC
08:35:52.0196 4048 UserName: Aaron Rousch
08:35:52.0196 4048 Windows directory: C:\windows
08:35:52.0196 4048 System windows directory: C:\windows
08:35:52.0196 4048 Running under WOW64
08:35:52.0196 4048 Processor architecture: Intel x64
08:35:52.0196 4048 Number of processors: 2
08:35:52.0196 4048 Page size: 0x1000
08:35:52.0196 4048 Boot type: Normal boot
08:35:52.0196 4048 ============================================================
08:35:54.0036 4048 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:35:54.0036 4048 ============================================================
08:35:54.0036 4048 \Device\Harddisk0\DR0:
08:35:54.0036 4048 MBR partitions:
08:35:54.0036 4048 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235D7000
08:35:54.0036 4048 ============================================================
08:35:54.0068 4048 C: <-> \Device\Harddisk0\DR0\Partition0
08:35:54.0068 4048 ============================================================
08:35:54.0083 4048 Initialize success
08:35:54.0083 4048 ============================================================
08:35:57.0141 4008 ============================================================
08:35:57.0141 4008 Scan started
08:35:57.0141 4008 Mode: Manual;
08:35:57.0141 4008 ============================================================
08:35:58.0997 4008 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
08:35:59.0013 4008 1394ohci - ok
08:35:59.0075 4008 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
08:35:59.0091 4008 ACPI - ok
08:35:59.0106 4008 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
08:35:59.0106 4008 AcpiPmi - ok
08:35:59.0184 4008 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
08:35:59.0216 4008 adp94xx - ok
08:35:59.0278 4008 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
08:35:59.0294 4008 adpahci - ok
08:35:59.0309 4008 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
08:35:59.0325 4008 adpu320 - ok
08:35:59.0372 4008 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
08:35:59.0372 4008 AeLookupSvc - ok
08:35:59.0481 4008 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
08:35:59.0496 4008 AFD - ok
08:35:59.0559 4008 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
08:35:59.0574 4008 agp440 - ok
08:35:59.0606 4008 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
08:35:59.0606 4008 ALG - ok
08:35:59.0637 4008 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
08:35:59.0637 4008 aliide - ok
08:35:59.0684 4008 AMD External Events Utility (2f2e91fd092811353c3bc968bec274d8) C:\windows\system32\atiesrxx.exe
08:35:59.0699 4008 AMD External Events Utility - ok
08:35:59.0730 4008 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
08:35:59.0730 4008 amdide - ok
08:35:59.0746 4008 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
08:35:59.0762 4008 AmdK8 - ok
08:36:00.0744 4008 amdkmdag (194d76d2083318a2e7071a988e02ecf4) C:\windows\system32\DRIVERS\atikmdag.sys
08:36:00.0994 4008 amdkmdag - ok
08:36:01.0244 4008 amdkmdap (1eeffce9a3a65a56a28793eaa3f57026) C:\windows\system32\DRIVERS\atikmpag.sys
08:36:01.0259 4008 amdkmdap - ok
08:36:01.0306 4008 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
08:36:01.0306 4008 AmdPPM - ok
08:36:01.0353 4008 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
08:36:01.0353 4008 amdsata - ok
08:36:01.0400 4008 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
08:36:01.0415 4008 amdsbs - ok
08:36:01.0431 4008 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
08:36:01.0431 4008 amdxata - ok
08:36:01.0478 4008 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
08:36:01.0478 4008 amd_sata - ok
08:36:01.0493 4008 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
08:36:01.0493 4008 amd_xata - ok
08:36:01.0540 4008 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
08:36:01.0540 4008 AppID - ok
08:36:01.0571 4008 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
08:36:01.0587 4008 AppIDSvc - ok
08:36:01.0602 4008 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
08:36:01.0602 4008 Appinfo - ok
08:36:01.0680 4008 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
08:36:01.0680 4008 arc - ok
08:36:01.0712 4008 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
08:36:01.0712 4008 arcsas - ok
08:36:01.0743 4008 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
08:36:01.0743 4008 AsyncMac - ok
08:36:01.0758 4008 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
08:36:01.0758 4008 atapi - ok
08:36:01.0883 4008 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
08:36:01.0914 4008 AudioEndpointBuilder - ok
08:36:01.0930 4008 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
08:36:01.0930 4008 AudioSrv - ok
08:36:01.0992 4008 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
08:36:01.0992 4008 AxInstSV - ok
08:36:02.0086 4008 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
08:36:02.0086 4008 b06bdrv - ok
08:36:02.0133 4008 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
08:36:02.0148 4008 b57nd60a - ok
08:36:02.0211 4008 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
08:36:02.0211 4008 BDESVC - ok
08:36:02.0211 4008 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
08:36:02.0226 4008 Beep - ok
08:36:02.0336 4008 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
08:36:02.0351 4008 BFE - ok
08:36:02.0492 4008 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
08:36:02.0538 4008 BITS - ok
08:36:02.0632 4008 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
08:36:02.0632 4008 blbdrive - ok
08:36:02.0710 4008 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
08:36:02.0710 4008 bowser - ok
08:36:02.0757 4008 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
08:36:02.0757 4008 BrFiltLo - ok
08:36:02.0772 4008 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
08:36:02.0772 4008 BrFiltUp - ok
08:36:02.0835 4008 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
08:36:02.0850 4008 BridgeMP - ok
08:36:02.0913 4008 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
08:36:02.0913 4008 Browser - ok
08:36:02.0975 4008 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
08:36:02.0991 4008 Brserid - ok
08:36:03.0022 4008 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
08:36:03.0022 4008 BrSerWdm - ok
08:36:03.0038 4008 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
08:36:03.0053 4008 BrUsbMdm - ok
08:36:03.0069 4008 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
08:36:03.0069 4008 BrUsbSer - ok
08:36:03.0100 4008 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
08:36:03.0100 4008 BTHMODEM - ok
08:36:03.0162 4008 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
08:36:03.0162 4008 bthserv - ok
08:36:03.0194 4008 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
08:36:03.0194 4008 cdfs - ok
08:36:03.0225 4008 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
08:36:03.0240 4008 cdrom - ok
08:36:03.0287 4008 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
08:36:03.0303 4008 CertPropSvc - ok
08:36:03.0318 4008 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
08:36:03.0318 4008 circlass - ok
08:36:03.0365 4008 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
08:36:03.0381 4008 CLFS - ok
08:36:03.0459 4008 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:36:03.0474 4008 clr_optimization_v2.0.50727_32 - ok
08:36:03.0552 4008 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:36:03.0552 4008 clr_optimization_v2.0.50727_64 - ok
08:36:03.0662 4008 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:36:03.0771 4008 clr_optimization_v4.0.30319_32 - ok
08:36:03.0849 4008 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:36:03.0864 4008 clr_optimization_v4.0.30319_64 - ok
08:36:03.0911 4008 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
08:36:03.0911 4008 CmBatt - ok
08:36:03.0927 4008 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
08:36:03.0927 4008 cmdide - ok
08:36:04.0036 4008 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
08:36:04.0052 4008 CNG - ok
08:36:04.0286 4008 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
08:36:04.0301 4008 CnxtHdAudService - ok
08:36:04.0878 4008 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
08:36:04.0878 4008 Compbatt - ok
08:36:04.0894 4008 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
08:36:04.0894 4008 CompositeBus - ok
08:36:04.0941 4008 COMSysApp - ok
08:36:04.0956 4008 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
08:36:04.0956 4008 crcdisk - ok
08:36:05.0050 4008 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
08:36:05.0050 4008 CryptSvc - ok
08:36:05.0222 4008 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
08:36:05.0237 4008 DcomLaunch - ok
08:36:05.0362 4008 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
08:36:05.0378 4008 defragsvc - ok
08:36:05.0456 4008 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
08:36:05.0471 4008 DfsC - ok
08:36:05.0705 4008 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
08:36:05.0721 4008 Dhcp - ok
08:36:05.0799 4008 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
08:36:05.0814 4008 discache - ok
08:36:05.0846 4008 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
08:36:05.0846 4008 Disk - ok
08:36:05.0986 4008 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
08:36:06.0002 4008 Dnscache - ok
08:36:06.0111 4008 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
08:36:06.0126 4008 dot3svc - ok
08:36:06.0204 4008 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
08:36:06.0204 4008 DPS - ok
08:36:06.0251 4008 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
08:36:06.0251 4008 drmkaud - ok
08:36:06.0360 4008 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
08:36:06.0376 4008 DXGKrnl - ok
08:36:06.0423 4008 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
08:36:06.0423 4008 EapHost - ok
08:36:06.0766 4008 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
08:36:06.0891 4008 ebdrv - ok
08:36:07.0156 4008 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
08:36:07.0172 4008 EFS - ok
08:36:07.0359 4008 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
08:36:07.0374 4008 ehRecvr - ok
08:36:07.0468 4008 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
08:36:07.0468 4008 ehSched - ok
08:36:07.0624 4008 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
08:36:07.0640 4008 elxstor - ok
08:36:07.0640 4008 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
08:36:07.0655 4008 ErrDev - ok
08:36:07.0842 4008 esgiguard - ok
08:36:07.0967 4008 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
08:36:07.0967 4008 ETD - ok
08:36:08.0092 4008 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
08:36:08.0108 4008 EventSystem - ok
08:36:08.0186 4008 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
08:36:08.0186 4008 exfat - ok
08:36:08.0217 4008 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
08:36:08.0217 4008 fastfat - ok
08:36:08.0404 4008 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
08:36:08.0420 4008 Fax - ok
08:36:08.0482 4008 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
08:36:08.0482 4008 fdc - ok
08:36:08.0560 4008 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
08:36:08.0576 4008 fdPHost - ok
08:36:08.0638 4008 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
08:36:08.0654 4008 FDResPub - ok
08:36:08.0716 4008 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
08:36:08.0732 4008 FileInfo - ok
08:36:08.0747 4008 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
08:36:08.0747 4008 Filetrace - ok
08:36:08.0778 4008 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
08:36:08.0778 4008 flpydisk - ok
08:36:08.0888 4008 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
08:36:08.0888 4008 FltMgr - ok
08:36:09.0153 4008 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
08:36:09.0200 4008 FontCache - ok
08:36:09.0262 4008 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:36:09.0262 4008 FontCache3.0.0.0 - ok
08:36:09.0340 4008 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
08:36:09.0356 4008 FsDepends - ok
08:36:09.0418 4008 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
08:36:09.0434 4008 Fs_Rec - ok
08:36:09.0527 4008 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
08:36:09.0527 4008 fvevol - ok
08:36:09.0590 4008 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
08:36:09.0590 4008 FwLnk - ok
08:36:09.0668 4008 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
08:36:09.0668 4008 gagp30kx - ok
08:36:09.0777 4008 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
08:36:09.0792 4008 GamesAppService - ok
08:36:09.0824 4008 gdmjpazs - ok
08:36:10.0026 4008 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
08:36:10.0058 4008 gpsvc - ok
08:36:10.0151 4008 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:36:10.0167 4008 gupdate - ok
08:36:10.0182 4008 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:36:10.0182 4008 gupdatem - ok
08:36:10.0245 4008 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
08:36:10.0245 4008 hcw85cir - ok
08:36:10.0323 4008 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
08:36:10.0338 4008 HdAudAddService - ok
08:36:10.0416 4008 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
08:36:10.0432 4008 HDAudBus - ok
08:36:10.0448 4008 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
08:36:10.0463 4008 HidBatt - ok
08:36:10.0479 4008 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
08:36:10.0479 4008 HidBth - ok
08:36:10.0572 4008 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
08:36:10.0572 4008 HidIr - ok
08:36:10.0619 4008 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
08:36:10.0635 4008 hidserv - ok
08:36:10.0728 4008 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
08:36:10.0728 4008 HidUsb - ok
08:36:10.0806 4008 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
08:36:10.0822 4008 hkmsvc - ok
08:36:10.0884 4008 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
08:36:10.0900 4008 HomeGroupListener - ok
08:36:10.0962 4008 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
08:36:10.0978 4008 HomeGroupProvider - ok
08:36:11.0056 4008 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
08:36:11.0056 4008 HpSAMD - ok
08:36:11.0196 4008 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
08:36:11.0228 4008 HTTP - ok
08:36:11.0274 4008 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
08:36:11.0274 4008 hwpolicy - ok
08:36:11.0368 4008 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
08:36:11.0368 4008 i8042prt - ok
08:36:11.0462 4008 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
08:36:11.0477 4008 iaStorV - ok
08:36:11.0664 4008 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:36:11.0727 4008 idsvc - ok
08:36:11.0789 4008 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
08:36:11.0789 4008 iirsp - ok
08:36:11.0976 4008 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
08:36:12.0008 4008 IKEEXT - ok
08:36:12.0039 4008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
08:36:12.0039 4008 intelide - ok
08:36:12.0101 4008 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
08:36:12.0101 4008 intelppm - ok
08:36:12.0195 4008 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
08:36:12.0195 4008 IPBusEnum - ok
08:36:12.0257 4008 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
08:36:12.0257 4008 IpFilterDriver - ok
08:36:12.0460 4008 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
08:36:12.0491 4008 iphlpsvc - ok
08:36:12.0507 4008 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
08:36:12.0507 4008 IPMIDRV - ok
08:36:12.0538 4008 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
08:36:12.0554 4008 IPNAT - ok
08:36:12.0569 4008 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
08:36:12.0569 4008 IRENUM - ok
08:36:12.0585 4008 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
08:36:12.0585 4008 isapnp - ok
08:36:12.0632 4008 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
08:36:12.0632 4008 iScsiPrt - ok
08:36:12.0647 4008 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
08:36:12.0647 4008 kbdclass - ok
08:36:12.0663 4008 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
08:36:12.0663 4008 kbdhid - ok
08:36:12.0710 4008 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:36:12.0710 4008 KeyIso - ok
08:36:12.0741 4008 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
08:36:12.0741 4008 KSecDD - ok
08:36:12.0772 4008 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
08:36:12.0772 4008 KSecPkg - ok
08:36:12.0819 4008 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
08:36:12.0819 4008 ksthunk - ok
08:36:12.0928 4008 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
08:36:12.0944 4008 KtmRm - ok
08:36:13.0022 4008 L1C (0e154da6ca9105354a07d0c576804037) C:\windows\system32\DRIVERS\L1C62x64.sys
08:36:13.0022 4008 L1C - ok
08:36:13.0100 4008 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
08:36:13.0100 4008 LanmanServer - ok
08:36:13.0162 4008 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
08:36:13.0162 4008 LanmanWorkstation - ok
08:36:13.0240 4008 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
08:36:13.0240 4008 lltdio - ok
08:36:13.0880 4008 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
08:36:13.0895 4008 lltdsvc - ok
08:36:13.0926 4008 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
08:36:13.0926 4008 lmhosts - ok
08:36:14.0036 4008 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
08:36:14.0051 4008 LSI_FC - ok
08:36:14.0613 4008 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
08:36:14.0613 4008 LSI_SAS - ok
08:36:14.0691 4008 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
08:36:14.0691 4008 LSI_SAS2 - ok
08:36:14.0738 4008 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
08:36:14.0738 4008 LSI_SCSI - ok
08:36:14.0769 4008 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
08:36:14.0769 4008 luafv - ok
08:36:14.0816 4008 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
08:36:14.0816 4008 MBAMProtector - ok
08:36:14.0925 4008 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:36:14.0940 4008 MBAMService - ok
08:36:14.0987 4008 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
08:36:14.0987 4008 Mcx2Svc - ok
08:36:15.0018 4008 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
08:36:15.0018 4008 megasas - ok
08:36:15.0081 4008 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
08:36:15.0096 4008 MegaSR - ok
08:36:15.0143 4008 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
08:36:15.0143 4008 MMCSS - ok
08:36:15.0190 4008 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
08:36:15.0190 4008 Modem - ok
08:36:15.0268 4008 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
08:36:15.0268 4008 monitor - ok
08:36:15.0284 4008 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
08:36:15.0299 4008 mouclass - ok
08:36:15.0455 4008 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
08:36:15.0455 4008 mouhid - ok
08:36:15.0549 4008 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
08:36:15.0549 4008 mountmgr - ok
08:36:15.0642 4008 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
08:36:15.0658 4008 mpio - ok
08:36:15.0689 4008 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
08:36:15.0705 4008 mpsdrv - ok
08:36:15.0892 4008 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
08:36:15.0923 4008 MpsSvc - ok
08:36:16.0001 4008 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
08:36:16.0017 4008 MRxDAV - ok
08:36:16.0032 4008 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
08:36:16.0032 4008 mrxsmb - ok
08:36:16.0064 4008 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
08:36:16.0064 4008 mrxsmb10 - ok
08:36:16.0095 4008 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
08:36:16.0095 4008 mrxsmb20 - ok
08:36:16.0126 4008 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
08:36:16.0126 4008 msahci - ok
08:36:16.0142 4008 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
08:36:16.0142 4008 msdsm - ok
08:36:16.0188 4008 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
08:36:16.0204 4008 MSDTC - ok
08:36:16.0235 4008 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
08:36:16.0235 4008 Msfs - ok
08:36:16.0266 4008 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
08:36:16.0282 4008 mshidkmdf - ok
08:36:16.0282 4008 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
08:36:16.0282 4008 msisadrv - ok
08:36:16.0344 4008 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
08:36:16.0344 4008 MSiSCSI - ok
08:36:16.0376 4008 msiserver - ok
08:36:16.0422 4008 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
08:36:16.0422 4008 MSKSSRV - ok
08:36:16.0454 4008 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
08:36:16.0454 4008 MSPCLOCK - ok
08:36:16.0469 4008 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
08:36:16.0469 4008 MSPQM - ok
08:36:16.0516 4008 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
08:36:16.0516 4008 MsRPC - ok
08:36:16.0547 4008 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
08:36:16.0547 4008 mssmbios - ok
08:36:16.0547 4008 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
08:36:16.0563 4008 MSTEE - ok
08:36:16.0563 4008 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
08:36:16.0579 4008 MTConfig - ok
08:36:16.0594 4008 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
08:36:16.0594 4008 Mup - ok
08:36:16.0657 4008 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
08:36:16.0672 4008 napagent - ok
08:36:16.0766 4008 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
08:36:16.0766 4008 NativeWifiP - ok
08:36:16.0937 4008 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
08:36:16.0984 4008 NDIS - ok
08:36:17.0000 4008 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
08:36:17.0000 4008 NdisCap - ok
08:36:17.0031 4008 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
08:36:17.0031 4008 NdisTapi - ok
08:36:17.0062 4008 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
08:36:17.0062 4008 Ndisuio - ok
08:36:17.0078 4008 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
08:36:17.0078 4008 NdisWan - ok
08:36:17.0109 4008 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
08:36:17.0109 4008 NDProxy - ok
08:36:17.0125 4008 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
08:36:17.0125 4008 NetBIOS - ok
08:36:17.0156 4008 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
08:36:17.0171 4008 NetBT - ok
08:36:17.0218 4008 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:36:17.0218 4008 Netlogon - ok
08:36:17.0281 4008 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
08:36:17.0296 4008 Netman - ok
08:36:17.0327 4008 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
08:36:17.0343 4008 netprofm - ok
08:36:17.0421 4008 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:36:17.0437 4008 NetTcpPortSharing - ok
08:36:17.0515 4008 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
08:36:17.0515 4008 nfrd960 - ok
08:36:17.0593 4008 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
08:36:17.0593 4008 NlaSvc - ok
08:36:17.0655 4008 Norton PC Checkup Application Launcher - ok
08:36:17.0686 4008 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
08:36:17.0702 4008 Npfs - ok
08:36:17.0717 4008 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
08:36:17.0733 4008 nsi - ok
08:36:17.0733 4008 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
08:36:17.0733 4008 nsiproxy - ok
08:36:17.0858 4008 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
08:36:17.0905 4008 Ntfs - ok
08:36:18.0029 4008 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
08:36:18.0045 4008 Null - ok
08:36:18.0061 4008 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
08:36:18.0076 4008 nvraid - ok
08:36:18.0092 4008 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
08:36:18.0107 4008 nvstor - ok
08:36:18.0123 4008 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
08:36:18.0123 4008 nv_agp - ok
08:36:18.0139 4008 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
08:36:18.0139 4008 ohci1394 - ok
08:36:18.0263 4008 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:36:18.0279 4008 ose - ok
08:36:21.0227 4008 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:36:21.0415 4008 osppsvc - ok
08:36:22.0132 4008 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
08:36:22.0179 4008 p2pimsvc - ok
08:36:22.0850 4008 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
08:36:22.0881 4008 p2psvc - ok
08:36:23.0411 4008 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
08:36:23.0411 4008 Parport - ok
08:36:23.0474 4008 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
08:36:23.0474 4008 partmgr - ok
08:36:23.0708 4008 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
08:36:23.0723 4008 PcaSvc - ok
08:36:23.0879 4008 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
08:36:23.0879 4008 PCCUJobMgr - ok
08:36:24.0004 4008 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
08:36:24.0004 4008 pci - ok
08:36:24.0035 4008 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
08:36:24.0035 4008 pciide - ok
08:36:24.0145 4008 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
08:36:24.0160 4008 pcmcia - ok
08:36:24.0176 4008 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
08:36:24.0176 4008 pcw - ok
08:36:24.0394 4008 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
08:36:24.0410 4008 PEAUTH - ok
08:36:24.0753 4008 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
08:36:24.0769 4008 PerfHost - ok
08:36:25.0408 4008 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
08:36:25.0424 4008 PGEffect - ok
08:36:26.0188 4008 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
08:36:26.0251 4008 pla - ok
08:36:26.0407 4008 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
08:36:26.0422 4008 PlugPlay - ok
08:36:26.0469 4008 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
08:36:26.0469 4008 PNRPAutoReg - ok
08:36:26.0516 4008 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
08:36:26.0516 4008 PNRPsvc - ok
08:36:26.0734 4008 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
08:36:26.0734 4008 Point64 - ok
08:36:27.0109 4008 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
08:36:27.0124 4008 PolicyAgent - ok
08:36:27.0249 4008 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
08:36:27.0265 4008 Power - ok
08:36:27.0374 4008 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
08:36:27.0374 4008 PptpMiniport - ok
08:36:27.0405 4008 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
08:36:27.0405 4008 Processor - ok
08:36:27.0514 4008 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
08:36:27.0530 4008 ProfSvc - ok
08:36:27.0623 4008 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:36:27.0639 4008 ProtectedStorage - ok
08:36:27.0764 4008 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
08:36:27.0764 4008 Psched - ok
08:36:28.0091 4008 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
08:36:28.0138 4008 ql2300 - ok
08:36:28.0279 4008 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
08:36:28.0279 4008 ql40xx - ok
08:36:28.0357 4008 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
08:36:28.0372 4008 QWAVE - ok
08:36:28.0372 4008 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
08:36:28.0388 4008 QWAVEdrv - ok
08:36:28.0388 4008 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
08:36:28.0388 4008 RasAcd - ok
08:36:28.0481 4008 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
08:36:28.0481 4008 RasAgileVpn - ok
08:36:28.0528 4008 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
08:36:28.0528 4008 RasAuto - ok
08:36:28.0606 4008 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
08:36:28.0606 4008 Rasl2tp - ok
08:36:28.0700 4008 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
08:36:28.0715 4008 RasMan - ok
08:36:28.0747 4008 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
08:36:28.0747 4008 RasPppoe - ok
08:36:28.0793 4008 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
08:36:28.0793 4008 RasSstp - ok
08:36:28.0840 4008 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
08:36:28.0840 4008 rdbss - ok
08:36:28.0856 4008 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
08:36:28.0856 4008 rdpbus - ok
08:36:28.0871 4008 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
08:36:28.0871 4008 RDPCDD - ok
08:36:28.0887 4008 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
08:36:28.0887 4008 RDPENCDD - ok
08:36:28.0918 4008 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
08:36:28.0918 4008 RDPREFMP - ok
08:36:28.0965 4008 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
08:36:28.0965 4008 RDPWD - ok
08:36:28.0996 4008 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
08:36:28.0996 4008 rdyboost - ok
08:36:29.0059 4008 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
08:36:29.0074 4008 RemoteAccess - ok
08:36:29.0199 4008 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
08:36:29.0215 4008 RemoteRegistry - ok
08:36:29.0308 4008 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
08:36:29.0308 4008 RpcEptMapper - ok
08:36:29.0339 4008 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
08:36:29.0355 4008 RpcLocator - ok
08:36:29.0402 4008 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\System32\rpcss.dll
08:36:29.0402 4008 RpcSs - ok
08:36:29.0449 4008 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
08:36:29.0449 4008 rspndr - ok
08:36:29.0527 4008 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
08:36:29.0527 4008 RSUSBSTOR - ok
08:36:29.0636 4008 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
08:36:29.0651 4008 RTL8192Ce - ok
08:36:29.0683 4008 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:36:29.0698 4008 SamSs - ok
08:36:29.0729 4008 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
08:36:29.0729 4008 sbp2port - ok
08:36:29.0776 4008 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
08:36:29.0792 4008 SCardSvr - ok
08:36:29.0792 4008 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
08:36:29.0792 4008 scfilter - ok
08:36:29.0885 4008 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
08:36:29.0917 4008 Schedule - ok
08:36:29.0963 4008 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
08:36:29.0963 4008 SCPolicySvc - ok
08:36:29.0995 4008 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
08:36:29.0995 4008 SDRSVC - ok
08:36:30.0088 4008 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
08:36:30.0088 4008 secdrv - ok
08:36:30.0119 4008 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
08:36:30.0119 4008 seclogon - ok
08:36:30.0135 4008 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
08:36:30.0151 4008 SENS - ok
08:36:30.0166 4008 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
08:36:30.0166 4008 SensrSvc - ok
08:36:30.0182 4008 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
08:36:30.0182 4008 Serenum - ok
08:36:30.0291 4008 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
08:36:30.0291 4008 Serial - ok
08:36:30.0338 4008 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
08:36:30.0338 4008 sermouse - ok
08:36:30.0400 4008 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
08:36:30.0416 4008 SessionEnv - ok
08:36:30.0416 4008 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
08:36:30.0431 4008 sffdisk - ok
08:36:30.0431 4008 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
08:36:30.0431 4008 sffp_mmc - ok
08:36:30.0447 4008 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
08:36:30.0447 4008 sffp_sd - ok
08:36:30.0478 4008 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
08:36:30.0478 4008 sfloppy - ok
08:36:30.0634 4008 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
08:36:30.0634 4008 SharedAccess - ok
08:36:30.0712 4008 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
08:36:30.0728 4008 ShellHWDetection - ok
08:36:30.0775 4008 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
08:36:30.0775 4008 SiSRaid2 - ok
08:36:30.0790 4008 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
08:36:30.0790 4008 SiSRaid4 - ok
08:36:30.0821 4008 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
08:36:30.0821 4008 Smb - ok
08:36:30.0884 4008 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
08:36:30.0884 4008 SNMPTRAP - ok
08:36:30.0915 4008 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
08:36:30.0915 4008 spldr - ok
08:36:30.0977 4008 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
08:36:30.0993 4008 Spooler - ok
08:36:31.0243 4008 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
08:36:31.0321 4008 sppsvc - ok
08:36:31.0477 4008 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
08:36:31.0477 4008 sppuinotify - ok
08:36:31.0586 4008 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
08:36:31.0601 4008 srv - ok
08:36:31.0633 4008 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
08:36:31.0633 4008 srv2 - ok
08:36:31.0664 4008 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
08:36:31.0664 4008 srvnet - ok
08:36:31.0711 4008 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
08:36:31.0711 4008 SSDPSRV - ok
08:36:31.0742 4008 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
08:36:31.0757 4008 SstpSvc - ok
08:36:31.0757 4008 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
08:36:31.0757 4008 stexstor - ok
08:36:31.0851 4008 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
08:36:31.0867 4008 stisvc - ok
08:36:31.0929 4008 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
08:36:31.0929 4008 swenum - ok
08:36:32.0007 4008 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
08:36:32.0023 4008 swprv - ok
08:36:32.0147 4008 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
08:36:32.0194 4008 SysMain - ok
08:36:32.0366 4008 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
08:36:32.0381 4008 TabletInputService - ok
08:36:32.0428 4008 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
08:36:32.0444 4008 TapiSrv - ok
08:36:32.0444 4008 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
08:36:32.0459 4008 TBS - ok
08:36:32.0631 4008 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
08:36:32.0693 4008 Tcpip - ok
08:36:32.0943 4008 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
08:36:32.0959 4008 TCPIP6 - ok
08:36:33.0130 4008 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
08:36:33.0130 4008 tcpipreg - ok
08:36:33.0177 4008 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
08:36:33.0177 4008 tdcmdpst - ok
08:36:33.0193 4008 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
08:36:33.0193 4008 TDPIPE - ok
08:36:33.0239 4008 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
08:36:33.0239 4008 TDTCP - ok
08:36:33.0317 4008 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
08:36:33.0317 4008 tdx - ok
08:36:33.0333 4008 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
08:36:33.0333 4008 TermDD - ok
08:36:33.0427 4008 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
08:36:33.0458 4008 TermService - ok
08:36:33.0473 4008 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
08:36:33.0473 4008 Themes - ok
08:36:33.0520 4008 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
08:36:33.0520 4008 THREADORDER - ok
08:36:33.0661 4008 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
08:36:33.0661 4008 TMachInfo - ok
08:36:33.0723 4008 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
08:36:33.0723 4008 TODDSrv - ok
08:36:33.0973 4008 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
08:36:33.0988 4008 TosCoSrv - ok
08:36:34.0129 4008 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
08:36:34.0129 4008 TOSHIBA HDD SSD Alert Service - ok
08:36:34.0207 4008 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
08:36:34.0222 4008 TrkWks - ok
08:36:34.0285 4008 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
08:36:34.0285 4008 TrustedInstaller - ok
08:36:34.0363 4008 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
08:36:34.0363 4008 tssecsrv - ok
08:36:34.0394 4008 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
08:36:34.0394 4008 TsUsbFlt - ok
08:36:34.0409 4008 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
08:36:34.0425 4008 TsUsbGD - ok
08:36:34.0456 4008 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
08:36:34.0456 4008 tunnel - ok
08:36:34.0519 4008 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
08:36:34.0519 4008 TVALZ - ok
08:36:34.0675 4008 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
08:36:34.0675 4008 uagp35 - ok
08:36:34.0721 4008 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
08:36:34.0737 4008 udfs - ok
08:36:34.0799 4008 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
08:36:34.0799 4008 UI0Detect - ok
08:36:34.0815 4008 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
08:36:34.0815 4008 uliagpkx - ok
08:36:34.0831 4008 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
08:36:34.0846 4008 umbus - ok
08:36:34.0846 4008 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
08:36:34.0846 4008 UmPass - ok
08:36:34.0893 4008 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
08:36:34.0909 4008 upnphost - ok
08:36:34.0971 4008 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
08:36:34.0987 4008 usbaudio - ok
08:36:35.0033 4008 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
08:36:35.0049 4008 usbccgp - ok
08:36:35.0065 4008 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
08:36:35.0080 4008 usbcir - ok
08:36:35.0096 4008 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
08:36:35.0096 4008 usbehci - ok
08:36:35.0158 4008 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
08:36:35.0174 4008 usbhub - ok
08:36:35.0189 4008 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
08:36:35.0189 4008 usbohci - ok
08:36:35.0205 4008 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
08:36:35.0205 4008 usbprint - ok
08:36:35.0221 4008 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
08:36:35.0236 4008 USBSTOR - ok
08:36:35.0252 4008 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
08:36:35.0252 4008 usbuhci - ok
08:36:35.0299 4008 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
08:36:35.0299 4008 usbvideo - ok
08:36:35.0345 4008 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
08:36:35.0345 4008 UxSms - ok
08:36:35.0408 4008 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
08:36:35.0408 4008 VaultSvc - ok
08:36:35.0455 4008 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
08:36:35.0455 4008 vdrvroot - ok
08:36:35.0548 4008 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
08:36:35.0579 4008 vds - ok
08:36:35.0611 4008 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
08:36:35.0611 4008 vga - ok
08:36:35.0626 4008 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
08:36:35.0626 4008 VgaSave - ok
08:36:35.0673 4008 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
08:36:35.0673 4008 vhdmp - ok
08:36:35.0689 4008 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
08:36:35.0689 4008 viaide - ok
08:36:35.0704 4008 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
08:36:35.0704 4008 volmgr - ok
08:36:35.0767 4008 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
08:36:35.0767 4008 volmgrx - ok
08:36:35.0813 4008 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
08:36:35.0813 4008 volsnap - ok
08:36:35.0860 4008 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
08:36:35.0876 4008 vsmraid - ok
08:36:36.0079 4008 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
08:36:36.0125 4008 VSS - ok
08:36:36.0328 4008 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
08:36:36.0328 4008 vwifibus - ok
08:36:36.0375 4008 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
08:36:36.0375 4008 vwififlt - ok
08:36:36.0469 4008 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
08:36:36.0484 4008 W32Time - ok
08:36:36.0515 4008 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
08:36:36.0515 4008 WacomPen - ok
08:36:36.0562 4008 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:36:36.0562 4008 WANARP - ok
08:36:36.0578 4008 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
08:36:36.0578 4008 Wanarpv6 - ok
08:36:36.0765 4008 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
08:36:36.0812 4008 WatAdminSvc - ok
08:36:36.0983 4008 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
08:36:37.0030 4008 wbengine - ok
08:36:37.0171 4008 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
08:36:37.0186 4008 WbioSrvc - ok
08:36:37.0233 4008 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
08:36:37.0249 4008 wcncsvc - ok
08:36:37.0295 4008 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
08:36:37.0295 4008 WcsPlugInService - ok
08:36:37.0358 4008 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
08:36:37.0358 4008 Wd - ok
08:36:37.0467 4008 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
08:36:37.0483 4008 Wdf01000 - ok
08:36:37.0545 4008 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
08:36:37.0545 4008 WdiServiceHost - ok
08:36:37.0561 4008 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
08:36:37.0576 4008 WdiSystemHost - ok
08:36:37.0607 4008 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
08:36:37.0623 4008 WebClient - ok
08:36:37.0670 4008 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
08:36:37.0685 4008 Wecsvc - ok
08:36:37.0717 4008 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
08:36:37.0717 4008 wercplsupport - ok
08:36:37.0748 4008 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
08:36:37.0763 4008 WerSvc - ok
08:36:37.0810 4008 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
08:36:37.0810 4008 WfpLwf - ok
08:36:37.0826 4008 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
08:36:37.0841 4008 WIMMount - ok
08:36:37.0919 4008 WinDefend - ok
08:36:37.0935 4008 WinHttpAutoProxySvc - ok
08:36:38.0029 4008 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
08:36:38.0029 4008 Winmgmt - ok
08:36:38.0278 4008 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
08:36:38.0325 4008 WinRM - ok
08:36:38.0637 4008 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
08:36:38.0653 4008 Wlansvc - ok
08:36:38.0762 4008 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:36:38.0777 4008 wlcrasvc - ok
08:36:39.0167 4008 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:36:39.0230 4008 wlidsvc - ok
08:36:39.0401 4008 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
08:36:39.0401 4008 WmiAcpi - ok
08:36:39.0495 4008 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
08:36:39.0511 4008 wmiApSrv - ok
08:36:39.0557 4008 WMPNetworkSvc - ok
08:36:39.0620 4008 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
08:36:39.0635 4008 WPCSvc - ok
08:36:39.0651 4008 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
08:36:39.0667 4008 WPDBusEnum - ok
08:36:39.0713 4008 WRkrn (d2c0af1686a69fa12bcb7323a7c89d94) C:\windows\system32\drivers\WRkrn.sys
08:36:39.0729 4008 WRkrn - ok
08:36:39.0901 4008 WRSVC (7a285fae53340ee37b3dc9dac9e428a0) C:\Program Files\Webroot\WRSA.exe
08:36:39.0916 4008 WRSVC - ok
08:36:39.0947 4008 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
08:36:39.0963 4008 ws2ifsl - ok
08:36:40.0025 4008 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
08:36:40.0041 4008 wscsvc - ok
08:36:40.0057 4008 WSearch - ok
08:36:40.0478 4008 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
08:36:40.0556 4008 wuauserv - ok
08:36:40.0774 4008 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
08:36:40.0774 4008 WudfPf - ok
08:36:40.0821 4008 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
08:36:40.0837 4008 WUDFRd - ok
08:36:40.0883 4008 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
08:36:40.0899 4008 wudfsvc - ok
08:36:40.0946 4008 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
08:36:40.0946 4008 WwanSvc - ok
08:36:41.0008 4008 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
08:36:41.0367 4008 \Device\Harddisk0\DR0 - ok
08:36:41.0398 4008 Boot (0x1200) (0e8181833307af9717ce06ca6178d97c) \Device\Harddisk0\DR0\Partition0
08:36:41.0398 4008 \Device\Harddisk0\DR0\Partition0 - ok
08:36:41.0398 4008 ============================================================
08:36:41.0398 4008 Scan finished
08:36:41.0398 4008 ============================================================
08:36:41.0429 3648 Detected object count: 0
08:36:41.0429 3648 Actual detected object count: 0
08:36:59.0884 2380 Deinitialize success

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-07 08:37:55
-----------------------------
08:37:55.095 OS Version: Windows x64 6.1.7601 Service Pack 1
08:37:55.095 Number of processors: 2 586 0x200
08:37:55.110 ComputerName: AARONROUSCH-PC UserName: Aaron Rousch
08:37:56.842 Initialize success
08:38:06.498 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000061
08:38:06.498 Disk 0 Vendor: TOSHIBA_ AX00 Size: 305245MB BusType: 11
08:38:06.529 Disk 0 MBR read successfully
08:38:06.545 Disk 0 MBR scan
08:38:06.545 Disk 0 Windows VISTA default MBR code
08:38:06.576 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
08:38:06.607 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289710 MB offset 3074048
08:38:06.654 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14034 MB offset 596400128
08:38:06.717 Disk 0 scanning C:\windows\system32\drivers
08:38:11.662 Service scanning
08:38:33.315 Service WRkrn C:\windows\System32\drivers\WRkrn.sys **LOCKED** 32
08:38:34.360 Modules scanning
08:38:34.376 Disk 0 trace - called modules:
08:38:34.438 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
08:38:34.454 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80040f2060]
08:38:34.469 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8003bd4ac0]
08:38:34.485 5 amd_xata.sys[fffff880010dc8b4] -> nt!IofCallDriver -> \Device\00000061[0xfffffa8003bd0060]
08:38:34.500 Scan finished successfully
08:38:51.848 Disk 0 MBR has been saved successfully to "C:\Users\Aaron Rousch\Desktop\MBR.dat"
08:38:51.863 The log file has been saved successfully to "C:\Users\Aaron Rousch\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-07 08:41:28
-----------------------------
08:41:28.105 OS Version: Windows x64 6.1.7601 Service Pack 1
08:41:28.105 Number of processors: 2 586 0x200
08:41:28.105 ComputerName: AARONROUSCH-PC UserName: Aaron Rousch
08:41:29.961 Initialze error C000010E - driver not loaded
08:41:30.039 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
08:52:41.111 AVAST engine defs: 12070700
08:52:48.880 Service scanning
08:53:24.760 Modules scanning
08:53:24.776 Disk 0 trace - called modules:
08:53:24.776
08:53:26.445 AVAST engine scan C:\windows
08:53:30.564 AVAST engine scan C:\windows\system32
08:55:42.930 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:55:44.911 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:57:17.950 AVAST engine scan C:\windows\system32\drivers
08:57:30.960 AVAST engine scan C:\Users\Aaron Rousch
08:58:22.627 AVAST engine scan C:\ProgramData
08:58:51.706 Scan finished successfully
08:59:08.148 The log file has been saved successfully to "C:\Users\Aaron Rousch\Desktop\aswMBR.txt"

Edited by Aaron.R, 07 July 2012 - 09:01 AM.

Do what you gotta do to survive

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 07 July 2012 - 09:27 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Aaron.R

Aaron.R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 07 July 2012 - 10:03 AM

FRST Logs here
Scan result of Farbar Recovery Scan Tool Version: 07-07-2012 04
Ran by SYSTEM at 07-07-2012 09:57:24
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588456 2010-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-07] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul [688424 2012-07-05] (Webroot)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [123320 2011-07-19] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation)
2 WRSVC; "C:\Program Files\Webroot\WRSA.exe" -service [688424 2012-07-05] (Webroot)
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

========================== Drivers (Whitelisted) =============

3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 RTL8192Ce; C:\Windows\System32\Drivers\RTL8192Ce.sys [1109096 2011-01-05] (Realtek Semiconductor Corporation )
0 WRkrn; C:\Windows\System32\Drivers\WRkrn.sys [113232 2012-07-05] (Webroot)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
1 gdmjpazs; \??\C:\windows\system32\drivers\gdmjpazs.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-07 07:35 - 2012-07-07 07:36 - 04731392 ____A (AVAST Software) C:\Users\Aaron Rousch\Desktop\aswMBR.exe
2012-07-07 07:34 - 2012-07-07 07:35 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Aaron Rousch\Desktop\tdsskiller.exe
2012-07-06 16:34 - 2012-07-06 16:51 - 00000000 ____D C:\Users\Aaron Rousch\Desktop\Cosmic Fordge
2012-07-06 13:53 - 2012-07-06 13:53 - 00014810 ____A C:\ComboFix.txt
2012-07-06 09:08 - 2012-07-06 13:56 - 00000000 ____D C:\Qoobox
2012-07-06 09:08 - 2012-07-06 13:50 - 00000000 ____D C:\Windows\erdnt
2012-07-06 09:08 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-06 09:08 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-06 09:08 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-06 09:08 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-06 09:08 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-06 09:08 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-06 09:08 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-06 09:08 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-06 08:58 - 2012-07-06 08:59 - 04572925 ____R (Swearware) C:\Users\Aaron Rousch\Desktop\ComboFix.exe
2012-07-06 08:54 - 2012-07-06 08:54 - 00881475 ____A C:\Users\Aaron Rousch\Desktop\SecurityCheck.exe
2012-07-06 08:33 - 2012-07-06 08:33 - 00001134 ____A C:\Users\Public\Desktop\Wizardry 8.lnk
2012-07-06 08:33 - 2012-07-06 08:33 - 00000163 ____A C:\Users\Public\Desktop\Wizardry 8 Homepage.url
2012-07-05 21:54 - 2012-07-05 21:54 - 00000000 ____D C:\Program Files (x86)\Sirtech
2012-07-05 21:54 - 2001-01-15 11:41 - 00286208 ___RA C:\Windows\System32\binkw32.dll
2012-07-05 15:26 - 2012-07-05 15:26 - 00003544 ____N C:\bootsqm.dat
2012-07-05 13:19 - 2012-07-05 13:19 - 00000000 ____D C:\_OTL
2012-07-05 12:43 - 2012-07-05 12:25 - 00448512 ____A (OldTimer Tools) C:\Users\Aaron Rousch\Desktop\TFC.exe
2012-07-05 11:02 - 2012-07-05 11:02 - 243811194 ____A C:\Windows\MEMORY.DMP
2012-07-05 11:02 - 2012-07-05 11:02 - 00274560 ____A C:\Windows\Minidump\070512-23322-01.dmp
2012-07-05 11:02 - 2012-07-05 11:02 - 00000000 ____D C:\Windows\Minidump
2012-07-05 10:31 - 2012-07-07 08:02 - 00000000 ____D C:\Users\Aaron Rousch\Desktop\Infected Info
2012-07-05 08:51 - 2012-07-05 09:22 - 00000000 ____D C:\sh4ldr
2012-07-05 08:51 - 2012-07-05 08:51 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-07-05 08:44 - 2012-07-06 17:00 - 00000506 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-05 08:44 - 2012-07-05 09:22 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-05 08:44 - 2012-07-05 08:44 - 00000000 ____D C:\Users\Aaron Rousch\AppData\Roaming\SpeedyPC Software
2012-07-05 08:44 - 2012-07-05 08:44 - 00000000 ____D C:\Users\Aaron Rousch\AppData\Roaming\DriverCure
2012-07-05 08:24 - 2012-07-07 08:49 - 00000000 ____D C:\Users\All Users\WRData
2012-07-05 08:24 - 2012-07-05 18:24 - 00000000 ____D C:\Program Files\Webroot
2012-07-05 08:24 - 2012-07-05 08:24 - 00148728 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-07-05 08:24 - 2012-07-05 08:24 - 00113232 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-07-05 08:24 - 2012-07-05 08:24 - 00101872 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-07-04 23:16 - 2012-07-04 23:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F484D25ABC2666F0
2012-07-04 23:12 - 2012-07-04 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A48CDD3EFB5FA9B9
2012-07-04 23:07 - 2012-07-04 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C18504BA207190FC
2012-07-04 23:01 - 2012-07-04 23:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C79E99E86B912C32
2012-07-04 22:57 - 2012-07-04 22:57 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-04 22:57 - 2012-07-04 22:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-04 22:57 - 2012-07-04 22:57 - 00000000 ____D C:\Users\Aaron Rousch\AppData\Roaming\Malwarebytes
2012-07-04 22:57 - 2012-07-04 22:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-04 22:57 - 2012-04-04 14:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-04 22:56 - 2012-07-04 22:56 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-06-30 20:15 - 2012-06-30 20:15 - 00000146 ____A C:\Users\Elliot\Desktop\Internet Options - Shortcut.lnk
2012-06-20 18:11 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-20 18:11 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-20 18:11 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-20 18:11 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-20 18:10 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-20 18:10 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-20 18:10 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-20 18:10 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-20 18:10 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-19 17:56 - 2012-06-19 17:56 - 00001111 ____A C:\Users\Aaron Rousch\Desktop\Mame32 - Shortcut.lnk
2012-06-19 17:24 - 2012-06-20 18:08 - 00000000 ____D C:\Users\Aaron Rousch\Desktop\folders
2012-06-19 16:36 - 2012-06-19 16:36 - 00000000 ____D C:\data
2012-06-19 11:44 - 2012-07-04 18:39 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-19 11:44 - 2012-06-19 11:44 - 00000000 ____D C:\Windows\System32\Macromed
2012-06-14 14:49 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 14:49 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 14:49 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 14:49 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 14:49 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 14:49 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 14:49 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 14:49 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 14:49 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 14:49 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 14:49 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 14:49 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 14:49 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 14:49 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 14:49 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 14:49 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 14:49 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 14:49 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 14:49 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 14:49 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 14:49 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 14:49 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 14:49 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 14:49 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 14:49 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 14:49 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 14:49 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 14:49 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 22:10 - 2012-07-07 08:48 - 00000000 ____D C:\Users\Aaron Rousch\AppData\Local\CrashDumps
2012-06-13 22:10 - 2012-06-13 22:10 - 00000000 ____D C:\Users\Aaron Rousch\AppData\Roaming\WildTangent
2012-06-13 21:16 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 21:16 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 21:16 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 21:16 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 21:16 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 21:16 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 21:16 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 21:16 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 21:16 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 21:16 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 21:16 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 21:15 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 21:15 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 21:15 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 21:15 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 21:15 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 21:15 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


============ 3 Months Modified Files ========================

2012-07-07 08:52 - 2012-03-20 06:20 - 01753580 ____A C:\Windows\WindowsUpdate.log
2012-07-07 08:50 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-07 08:50 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-07 08:50 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-07 08:48 - 2009-07-13 20:51 - 00043206 ____A C:\Windows\setupact.log
2012-07-07 08:00 - 2012-03-20 07:23 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-07 07:36 - 2012-07-07 07:35 - 04731392 ____A (AVAST Software) C:\Users\Aaron Rousch\Desktop\aswMBR.exe
2012-07-07 07:35 - 2012-07-07 07:34 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Aaron Rousch\Desktop\tdsskiller.exe
2012-07-07 07:33 - 2012-03-20 07:23 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-07 07:33 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-06 17:00 - 2012-07-05 08:44 - 00000506 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
2012-07-06 13:53 - 2012-07-06 13:53 - 00014810 ____A C:\ComboFix.txt
2012-07-06 13:48 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-06 13:45 - 2010-11-20 19:47 - 00558502 ____A C:\Windows\PFRO.log
2012-07-06 08:59 - 2012-07-06 08:58 - 04572925 ____R (Swearware) C:\Users\Aaron Rousch\Desktop\ComboFix.exe
2012-07-06 08:54 - 2012-07-06 08:54 - 00881475 ____A C:\Users\Aaron Rousch\Desktop\SecurityCheck.exe
2012-07-06 08:33 - 2012-07-06 08:33 - 00001134 ____A C:\Users\Public\Desktop\Wizardry 8.lnk
2012-07-06 08:33 - 2012-07-06 08:33 - 00000163 ____A C:\Users\Public\Desktop\Wizardry 8 Homepage.url
2012-07-05 21:50 - 2009-07-13 21:08 - 00032546 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-05 15:26 - 2012-07-05 15:26 - 00003544 ____N C:\bootsqm.dat
2012-07-05 12:25 - 2012-07-05 12:43 - 00448512 ____A (OldTimer Tools) C:\Users\Aaron Rousch\Desktop\TFC.exe
2012-07-05 11:02 - 2012-07-05 11:02 - 243811194 ____A C:\Windows\MEMORY.DMP
2012-07-05 11:02 - 2012-07-05 11:02 - 00274560 ____A C:\Windows\Minidump\070512-23322-01.dmp
2012-07-05 08:24 - 2012-07-05 08:24 - 00148728 ____A (Webroot) C:\Windows\SysWOW64\WRusr.dll
2012-07-05 08:24 - 2012-07-05 08:24 - 00113232 ____A (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2012-07-05 08:24 - 2012-07-05 08:24 - 00101872 ____A (Webroot) C:\Windows\System32\WRusr.dll
2012-07-04 23:21 - 2012-05-28 09:15 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-04 23:16 - 2012-07-04 23:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F484D25ABC2666F0
2012-07-04 23:12 - 2012-07-04 23:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A48CDD3EFB5FA9B9
2012-07-04 23:07 - 2012-07-04 23:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C18504BA207190FC
2012-07-04 23:01 - 2012-07-04 23:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C79E99E86B912C32
2012-07-04 22:57 - 2012-07-04 22:57 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-04 22:51 - 2012-05-28 09:13 - 00743534 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-04 18:39 - 2012-06-19 11:44 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-04 18:39 - 2011-10-30 19:37 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-30 20:15 - 2012-06-30 20:15 - 00000146 ____A C:\Users\Elliot\Desktop\Internet Options - Shortcut.lnk
2012-06-19 17:56 - 2012-06-19 17:56 - 00001111 ____A C:\Users\Aaron Rousch\Desktop\Mame32 - Shortcut.lnk
2012-06-14 15:29 - 2009-07-13 20:45 - 00342720 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 15:02 - 2012-05-29 18:40 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-20 18:11 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 18:11 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 18:11 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 18:10 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 18:10 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-20 18:10 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 18:11 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 18:10 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:15 - 2012-06-20 18:10 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 22:25 - 2012-06-01 22:25 - 00086096 ____A C:\Users\Elliot\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-01 22:25 - 2012-06-01 22:25 - 00000020 ___SH C:\Users\Elliot\ntuser.ini
2012-05-31 11:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-29 18:47 - 2012-05-28 09:03 - 00086096 ____A C:\Users\Aaron Rousch\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-29 18:35 - 2012-05-29 18:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_point64_01009.Wdf
2012-05-28 11:07 - 2012-05-28 11:07 - 00000146 ____A C:\Users\Aaron Rousch\Desktop\Internet Options - Shortcut.lnk
2012-05-28 10:58 - 2012-05-28 10:58 - 00000013 __RSH C:\Windows\System32\Drivers\fbd.sys
2012-05-28 10:56 - 2012-05-28 10:56 - 00000020 ___SH C:\Users\Aaron Rousch\ntuser.ini
2012-05-28 09:50 - 2012-05-28 09:50 - 00001933 ____A C:\Users\Public\Desktop\DOSBox 0.74.lnk
2012-05-28 07:53 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-05-28 07:53 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-05-17 18:47 - 2012-06-14 14:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 14:49 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 14:49 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 14:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 14:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 14:49 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 14:49 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 14:49 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 14:49 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 14:49 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 14:49 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 14:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 14:49 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 14:49 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 14:49 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 14:49 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 14:49 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 14:49 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 14:49 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 14:49 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 14:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 14:49 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 14:49 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 14:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 14:49 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 14:49 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 14:49 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 14:49 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-13 21:16 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-04 03:06 - 2012-06-13 21:16 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 21:16 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 21:16 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 21:16 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 21:16 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 21:16 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 21:16 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 21:16 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 21:15 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 21:15 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 21:15 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 21:15 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 21:15 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 21:15 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


ZeroAccess:
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}\@

ZeroAccess:
C:\Users\Aaron Rousch\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}
C:\Users\Aaron Rousch\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}\@
C:\Users\Aaron Rousch\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}\L
C:\Users\Aaron Rousch\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-10-30 19:09] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-10-30 19:09] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-10-30 19:07] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3686.87 MB
Available physical RAM: 3162.17 MB
Total Pagefile: 3685.07 MB
Available Pagefile: 3151.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106302W0C) (Fixed) (Total:282.92 GB) (Free:207.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (WIZ8_3) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:0.98 GB) (Free:0.98 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1007 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 282 GB 1501 MB
Partition 3 Primary 13 GB 284 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106302W0C NTFS Partition 282 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1007 MB 32 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 1007 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-16 12:28

======================= End Of Log ==========================

Its 10:02 A.m where i am and i need to head off to work i wont be back till 8:00p.m when i get off work i'll continue ok Gringo?

Sorry about this ><
Do what you gotta do to survive

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 07 July 2012 - 03:00 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

1 gdmjpazs; \??\C:\windows\system32\drivers\gdmjpazs.sys [x]
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc}
C:\Users\Aaron Rousch\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Aaron.R

Aaron.R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 07 July 2012 - 11:50 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 07-07-2012 04
Ran by SYSTEM at 2012-07-07 23:47:29 Run:1
Running from Y:\

==============================================

gdmjpazs service deleted successfully.
C:\Windows\Installer\{1124a725-e7eb-82f4-e978-28044d39f9dc} moved successfully.
C:\Users\Aaron Rousch\AppData\Local\{1124a725-e7eb-82f4-e978-28044d39f9dc} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

Sorry about it being so late :wacko:
Do what you gotta do to survive

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:03 PM

Posted 07 July 2012 - 11:53 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Aaron.R

Aaron.R
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:03 PM

Posted 08 July 2012 - 12:18 PM

logsComboFix 12-07-06.01 - Aaron Rousch 07/08/2012 11:21:04.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2595 [GMT -7:00]
Running from: c:\users\Aaron Rousch\Desktop\ComboFix.exe
Command switches used :: c:\users\Aaron Rousch\Desktop\CFScript.txt
AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 18:27 . 2012-07-08 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-08 18:27 . 2012-07-08 18:27 -------- d-----w- c:\users\Elliot\AppData\Local\temp
2012-07-07 17:56 . 2012-07-07 17:57 -------- d-----w- C:\FRST
2012-07-06 05:54 . 2001-01-15 19:41 286208 ----a-r- c:\windows\system32\binkw32.dll
2012-07-06 05:54 . 2012-07-06 05:54 -------- d-----w- c:\program files (x86)\Sirtech
2012-07-05 21:19 . 2012-07-05 21:19 -------- d-----w- C:\_OTL
2012-07-05 17:06 . 2012-07-05 17:06 -------- d-----w- c:\users\Aaron Rousch\AppData\Local\Diagnostics
2012-07-05 16:51 . 2012-07-05 17:22 -------- d-----w- C:\sh4ldr
2012-07-05 16:51 . 2012-07-05 16:51 -------- d-----w- c:\program files\Enigma Software Group
2012-07-05 16:50 . 2012-07-05 16:50 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-05 16:44 . 2012-07-05 16:44 -------- d-----w- c:\users\Aaron Rousch\AppData\Roaming\DriverCure
2012-07-05 16:44 . 2012-07-05 16:44 -------- d-----w- c:\users\Aaron Rousch\AppData\Roaming\SpeedyPC Software
2012-07-05 16:44 . 2012-07-05 17:22 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-05 16:24 . 2012-07-05 16:24 148728 ----a-w- c:\windows\SysWow64\WRusr.dll
2012-07-05 16:24 . 2012-07-05 16:24 113232 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2012-07-05 16:24 . 2012-07-05 16:24 101872 ----a-w- c:\windows\system32\WRusr.dll
2012-07-05 16:24 . 2012-07-06 02:24 -------- d-----w- c:\program files\Webroot
2012-07-05 16:24 . 2012-07-08 17:07 -------- d-----w- c:\programdata\WRData
2012-07-05 07:16 . 2012-07-05 07:16 328704 ----a-w- c:\windows\system32\services.exe.F484D25ABC2666F0
2012-07-05 07:12 . 2012-07-05 07:12 328704 ----a-w- c:\windows\system32\services.exe.A48CDD3EFB5FA9B9
2012-07-05 07:07 . 2012-07-05 07:07 328704 ----a-w- c:\windows\system32\services.exe.C18504BA207190FC
2012-07-05 07:01 . 2012-07-05 07:01 328704 ----a-w- c:\windows\system32\services.exe.C79E99E86B912C32
2012-07-05 06:57 . 2012-07-05 06:57 -------- d-----w- c:\users\Aaron Rousch\AppData\Roaming\Malwarebytes
2012-07-05 06:57 . 2012-07-05 06:57 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 06:57 . 2012-07-05 06:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 06:57 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-05 06:56 . 2012-07-05 06:56 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-21 02:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 02:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 02:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 02:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 02:10 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 02:10 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 02:10 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 02:10 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 02:10 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 00:36 . 2012-06-20 00:36 -------- d-----w- C:\data
2012-06-19 19:44 . 2012-07-05 02:39 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 19:44 . 2012-06-19 19:44 -------- d-----w- c:\windows\system32\Macromed
2012-06-14 06:10 . 2012-06-14 06:10 -------- d-----w- c:\users\Aaron Rousch\AppData\Roaming\WildTangent
2012-06-14 06:10 . 2012-07-08 06:49 -------- d-----w- c:\users\Aaron Rousch\AppData\Local\CrashDumps
2012-06-14 05:16 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 05:16 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 05:16 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 05:16 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 05:16 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 05:16 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 05:16 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 05:16 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 05:16 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 05:16 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 05:16 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 05:15 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 05:15 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 05:15 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 05:15 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 05:15 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 05:15 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-05 02:39 . 2011-10-31 03:37 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-28 18:57 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-06_21.48.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-07-08 17:06 38126 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-08 17:06 51172 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-28 17:09 . 2012-07-08 17:06 10506 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1291522123-1169691021-3186747090-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-07-08 06:51 95984 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-08 17:04 . 2012-07-08 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-06 21:45 . 2012-07-06 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-08 17:04 . 2012-07-08 17:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-06 21:45 . 2012-07-06 21:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-28 17:04 . 2012-07-07 02:10 222470 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-06 21:32 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-07 16:50 624178 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-07 16:50 106522 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-06 21:32 106522 c:\windows\system32\perfc009.dat
+ 2012-03-20 14:32 . 2012-07-08 06:51 764040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-03-20 14:32 . 2012-07-06 21:45 764040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-07-06 21:45 319200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-08 06:51 319200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-28 17:05 . 2012-07-06 21:45 13442652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1291522123-1169691021-3186747090-1000-8192.dat
+ 2012-05-28 17:05 . 2012-07-06 23:57 13442652 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1291522123-1169691021-3186747090-1000-8192.dat
- 2012-05-28 22:27 . 2012-07-06 01:49 22443792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1291522123-1169691021-3186747090-1000-4096.dat
+ 2012-05-28 22:27 . 2012-07-07 02:32 22443792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1291522123-1169691021-3186747090-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-07-05 688424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 136176]
R2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-07-05 688424]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-30 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-07-05 113232]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-08 9360896]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-08 309760]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 15:23]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-20 15:23]
.
2012-07-08 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-08 11:31:47
ComboFix-quarantined-files.txt 2012-07-08 18:31
ComboFix2.txt 2012-07-06 21:53
.
Pre-Run: 222,653,227,008 bytes free
Post-Run: 222,354,862,080 bytes free
.
- - End Of File - - BA44303BFE62DA4F177DD02C06C34984
So far the computer seems to be doing fine, not so much lag when i hit up the internet, programs are opening up faster :thumbup2:
Do what you gotta do to survive




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users