Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Startup Repair Infinite Loop


  • This topic is locked This topic is locked
20 replies to this topic

#1 Daiquiri

Daiquiri

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 11 July 2012 - 11:21 PM

Hello, I am trying to fix a friends computer which is not able to boot properly. The computer is running Vista.

When ever I try to start my computer it goes to the blue screen and says that it must perform a startup repair. But everytime the system does the startup repair it fails and it asks me to restart the computer which leads back to the blue screen and etc...

I tried accessing safe mode but still meet up with the blue screen.
Note: I cannot access the computer, can only use command prompt functions.

Anyway, here is a Farbar Recovery Scan Tool Log that I did using a flash drive and the CMD. Any help will be appreciated!

--------------------------------------------------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 11-07-2012 23:15:04
Running from J:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [118784 2007-02-15] (OsdMaestro)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [] [x]
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13539872 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [92704 2008-05-22] (NVIDIA Corporation)
HKLM\...\Run: [KBD] C:\HP\KBD\KBD.EXE [61440 2005-02-02] (Hewlett-Packard Company)
HKLM\...\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [770728 2010-05-17] ()
HKLM\...\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe" [148280 2010-05-17] ()
HKLM\...\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure [176128 2005-07-27] (Offer Atzitz)
HKLM\...\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto [222208 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252136 2011-05-04] (Sun Microsystems, Inc.)
HKLM\...\Run: [MapsGalaxy Search Scope Monitor] "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h [42536 2012-03-25] (MindSpark)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [57442464 2012-07-11] (Microsoft Corporation)
HKU\Administrator\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783400 2007-06-01] (Hewlett-Packard)
HKU\Administrator\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-06-14] (Siber Systems)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783400 2007-06-01] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783400 2007-06-01] (Hewlett-Packard)
HKU\Guest\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783400 2007-06-01] (Hewlett-Packard)
HKU\Guest\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-06-14] (Siber Systems)
HKU\HpComputer\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783400 2007-06-01] (Hewlett-Packard)
HKU\HpComputer\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-06-14] (Siber Systems)
HKU\ikeneme N2857\...\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783400 2007-06-01] (Hewlett-Packard)
HKU\ikeneme N2857\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\ikeneme N2857\...\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [5724184 2007-10-18] (Microsoft Corporation)
HKU\ikeneme N2857\...\Run: [BitTorrent DNA] "C:\Users\ikeneme N2857\Program Files\DNA\btdna.exe" [323392 2010-10-02] (BitTorrent, Inc.)
HKU\ikeneme N2857\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
HKU\ikeneme N2857\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-06-14] (Siber Systems)
HKU\IKENMEPC\...\Run: [HPADVISOR] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun [1783400 2007-06-01] (Hewlett-Packard)
HKU\IKENMEPC\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [5724184 2007-10-18] (Microsoft Corporation)
HKU\IKENMEPC\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\IKENMEPC\...\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [4347120 2008-11-05] (Yahoo! Inc.)
HKU\IKENMEPC\...\Run: [BitTorrent DNA] "C:\Users\IKENMEPC\Program Files\DNA\btdna.exe" [323392 2009-11-12] (BitTorrent, Inc.)
HKU\IKENMEPC\...\Run: [MSSMSGS] rundll32.exe winorl32.rom,qALpmKtOl [x]
HKU\IKENMEPC\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [3558648 2009-04-03] (Veoh Networks)
HKU\IKENMEPC\...\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [160328 2010-06-14] (Siber Systems)
HKU\NotUsing\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-08-24] ()
HKU\NotUsing\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
HKU\NotUsing\...\Run: [Google Update] "C:\Users\NotUsing\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-08-03] (Google Inc.)
HKU\NotUsing\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-09-30] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
AppInit_DLLs: avgrsstx.dll
Startup: C:\Users\IKENMEPC\Start Menu\Programs\Startup\4t Tray Minimizer.lnk
ShortcutTarget: 4t Tray Minimizer.lnk -> C:\Program Files\4t Tray Minimizer\4t-min.exe (4t Niagara Software)
Startup: C:\Users\NotUsing\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\Users\NotUsing\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)

================================ Services (Whitelisted) ==================

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [22016 2006-11-02] (Microsoft Corporation)
2 FastUserSwitchingCompatibility; C:\Windows\system32\FastUv32.dll [57344 2012-05-02] ()
2 FileZilla Server; "C:\Program Files\FileZilla Server\FileZilla Server.exe" [630272 2011-06-07] (FileZilla Project)
2 libusbd; C:\Windows\System32\libusbd-nt.exe [18944 2005-03-09] (http://libusb-win32.sourceforge.net)
2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
2 lxec_device; C:\Windows\system32\lxeccoms.exe -service [598696 2010-04-14] ( )
2 MapsGalaxy_39Service; C:\PROGRA~1\MAPSGA~2\bar\1.bin\39barsvc.exe [42504 2012-03-25] (COMPANYVERS_NAME)
2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)
2 mi-raysat_3dsmax9_32; "C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe" [65536 2006-09-29] ()
2 N360; "C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton 360\Engine\5.1.0.29\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 NEC Usb3; C:\Windows\system32\usbnaw32.dll [156672 2012-05-02] (Intel Corporation )
2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe /s [120248 2010-12-18] (Symantec Corporation)
2 pcCMService; "C:\Program Files\Common Files\Motive\pcCMService.exe" [361472 2012-06-18] (Alcatel-Lucent)
2 PCCUJobMgr; "C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
2 PSI_SVC_2; "C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe" [185632 2007-07-24] (Protexis Inc.)
2 SPService; C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL [79872 2012-04-29] ()
2 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [244960 2011-10-17] ()
3 usnjsvc; "C:\Program Files\Windows Live\Messenger\usnsvc.exe" [98328 2007-10-18] (Microsoft Corporation)
3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [22016 2006-11-02] (Microsoft Corporation)
2 wdica; C:\Windows\System32\Invoker.dll [5632 2006-11-02] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
3 WLSetupSvc; "C:\Program Files\Windows Live\installer\WLSetupSvc.exe" [266240 2007-10-25] (Microsoft Corporation)
2 avg9wd; "C:\Program Files\AVG\AVG9\avgwdsvc.exe" [x]
4 EraserSvc11014; "C:\Program Files\Norton 360\Engine\5.0.0.125\ccSvcHst.exe" /h ccCommon [x]
2 HP Health Check Service; "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
2 LightScribeService; "c:\Program Files\Common Files\LightScribe\LSSrvc.exe" [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
3 RoxMediaDB9; "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" [x]
3 rpcapd; "C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini" [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]
3 stllssvr; "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" [x]

========================== Drivers (Whitelisted) =============

1 AvgLdx86; C:\Windows\System32\Drivers\avgldx86.sys [216400 2010-08-16] (AVG Technologies CZ, s.r.o.)
1 AvgMfx86; C:\Windows\System32\Drivers\avgmfx86.sys [29584 2010-08-16] (AVG Technologies CZ, s.r.o.)
0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [52872 2010-08-16] (AVG Technologies CZ, s.r.o.)
1 AvgTdiX; C:\Windows\System32\Drivers\avgtdix.sys [243024 2010-08-16] (AVG Technologies CZ, s.r.o.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111123.001\BHDrvx86.sys [819320 2011-11-23] (Symantec Corporation)
2 dualshock3; C:\Windows\System32\DRIVERS\dualshock3.sys [11392 2008-11-22] ()
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-12-10] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2011-12-10] (Symantec Corporation)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [17480 2009-03-28] (LogMeIn, Inc.)
3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [13952 2010-02-04] (Windows ® Win 7 DDK provider)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111209.002\IDSvix86.sys [368248 2011-12-09] (Symantec Corporation)
0 kiafco; C:\Windows\System32\Drivers\kiafco.sys [0 2012-07-11] ()
3 libusb0; C:\Windows\System32\drivers\libusb0.sys [33792 2005-03-09] ()
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111210.007\NAVENG.SYS [86136 2011-12-10] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111210.007\NAVEX15.SYS [1576312 2011-12-10] (Symantec Corporation)
3 NPF; C:\Windows\System32\drivers\npf.sys [42000 2007-01-25] (CACE Technologies)
2 npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [23217 2008-10-15] (INCA Internet Co., Ltd.)
4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-10] (Microsoft Corporation)
3 SRTSP; C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS [516216 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS [50168 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0501000.01D\SYMDS.SYS [340088 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0501000.01D\SYMEFA.SYS [744568 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-09-06] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [136312 2010-11-15] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS [331384 2011-03-21] (Symantec Corporation)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
1 gntqivkn; \??\C:\Windows\system32\drivers\gntqivkn.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]
3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 XDva143; \??\C:\Windows\system32\XDva143.sys [x]
3 XDva189; \??\C:\Windows\system32\XDva189.sys [x]

========================== NetSvcs (Whitelisted) ===========

NETSVC: wdica -> C:\Windows\system32\Invoker.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess

============ One Month Created Files and Folders ==============

2012-07-11 22:43 - 2012-07-11 01:06 - 39411712 ____A C:\Windows\System32\config\COMPONENTS.OLD
2012-07-11 22:43 - 2012-07-11 01:01 - 24436736 ____A C:\Windows\System32\config\SYSTEM.OLD
2012-07-11 22:43 - 2012-07-11 01:01 - 00925696 ____A C:\Windows\System32\config\DEFAULT.OLD
2012-07-11 22:43 - 2012-07-11 01:01 - 00167936 ____A C:\Windows\System32\config\SAM.OLD
2012-07-11 22:43 - 2012-07-11 00:59 - 71892992 ____A C:\Windows\System32\config\SOFTWARE.OLD
2012-07-11 22:43 - 2012-07-11 00:41 - 00032768 ____A C:\Windows\System32\config\SECURITY.OLD
2012-07-11 22:40 - 2012-07-11 22:40 - 00000000 ____D C:\Windows\System32\config\mybackup
2012-07-11 22:07 - 2012-07-11 22:07 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-07-11 21:56 - 2012-07-11 21:56 - 00000000 ____D C:\FRST
2012-07-09 21:31 - 2012-07-09 21:31 - 00144952 ____A C:\Windows\Minidump\Mini071012-01.dmp
2012-06-28 22:56 - 2012-06-30 00:58 - 00000440 ____A C:\RoboFormDataHere.txt
2012-06-28 19:30 - 2012-06-28 19:30 - 00144952 ____A C:\Windows\Minidump\Mini062812-03.dmp
2012-06-28 13:06 - 2012-06-28 13:06 - 00144952 ____A C:\Windows\Minidump\Mini062812-02.dmp
2012-06-28 03:16 - 2012-06-28 03:16 - 00144952 ____A C:\Windows\Minidump\Mini062812-01.dmp
2012-06-26 01:13 - 2012-06-26 01:13 - 00144952 ____A C:\Windows\Minidump\Mini062612-04.dmp
2012-06-26 00:33 - 2012-06-26 00:33 - 00144952 ____A C:\Windows\Minidump\Mini062612-03.dmp
2012-06-26 00:29 - 2012-06-26 00:29 - 00144952 ____A C:\Windows\Minidump\Mini062612-02.dmp
2012-06-26 00:26 - 2012-06-26 00:26 - 00144952 ____A C:\Windows\Minidump\Mini062612-01.dmp
2012-06-22 19:01 - 2012-06-22 19:01 - 00144952 ____A C:\Windows\Minidump\Mini062212-01.dmp
2012-06-20 17:26 - 2012-07-07 21:43 - 00000034 ____A C:\Windows\setupact.log
2012-06-20 17:26 - 2012-06-20 17:26 - 00000000 ____A C:\Windows\setuperr.log
2012-06-20 17:06 - 2012-06-20 17:06 - 00144952 ____A C:\Windows\Minidump\Mini062012-01.dmp
2012-06-16 22:43 - 2012-06-16 22:43 - 00144952 ____A C:\Windows\Minidump\Mini061712-01.dmp
2012-06-15 11:56 - 2012-06-15 11:56 - 00144952 ____A C:\Windows\Minidump\Mini061512-01.dmp

============ 3 Months Modified Files ========================

2012-07-11 15:26 - 2006-11-02 00:57 - 00068096 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2012-07-11 12:16 - 2010-08-15 22:09 - 00000000 ____A C:\Windows\System32\Drivers\kiafco.sys
2012-07-11 12:15 - 2011-12-04 08:27 - 00000434 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{411B3A11-83EC-45FB-8747-47A77A18EBA6}.job
2012-07-11 12:15 - 2008-02-28 17:22 - 00000424 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{EB042B35-A920-4B0C-AF10-2DBED7C4129D}.job
2012-07-11 12:15 - 2007-12-21 12:34 - 00000444 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{3DAE6D88-D977-464C-9B31-122CE8B27C2E}.job
2012-07-11 12:09 - 2007-11-02 09:58 - 01219035 ____A C:\Windows\WindowsUpdate.log
2012-07-11 12:05 - 2011-04-18 12:32 - 00041994 ____A C:\Users\All Users\lxecscan.log
2012-07-11 12:05 - 2011-04-18 12:32 - 00041994 ____A C:\Users\All Users\Application Data\lxecscan.log
2012-07-11 12:05 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-11 12:05 - 2006-11-02 04:47 - 00003456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-11 12:05 - 2006-11-02 04:47 - 00003456 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-11 05:23 - 2011-08-03 00:43 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618752605-3819726555-3655755188-1003UA.job
2012-07-11 05:17 - 2011-09-30 12:06 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-11 05:17 - 2011-09-30 12:06 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-11 02:32 - 2009-05-10 05:36 - 00000424 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{D21D2D4B-EAE2-4B00-8946-DE0E48A2A7C2}.job
2012-07-11 01:41 - 2012-04-29 12:51 - 00000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-07-11 01:41 - 2007-08-22 09:18 - 00293842 ____A C:\Windows\PFRO.log
2012-07-11 01:40 - 2006-11-02 05:01 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-11 01:24 - 2008-03-12 02:03 - 00000129 ____A C:\Windows\System32\MRT.INI
2012-07-11 01:06 - 2012-07-11 22:43 - 39411712 ____A C:\Windows\System32\config\COMPONENTS.OLD
2012-07-11 01:01 - 2012-07-11 22:43 - 24436736 ____A C:\Windows\System32\config\SYSTEM.OLD
2012-07-11 01:01 - 2012-07-11 22:43 - 00925696 ____A C:\Windows\System32\config\DEFAULT.OLD
2012-07-11 01:01 - 2012-07-11 22:43 - 00167936 ____A C:\Windows\System32\config\SAM.OLD
2012-07-11 00:59 - 2012-07-11 22:43 - 71892992 ____A C:\Windows\System32\config\SOFTWARE.OLD
2012-07-11 00:42 - 2006-11-02 02:24 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-07-11 00:42 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
2012-07-11 00:41 - 2012-07-11 22:43 - 00032768 ____A C:\Windows\System32\config\SECURITY.OLD
2012-07-10 00:23 - 2011-08-03 00:43 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618752605-3819726555-3655755188-1003Core.job
2012-07-09 21:31 - 2012-07-09 21:31 - 00144952 ____A C:\Windows\Minidump\Mini071012-01.dmp
2012-07-09 21:27 - 2012-05-20 07:18 - 373080562 ____A C:\Windows\MEMORY.DMP
2012-07-08 20:00 - 2009-12-06 00:44 - 00000408 ___AH C:\Windows\Tasks\Norton Security Scan for NotUsing.job
2012-07-07 21:43 - 2012-06-20 17:26 - 00000034 ____A C:\Windows\setupact.log
2012-07-06 03:16 - 2011-04-18 17:38 - 00359786 ____A C:\Users\All Users\lxecJSW.log
2012-07-06 03:16 - 2011-04-18 17:38 - 00359786 ____A C:\Users\All Users\Application Data\lxecJSW.log
2012-07-03 04:46 - 2010-12-10 07:09 - 00000334 ____A C:\Windows\Tasks\HPCeeScheduleForNotUsing.job
2012-06-30 00:58 - 2012-06-28 22:56 - 00000440 ____A C:\RoboFormDataHere.txt
2012-06-28 19:30 - 2012-06-28 19:30 - 00144952 ____A C:\Windows\Minidump\Mini062812-03.dmp
2012-06-28 13:06 - 2012-06-28 13:06 - 00144952 ____A C:\Windows\Minidump\Mini062812-02.dmp
2012-06-28 03:16 - 2012-06-28 03:16 - 00144952 ____A C:\Windows\Minidump\Mini062812-01.dmp
2012-06-26 01:13 - 2012-06-26 01:13 - 00144952 ____A C:\Windows\Minidump\Mini062612-04.dmp
2012-06-26 00:33 - 2012-06-26 00:33 - 00144952 ____A C:\Windows\Minidump\Mini062612-03.dmp
2012-06-26 00:29 - 2012-06-26 00:29 - 00144952 ____A C:\Windows\Minidump\Mini062612-02.dmp
2012-06-26 00:26 - 2012-06-26 00:26 - 00144952 ____A C:\Windows\Minidump\Mini062612-01.dmp
2012-06-22 19:01 - 2012-06-22 19:01 - 00144952 ____A C:\Windows\Minidump\Mini062212-01.dmp
2012-06-20 17:50 - 2006-11-02 02:33 - 00873046 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-20 17:26 - 2012-06-20 17:26 - 00000000 ____A C:\Windows\setuperr.log
2012-06-20 17:06 - 2012-06-20 17:06 - 00144952 ____A C:\Windows\Minidump\Mini062012-01.dmp
2012-06-16 22:43 - 2012-06-16 22:43 - 00144952 ____A C:\Windows\Minidump\Mini061712-01.dmp
2012-06-16 03:46 - 2010-11-29 21:40 - 01857536 ____H C:\Users\NotUsing\My Documents\~WRL0838.tmp
2012-06-16 03:46 - 2010-11-29 21:40 - 01857536 ____H C:\Users\NotUsing\Documents\~WRL0838.tmp
2012-06-15 11:56 - 2012-06-15 11:56 - 00144952 ____A C:\Windows\Minidump\Mini061512-01.dmp
2012-06-12 05:42 - 2012-01-13 18:28 - 00579584 ____H C:\Users\NotUsing\My Documents\~WRL2832.tmp
2012-06-12 05:42 - 2012-01-13 18:28 - 00579584 ____H C:\Users\NotUsing\Documents\~WRL2832.tmp
2012-06-12 05:18 - 2012-01-13 18:28 - 00657408 ____H C:\Users\NotUsing\My Documents\~WRL2844.tmp
2012-06-12 05:18 - 2012-01-13 18:28 - 00657408 ____H C:\Users\NotUsing\Documents\~WRL2844.tmp
2012-06-07 21:50 - 2010-11-29 21:40 - 01857024 ____H C:\Users\NotUsing\My Documents\~WRL0929.tmp
2012-06-07 21:50 - 2010-11-29 21:40 - 01857024 ____H C:\Users\NotUsing\Documents\~WRL0929.tmp
2012-06-06 17:00 - 2012-06-06 17:00 - 00144952 ____A C:\Windows\Minidump\Mini060612-01.dmp
2012-05-30 10:20 - 2012-05-30 10:20 - 00144952 ____A C:\Windows\Minidump\Mini053012-01.dmp
2012-05-23 06:17 - 2012-01-13 18:28 - 00564736 ____H C:\Users\NotUsing\My Documents\~WRL2653.tmp
2012-05-23 06:17 - 2012-01-13 18:28 - 00564736 ____H C:\Users\NotUsing\Documents\~WRL2653.tmp
2012-05-21 09:15 - 2012-05-21 09:15 - 00144952 ____A C:\Windows\Minidump\Mini052112-01.dmp
2012-05-20 07:18 - 2012-05-20 07:18 - 00144952 ____A C:\Windows\Minidump\Mini052012-01.dmp
2012-05-15 14:55 - 2012-05-15 14:55 - 00385904 ____A C:\Users\NotUsing\Desktop\ATT_SST.exe
2012-05-15 10:46 - 2012-05-15 10:46 - 01169072 ____A (LogMeIn, Inc.) C:\Users\NotUsing\Desktop\Support-LogMeInRescue.exe
2012-05-15 10:22 - 2012-05-15 10:21 - 01211088 ____A C:\Users\NotUsing\Desktop\rc-installer.exe
2012-05-14 20:20 - 2012-05-14 20:20 - 00000680 ____A C:\Users\HpComputer\Local Settings\d3d9caps.dat
2012-05-14 20:20 - 2012-05-14 20:20 - 00000680 ____A C:\Users\HpComputer\Local Settings\Application Data\d3d9caps.dat
2012-05-14 20:20 - 2012-05-14 20:20 - 00000680 ____A C:\Users\HpComputer\AppData\Local\d3d9caps.dat
2012-05-09 18:59 - 2012-01-13 18:28 - 00557056 ____H C:\Users\NotUsing\My Documents\~WRL3788.tmp
2012-05-09 18:59 - 2012-01-13 18:28 - 00557056 ____H C:\Users\NotUsing\Documents\~WRL3788.tmp
2012-05-09 18:57 - 2012-01-13 18:28 - 00552960 ____H C:\Users\NotUsing\My Documents\~WRL0931.tmp
2012-05-09 18:57 - 2012-01-13 18:28 - 00552960 ____H C:\Users\NotUsing\Documents\~WRL0931.tmp
2012-05-09 18:55 - 2012-01-13 18:28 - 00546304 ____H C:\Users\NotUsing\My Documents\~WRL3640.tmp
2012-05-09 18:55 - 2012-01-13 18:28 - 00546304 ____H C:\Users\NotUsing\Documents\~WRL3640.tmp
2012-05-09 02:07 - 2012-01-13 18:28 - 00537600 ____H C:\Users\NotUsing\My Documents\~WRL3989.tmp
2012-05-09 02:07 - 2012-01-13 18:28 - 00537600 ____H C:\Users\NotUsing\Documents\~WRL3989.tmp
2012-05-09 02:03 - 2012-01-13 18:28 - 00532992 ____H C:\Users\NotUsing\My Documents\~WRL2853.tmp
2012-05-09 02:03 - 2012-01-13 18:28 - 00532992 ____H C:\Users\NotUsing\My Documents\~WRL1019.tmp
2012-05-09 02:03 - 2012-01-13 18:28 - 00532992 ____H C:\Users\NotUsing\Documents\~WRL2853.tmp
2012-05-09 02:03 - 2012-01-13 18:28 - 00532992 ____H C:\Users\NotUsing\Documents\~WRL1019.tmp
2012-05-05 12:13 - 2012-05-05 12:13 - 00000911 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-05 12:13 - 2012-05-05 12:13 - 00000911 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-05-04 14:30 - 2012-05-04 14:19 - 16339280 ____A (Mozilla) C:\Users\NotUsing\Desktop\Firefox Setup 12.0.exe
2012-05-02 08:04 - 2012-05-02 08:04 - 00105324 ____A C:\Windows\System32\itusbcore.dat
2012-05-02 08:04 - 2012-05-02 07:04 - 00000197 ____A C:\Windows\System32\itlsvc.dat
2012-05-02 07:04 - 2012-05-02 07:04 - 00105324 ____A C:\Windows\System32\itldvupd.dat
2012-05-02 07:00 - 2012-05-02 07:00 - 00156672 ____A (Intel Corporation ) C:\Windows\System32\usbnaw32.dll
2012-05-02 07:00 - 2012-05-02 07:00 - 00057344 ____A C:\Windows\System32\FastUv32.dll
2012-04-24 21:41 - 2012-01-13 18:28 - 00527872 ____H C:\Users\NotUsing\My Documents\~WRL1667.tmp
2012-04-24 21:41 - 2012-01-13 18:28 - 00527872 ____H C:\Users\NotUsing\Documents\~WRL1667.tmp
2012-04-24 21:36 - 2012-01-13 18:28 - 00532480 ____H C:\Users\NotUsing\My Documents\~WRL1698.tmp
2012-04-24 21:36 - 2012-01-13 18:28 - 00532480 ____H C:\Users\NotUsing\Documents\~WRL1698.tmp
2012-04-24 21:35 - 2012-01-13 18:28 - 00532480 ____H C:\Users\NotUsing\My Documents\~WRL2269.tmp
2012-04-24 21:35 - 2012-01-13 18:28 - 00532480 ____H C:\Users\NotUsing\Documents\~WRL2269.tmp
2012-04-24 21:35 - 2012-01-13 18:28 - 00530432 ____H C:\Users\NotUsing\My Documents\~WRL2645.tmp
2012-04-24 21:35 - 2012-01-13 18:28 - 00530432 ____H C:\Users\NotUsing\Documents\~WRL2645.tmp
2012-04-24 21:33 - 2012-01-13 18:28 - 00529920 ____H C:\Users\NotUsing\My Documents\~WRL1216.tmp
2012-04-24 21:33 - 2012-01-13 18:28 - 00529920 ____H C:\Users\NotUsing\Documents\~WRL1216.tmp
2012-04-24 21:32 - 2012-01-13 18:28 - 00527872 ____H C:\Users\NotUsing\My Documents\~WRL0243.tmp
2012-04-24 21:32 - 2012-01-13 18:28 - 00527872 ____H C:\Users\NotUsing\Documents\~WRL0243.tmp
2012-04-24 21:32 - 2012-01-13 18:28 - 00527360 ____H C:\Users\NotUsing\My Documents\~WRL3483.tmp
2012-04-24 21:32 - 2012-01-13 18:28 - 00527360 ____H C:\Users\NotUsing\Documents\~WRL3483.tmp
2012-04-24 21:30 - 2012-01-13 18:28 - 00524800 ____H C:\Users\NotUsing\My Documents\~WRL3930.tmp
2012-04-24 21:30 - 2012-01-13 18:28 - 00524800 ____H C:\Users\NotUsing\Documents\~WRL3930.tmp
2012-04-24 21:28 - 2012-01-13 18:28 - 00522752 ____H C:\Users\NotUsing\My Documents\~WRL3104.tmp
2012-04-24 21:28 - 2012-01-13 18:28 - 00522752 ____H C:\Users\NotUsing\Documents\~WRL3104.tmp
2012-04-24 21:27 - 2012-01-13 18:28 - 00520192 ____H C:\Users\NotUsing\My Documents\~WRL3025.tmp
2012-04-24 21:27 - 2012-01-13 18:28 - 00520192 ____H C:\Users\NotUsing\Documents\~WRL3025.tmp
2012-04-24 21:17 - 2010-11-29 21:40 - 01854976 ____H C:\Users\NotUsing\My Documents\~WRL1250.tmp
2012-04-24 21:17 - 2010-11-29 21:40 - 01854976 ____H C:\Users\NotUsing\Documents\~WRL1250.tmp
2012-04-23 20:50 - 2012-01-13 18:28 - 00519168 ____H C:\Users\NotUsing\My Documents\~WRL0608.tmp
2012-04-23 20:50 - 2012-01-13 18:28 - 00519168 ____H C:\Users\NotUsing\Documents\~WRL0608.tmp
2012-04-20 00:38 - 2010-11-29 21:40 - 01853952 ____H C:\Users\NotUsing\My Documents\~WRL0011.tmp
2012-04-20 00:38 - 2010-11-29 21:40 - 01853952 ____H C:\Users\NotUsing\Documents\~WRL0011.tmp
2012-04-19 19:34 - 2009-05-06 11:12 - 00060928 ____A C:\Users\NotUsing\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-19 19:34 - 2009-05-06 11:12 - 00060928 ____A C:\Users\NotUsing\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-19 19:34 - 2009-05-06 11:12 - 00060928 ____A C:\Users\NotUsing\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-18 20:56 - 2012-01-13 18:28 - 00513536 ____H C:\Users\NotUsing\My Documents\~WRL0010.tmp
2012-04-18 20:56 - 2012-01-13 18:28 - 00513536 ____H C:\Users\NotUsing\Documents\~WRL0010.tmp


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 2941.94 MB
Available physical RAM: 2376.06 MB
Total Pagefile: 2648.85 MB
Available Pagefile: 2467.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1989.43 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:456.91 GB) (Free:164.51 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.85 GB) (Free:0.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: () (Removable) (Total:0.96 GB) (Free:0.96 GB) FAT
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 2000 KB
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 980 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 457 GB 32 KB
Partition 2 Primary 9 GB 457 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C HP NTFS Partition 457 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 D FACTORY_IMA NTFS Partition 9 GB Healthy

==================================================================================

Partitions of Disk 5:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 980 MB 248 KB

==================================================================================

Disk: 5
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 J FAT Removable 980 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-11 02:00

======================= End Of Log ==========================

Edited by Daiquiri, 11 July 2012 - 11:31 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 AM

Posted 12 July 2012 - 01:36 AM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

2 wdica; C:\Windows\System32\Invoker.dll [5632 2006-11-02] (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
C:\Windows\System32\Invoker.dll
1 gntqivkn; \??\C:\Windows\system32\drivers\gntqivkn.sys [x]
0 kiafco; C:\Windows\System32\Drivers\kiafco.sys [0 2012-07-11] ()
C:\Windows\System32\Drivers\kiafco.sys
NETSVC: wdica -> C:\Windows\system32\Invoker.dll (Oak Technology Inc.) ATTENTION! ====> ZeroAccess
 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 12 July 2012 - 03:45 AM

Thank you for assisting me.
EDIT: Oh sh** its working now!
I gotta learn how you guys do this stuff.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 2012-07-12 03:42:34 Run:2
Running from F:\

==============================================

wdica service deleted successfully.
C:\Windows\System32\Invoker.dll moved successfully.
gntqivkn service deleted successfully.
kiafco service deleted successfully.
C:\Windows\System32\Drivers\kiafco.sys moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs wdica Deleted successfully.

==== End of Fixlog ====

Edited by Daiquiri, 12 July 2012 - 03:47 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 AM

Posted 12 July 2012 - 11:41 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 12 July 2012 - 03:26 PM

I ran combofix and it said something about a rootkit.zero access has infected the tcp/ip stack.
I had to restart the computer and run combofix again after it restarted and went through the stages it showed me the log file.
But after I got the log file I had to restart the computer because it said something about register is marked to be deleted when I tried to use firefox.
But now everything seems to be working.

Oh and here is the log file:

ComboFix 12-07-12.02 - NotUsing 07/12/2012 14:45:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2942.1510 [GMT -5:00]
Running from: c:\users\NotUsing\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Mozilla Firefox\components\AskHPRFF.js
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\ReactivateFF.exe
c:\program files\StartNow Toolbar\ReactivateIE.exe
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\Toolbar32.dll
c:\program files\StartNow Toolbar\ToolbarBroker.exe
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
c:\programdata\SPLBAA3.tmp
c:\users\ikeneme N2857\AppData\Roaming\Dealio
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\as_sidebar.html
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\blank.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\deal_report.jpg
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\DealioSearch.html
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\deals-endcap.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\deals-leftcap.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\ebay_login.jpg
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\endcap22-bg.png
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\endcap22-left.png
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\endcap22-right-arrow.png
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\endcap22-right.png
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\err_mainwindow.html
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\err_sidebar.html
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\err_toolbar.html
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\ErrorPageTemplate.css
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\global_scripts.js
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\headerbgthin.jpg
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\help.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\logo.png
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\logo_over.png
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\man_toolbar.html
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\man_toolbar.js
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\pill_bg.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\post-this-deal.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\post-this-deal_over.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\scripts.js
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\scroller.js
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\search-chevron.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\search_bg_blink.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\separator.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\settings.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\settings_over.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\sidebar.html
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\steals_bg.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\tab_icon.png
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\tabdata.js
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\tablib.js
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\tabwelcome_en.html
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\toolbar_background.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\res\yahoo_search.gif
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\index.1.80.39
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.10.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.109.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.110.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.12.52
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.13.58
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.130.58
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.135.50
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.153.44
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.155.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.156.49
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.16.60
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.161.52
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.178.66
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.184.55
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.188.52
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.189.45
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.196.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.198.56
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.199.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.200.53
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.201.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.202.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.203.71
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.205.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.213.71
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.214.49
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.215.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.216.67
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.217.67
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.218.52
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.219.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.220.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.221.57
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.222.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.223.68
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.226.68
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.227.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.228.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.229.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.23.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.239.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.24.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.240.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.241.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.242.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.243.77
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.244.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.245.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.247.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.248.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.249.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.250.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.251.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.252.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.253.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.254.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.255.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.256.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.257.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.279.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.28.58
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.282.75
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.283.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.284.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.289.67
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.290.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.291.61
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.296.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.297.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.304.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.307.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.308.75
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.31.47
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.310.46
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.311.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.315.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.316.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.317.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.318.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.319.49
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.32.48
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.334.44
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.335.60
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.336.44
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.337.44
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.338.75
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.339.47
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.34.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.340.47
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.341.47
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.349.50
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.35.48
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.350.50
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.351.51
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.352.77
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.353.51
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.354.51
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.357.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.358.52
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.359.52
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.360.53
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.361.54
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.362.68
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.363.58
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.364.54
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.365.53
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.367.56
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.368.58
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.369.55
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.370.80
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.371.56
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.372.57
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.373.55
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.375.56
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.376.57
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.377.55
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.378.65
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.384.58
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.386.71
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.387.59
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.388.59
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.389.59
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.390.60
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.391.78
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.392.60
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.393.60
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.394.60
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.396.61
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.397.61
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.398.60
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.399.60
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.403.61
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.404.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.405.61
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.406.61
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.407.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.408.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.409.61
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.412.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.413.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.414.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.415.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.416.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.417.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.418.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.419.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.420.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.421.62
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.423.77
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.424.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.425.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.426.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.427.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.428.65
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.429.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.430.63
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.432.65
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.433.64
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.434.65
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.435.64
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.436.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.437.64
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.438.71
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.439.71
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.440.75
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.442.73
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.443.73
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.444.73
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.445.68
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.446.69
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.450.67
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.451.67
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.452.68
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.453.68
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.454.69
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.456.69
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.457.75
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.458.70
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.459.70
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.460.69
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.462.74
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.463.69
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.464.70
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.465.68
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.468.70
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.469.70
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.470.70
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.471.73
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.472.70
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.478.74
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.479.73
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.480.68
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.481.71
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.482.74
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.49.67
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.50.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.500.71
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.501.74
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.502.71
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.51.69
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.52.72
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.520.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.521.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.522.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.53.51
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.531.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.532.75
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.533.77
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.534.75
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.54.47
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.55.45
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.56.69
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.57.43
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.58.47
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.591.79
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.592.79
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.593.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.594.77
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.595.76
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.608.78
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.610.80
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.611.79
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.614.79
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.617.79
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.624.80
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.63.57
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.640.80
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.641.80
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.66.47
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.70.75
c:\users\ikeneme N2857\AppData\Roaming\Dealio\kb124\rules\rules.1.71.43
c:\users\IKENMEPC\videos\GearsSetup.exe
c:\users\IKENMEPC\videos\wmp11-windowsxp-x86-enu.exe
c:\users\NotUsing\AppData\Local\._Revolution_
c:\users\NotUsing\AppData\Local\assembly\tmp
c:\users\NotUsing\AppData\Local\egft.exe
c:\users\NotUsing\AppData\Local\eolh.exe
c:\users\NotUsing\AppData\Local\ocpl.exe
c:\users\NotUsing\AppData\Local\Windows Server
c:\users\NotUsing\AppData\Local\Windows Server\flags.ini
c:\users\NotUsing\AppData\Local\Windows Server\server.dat
c:\users\NotUsing\AppData\Local\Windows Server\uses32.dat
c:\users\NotUsing\AppData\Local\xpyb.exe
c:\users\NotUsing\AppData\Roaming\Mozilla\Firefox\Profiles\smxc841v.default\searchplugins\bing-zugo.xml
c:\users\NotUsing\Desktop\Setup.exe
c:\users\NotUsing\Documents\~WRL0002.tmp
c:\users\NotUsing\Documents\~WRL0003.tmp
c:\users\NotUsing\Documents\~WRL0004.tmp
c:\users\NotUsing\Documents\~WRL0005.tmp
c:\users\NotUsing\Documents\~WRL0006.tmp
c:\users\NotUsing\Documents\~WRL0007.tmp
c:\users\NotUsing\Documents\~WRL0008.tmp
c:\users\NotUsing\Documents\~WRL0009.tmp
c:\users\NotUsing\Documents\~WRL0010.tmp
c:\users\NotUsing\Documents\~WRL0011.tmp
c:\users\NotUsing\Documents\~WRL0045.tmp
c:\users\NotUsing\Documents\~WRL0055.tmp
c:\users\NotUsing\Documents\~WRL0068.tmp
c:\users\NotUsing\Documents\~WRL0125.tmp
c:\users\NotUsing\Documents\~WRL0141.tmp
c:\users\NotUsing\Documents\~WRL0169.tmp
c:\users\NotUsing\Documents\~WRL0177.tmp
c:\users\NotUsing\Documents\~WRL0184.tmp
c:\users\NotUsing\Documents\~WRL0200.tmp
c:\users\NotUsing\Documents\~WRL0220.tmp
c:\users\NotUsing\Documents\~WRL0237.tmp
c:\users\NotUsing\Documents\~WRL0238.tmp
c:\users\NotUsing\Documents\~WRL0243.tmp
c:\users\NotUsing\Documents\~WRL0253.tmp
c:\users\NotUsing\Documents\~WRL0275.tmp
c:\users\NotUsing\Documents\~WRL0299.tmp
c:\users\NotUsing\Documents\~WRL0313.tmp
c:\users\NotUsing\Documents\~WRL0320.tmp
c:\users\NotUsing\Documents\~WRL0338.tmp
c:\users\NotUsing\Documents\~WRL0358.tmp
c:\users\NotUsing\Documents\~WRL0375.tmp
c:\users\NotUsing\Documents\~WRL0406.tmp
c:\users\NotUsing\Documents\~WRL0407.tmp
c:\users\NotUsing\Documents\~WRL0454.tmp
c:\users\NotUsing\Documents\~WRL0460.tmp
c:\users\NotUsing\Documents\~WRL0493.tmp
c:\users\NotUsing\Documents\~WRL0494.tmp
c:\users\NotUsing\Documents\~WRL0505.tmp
c:\users\NotUsing\Documents\~WRL0542.tmp
c:\users\NotUsing\Documents\~WRL0553.tmp
c:\users\NotUsing\Documents\~WRL0562.tmp
c:\users\NotUsing\Documents\~WRL0568.tmp
c:\users\NotUsing\Documents\~WRL0601.tmp
c:\users\NotUsing\Documents\~WRL0608.tmp
c:\users\NotUsing\Documents\~WRL0622.tmp
c:\users\NotUsing\Documents\~WRL0640.tmp
c:\users\NotUsing\Documents\~WRL0660.tmp
c:\users\NotUsing\Documents\~WRL0727.tmp
c:\users\NotUsing\Documents\~WRL0731.tmp
c:\users\NotUsing\Documents\~WRL0751.tmp
c:\users\NotUsing\Documents\~WRL0754.tmp
c:\users\NotUsing\Documents\~WRL0775.tmp
c:\users\NotUsing\Documents\~WRL0781.tmp
c:\users\NotUsing\Documents\~WRL0814.tmp
c:\users\NotUsing\Documents\~WRL0838.tmp
c:\users\NotUsing\Documents\~WRL0843.tmp
c:\users\NotUsing\Documents\~WRL0929.tmp
c:\users\NotUsing\Documents\~WRL0931.tmp
c:\users\NotUsing\Documents\~WRL0963.tmp
c:\users\NotUsing\Documents\~WRL0967.tmp
c:\users\NotUsing\Documents\~WRL0970.tmp
c:\users\NotUsing\Documents\~WRL1019.tmp
c:\users\NotUsing\Documents\~WRL1064.tmp
c:\users\NotUsing\Documents\~WRL1066.tmp
c:\users\NotUsing\Documents\~WRL1080.tmp
c:\users\NotUsing\Documents\~WRL1082.tmp
c:\users\NotUsing\Documents\~WRL1101.tmp
c:\users\NotUsing\Documents\~WRL1142.tmp
c:\users\NotUsing\Documents\~WRL1181.tmp
c:\users\NotUsing\Documents\~WRL1182.tmp
c:\users\NotUsing\Documents\~WRL1188.tmp
c:\users\NotUsing\Documents\~WRL1216.tmp
c:\users\NotUsing\Documents\~WRL1250.tmp
c:\users\NotUsing\Documents\~WRL1289.tmp
c:\users\NotUsing\Documents\~WRL1461.tmp
c:\users\NotUsing\Documents\~WRL1532.tmp
c:\users\NotUsing\Documents\~WRL1584.tmp
c:\users\NotUsing\Documents\~WRL1596.tmp
c:\users\NotUsing\Documents\~WRL1619.tmp
c:\users\NotUsing\Documents\~WRL1652.tmp
c:\users\NotUsing\Documents\~WRL1662.tmp
c:\users\NotUsing\Documents\~WRL1666.tmp
c:\users\NotUsing\Documents\~WRL1667.tmp
c:\users\NotUsing\Documents\~WRL1689.tmp
c:\users\NotUsing\Documents\~WRL1697.tmp
c:\users\NotUsing\Documents\~WRL1698.tmp
c:\users\NotUsing\Documents\~WRL1755.tmp
c:\users\NotUsing\Documents\~WRL1773.tmp
c:\users\NotUsing\Documents\~WRL1803.tmp
c:\users\NotUsing\Documents\~WRL1857.tmp
c:\users\NotUsing\Documents\~WRL1885.tmp
c:\users\NotUsing\Documents\~WRL1961.tmp
c:\users\NotUsing\Documents\~WRL1974.tmp
c:\users\NotUsing\Documents\~WRL1999.tmp
c:\users\NotUsing\Documents\~WRL2023.tmp
c:\users\NotUsing\Documents\~WRL2038.tmp
c:\users\NotUsing\Documents\~WRL2047.tmp
c:\users\NotUsing\Documents\~WRL2069.tmp
c:\users\NotUsing\Documents\~WRL2075.tmp
c:\users\NotUsing\Documents\~WRL2077.tmp
c:\users\NotUsing\Documents\~WRL2094.tmp
c:\users\NotUsing\Documents\~WRL2129.tmp
c:\users\NotUsing\Documents\~WRL2132.tmp
c:\users\NotUsing\Documents\~WRL2141.tmp
c:\users\NotUsing\Documents\~WRL2176.tmp
c:\users\NotUsing\Documents\~WRL2185.tmp
c:\users\NotUsing\Documents\~WRL2232.tmp
c:\users\NotUsing\Documents\~WRL2233.tmp
c:\users\NotUsing\Documents\~WRL2245.tmp
c:\users\NotUsing\Documents\~WRL2249.tmp
c:\users\NotUsing\Documents\~WRL2254.tmp
c:\users\NotUsing\Documents\~WRL2269.tmp
c:\users\NotUsing\Documents\~WRL2294.tmp
c:\users\NotUsing\Documents\~WRL2303.tmp
c:\users\NotUsing\Documents\~WRL2309.tmp
c:\users\NotUsing\Documents\~WRL2326.tmp
c:\users\NotUsing\Documents\~WRL2363.tmp
c:\users\NotUsing\Documents\~WRL2391.tmp
c:\users\NotUsing\Documents\~WRL2413.tmp
c:\users\NotUsing\Documents\~WRL2446.tmp
c:\users\NotUsing\Documents\~WRL2448.tmp
c:\users\NotUsing\Documents\~WRL2465.tmp
c:\users\NotUsing\Documents\~WRL2469.tmp
c:\users\NotUsing\Documents\~WRL2475.tmp
c:\users\NotUsing\Documents\~WRL2504.tmp
c:\users\NotUsing\Documents\~WRL2520.tmp
c:\users\NotUsing\Documents\~WRL2551.tmp
c:\users\NotUsing\Documents\~WRL2588.tmp
c:\users\NotUsing\Documents\~WRL2590.tmp
c:\users\NotUsing\Documents\~WRL2609.tmp
c:\users\NotUsing\Documents\~WRL2645.tmp
c:\users\NotUsing\Documents\~WRL2653.tmp
c:\users\NotUsing\Documents\~WRL2654.tmp
c:\users\NotUsing\Documents\~WRL2683.tmp
c:\users\NotUsing\Documents\~WRL2713.tmp
c:\users\NotUsing\Documents\~WRL2761.tmp
c:\users\NotUsing\Documents\~WRL2796.tmp
c:\users\NotUsing\Documents\~WRL2804.tmp
c:\users\NotUsing\Documents\~WRL2815.tmp
c:\users\NotUsing\Documents\~WRL2827.tmp
c:\users\NotUsing\Documents\~WRL2832.tmp
c:\users\NotUsing\Documents\~WRL2844.tmp
c:\users\NotUsing\Documents\~WRL2846.tmp
c:\users\NotUsing\Documents\~WRL2853.tmp
c:\users\NotUsing\Documents\~WRL2857.tmp
c:\users\NotUsing\Documents\~WRL2862.tmp
c:\users\NotUsing\Documents\~WRL2876.tmp
c:\users\NotUsing\Documents\~WRL2879.tmp
c:\users\NotUsing\Documents\~WRL2880.tmp
c:\users\NotUsing\Documents\~WRL2978.tmp
c:\users\NotUsing\Documents\~WRL2982.tmp
c:\users\NotUsing\Documents\~WRL3025.tmp
c:\users\NotUsing\Documents\~WRL3031.tmp
c:\users\NotUsing\Documents\~WRL3034.tmp
c:\users\NotUsing\Documents\~WRL3038.tmp
c:\users\NotUsing\Documents\~WRL3096.tmp
c:\users\NotUsing\Documents\~WRL3101.tmp
c:\users\NotUsing\Documents\~WRL3104.tmp
c:\users\NotUsing\Documents\~WRL3121.tmp
c:\users\NotUsing\Documents\~WRL3158.tmp
c:\users\NotUsing\Documents\~WRL3175.tmp
c:\users\NotUsing\Documents\~WRL3211.tmp
c:\users\NotUsing\Documents\~WRL3223.tmp
c:\users\NotUsing\Documents\~WRL3292.tmp
c:\users\NotUsing\Documents\~WRL3307.tmp
c:\users\NotUsing\Documents\~WRL3316.tmp
c:\users\NotUsing\Documents\~WRL3346.tmp
c:\users\NotUsing\Documents\~WRL3352.tmp
c:\users\NotUsing\Documents\~WRL3414.tmp
c:\users\NotUsing\Documents\~WRL3438.tmp
c:\users\NotUsing\Documents\~WRL3476.tmp
c:\users\NotUsing\Documents\~WRL3477.tmp
c:\users\NotUsing\Documents\~WRL3483.tmp
c:\users\NotUsing\Documents\~WRL3508.tmp
c:\users\NotUsing\Documents\~WRL3513.tmp
c:\users\NotUsing\Documents\~WRL3520.tmp
c:\users\NotUsing\Documents\~WRL3541.tmp
c:\users\NotUsing\Documents\~WRL3545.tmp
c:\users\NotUsing\Documents\~WRL3573.tmp
c:\users\NotUsing\Documents\~WRL3580.tmp
c:\users\NotUsing\Documents\~WRL3592.tmp
c:\users\NotUsing\Documents\~WRL3620.tmp
c:\users\NotUsing\Documents\~WRL3640.tmp
c:\users\NotUsing\Documents\~WRL3643.tmp
c:\users\NotUsing\Documents\~WRL3652.tmp
c:\users\NotUsing\Documents\~WRL3680.tmp
c:\users\NotUsing\Documents\~WRL3720.tmp
c:\users\NotUsing\Documents\~WRL3779.tmp
c:\users\NotUsing\Documents\~WRL3788.tmp
c:\users\NotUsing\Documents\~WRL3853.tmp
c:\users\NotUsing\Documents\~WRL3871.tmp
c:\users\NotUsing\Documents\~WRL3908.tmp
c:\users\NotUsing\Documents\~WRL3915.tmp
c:\users\NotUsing\Documents\~WRL3924.tmp
c:\users\NotUsing\Documents\~WRL3930.tmp
c:\users\NotUsing\Documents\~WRL3983.tmp
c:\users\NotUsing\Documents\~WRL3989.tmp
c:\users\NotUsing\Documents\~WRL4000.tmp
c:\users\NotUsing\Documents\~WRL4042.tmp
c:\users\NotUsing\Documents\~WRL4058.tmp
c:\users\NotUsing\Documents\~WRL4060.tmp
c:\users\NotUsing\Documents\~WRL4065.tmp
c:\users\NotUsing\Documents\~WRL4067.tmp
c:\users\NotUsing\Documents\~WRL4080.tmp
c:\users\NotUsing\videos\adgif.exe
c:\users\NotUsing\videos\HC2Setup.exe
c:\users\NotUsing\videos\ZwinkySetup2.3.64.1.SA.HP.ZJfox000.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\certstore.dat
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\FastUv32.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 20:01 . 2012-07-12 20:01 -------- d-----w- c:\users\IKENMEPC\AppData\Local\temp
2012-07-12 20:01 . 2012-07-12 20:01 -------- d-----w- c:\users\ikeneme N2857\AppData\Local\temp
2012-07-12 20:01 . 2012-07-12 20:01 -------- d-----w- c:\users\HpComputer\AppData\Local\temp
2012-07-12 20:01 . 2012-07-12 20:05 -------- d-----w- c:\users\NotUsing\AppData\Local\temp
2012-07-12 20:01 . 2012-07-12 20:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-12 20:01 . 2012-07-12 20:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-12 20:01 . 2012-07-12 20:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-07-12 09:43 . 2012-07-12 09:43 -------- d-----w- c:\users\NotUsing\AppData\Roaming\Malwarebytes
2012-07-12 09:43 . 2012-07-12 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-12 09:43 . 2012-07-12 09:43 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 09:43 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 05:56 . 2012-07-12 05:56 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:26 . 2006-11-02 08:57 68096 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-04-25 13:05 . 2011-03-24 04:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 21:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NotUsing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NotUsing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NotUsing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-24 3077528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]
"Joystick 2 Mouse"="c:\program files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe" [2005-07-28 176128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-03-25 42536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe" [2011-09-16 1040824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2011-06-07 19:29 2573312 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-03 08:43 136176 ----atw- c:\users\NotUsing\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy Search Scope Monitor]
2012-03-25 14:05 42536 ----a-w- c:\progra~1\MAPSGA~2\bar\1.bin\39SrchMn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy_39 Browser Plugin Loader]
2012-03-25 14:05 30096 ----a-w- c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-09-30 20:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-08-22 17:57 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
Contents of the 'Scheduled Tasks' folder
.
2007-12-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-30 20:05]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-30 20:05]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618752605-3819726555-3655755188-1003Core.job
- c:\users\NotUsing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 08:43]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618752605-3819726555-3655755188-1003UA.job
- c:\users\NotUsing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 08:43]
.
2007-12-25 c:\windows\Tasks\HPCeeScheduleForikeneme N2857.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-08-22 23:55]
.
2012-07-03 c:\windows\Tasks\HPCeeScheduleForNotUsing.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-22 23:55]
.
2012-07-09 c:\windows\Tasks\Norton Security Scan for NotUsing.job
- c:\progra~1\NORTON~4\Engine\301~1.8\Nss.exe [2011-01-12 07:45]
.
2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{3DAE6D88-D977-464C-9B31-122CE8B27C2E}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{411B3A11-83EC-45FB-8747-47A77A18EBA6}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{D21D2D4B-EAE2-4B00-8946-DE0E48A2A7C2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{EB042B35-A920-4B0C-AF10-2DBED7C4129D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\NotUsing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\NotUsing\AppData\Roaming\Mozilla\Firefox\Profiles\smxc841v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=4B1E3171-11E1-4D35-83F9-CA19AA0F0446&n=77ed2dfd&ind=2012032509&id=UXxdm038YYus&ptnrS=UXxdm038YYus&si=bing_maps-broad&searchfor=
FF - prefs.js: network.proxy.http - 204.232.206.87
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-3108690905 - c:\users\NotUsing\AppData\Local\neb.exe
MSConfigStartUp-PhotoJoy - c:\program files\PhotoJoy\bin\PhotoJoy.exe
MSConfigStartUp-vocmmrpp - c:\users\NotUsing\AppData\Local\jvckhougj\oabnbmbshdw.exe
AddRemove-AVG9Uninstall - c:\program files\AVG\AVG9\setup.exe
AddRemove-AviScreen Pro (Shareware)_is1 - c:\program files\bobyte\AviScreen Pro\unins000.exe
AddRemove-Blender2.46SVNInstallerby'Zebulon'45 - c:\program files\Blender\SVN 15480\Uninst.exe
AddRemove-Little Fighter 2 version 2.0a - c:\users\NotUsing\Desktop\New Folder (3)\New Folder\Uninstal.exe
AddRemove-Microcosm 1.5 - c:\microcosm\Uninstal.exe
AddRemove-PC-Doctor 5 for Windows - c:\program files\PC-Doctor 5 for Windows\uninst.exe
AddRemove-SCAR Divi 3.14_is1 - c:\program files\SCAR 3.14\unins000.exe
AddRemove-SCAR Divi 3.15b_is1 - c:\users\IKENMEPC\Desktop\SCAR 3.15\unins000.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-X-LF2 - c:\users\IKENMEPC\Desktop\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-12 15:04
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(248)
c:\users\NotUsing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\System32\NaturalLanguage6.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxeccoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
c:\program files\Common Files\Motive\pcCMService.exe
c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
c:\windows\system32\DllHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Completion time: 2012-07-12 15:14:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 20:14
.
Pre-Run: 172,405,981,184 bytes free
Post-Run: 185,748,488,192 bytes free
.
- - End Of File - - 5D7487C4691F59EB8259213D904F3A7A

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 AM

Posted 12 July 2012 - 09:55 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 AM

Posted 14 July 2012 - 11:35 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 17 July 2012 - 01:57 AM

Totally forgot about this...
Anyway here are the logs

01:38:07.0309 7716 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
01:38:07.0927 7716 ============================================================
01:38:07.0927 7716 Current date / time: 2012/07/17 01:38:07.0927
01:38:07.0927 7716 SystemInfo:
01:38:07.0927 7716
01:38:07.0927 7716 OS Version: 6.0.6000 ServicePack: 0.0
01:38:07.0927 7716 Product type: Workstation
01:38:07.0927 7716 ComputerName: IKENEMEN2857-PC
01:38:07.0928 7716 UserName: NotUsing
01:38:07.0928 7716 Windows directory: C:\Windows
01:38:07.0928 7716 System windows directory: C:\Windows
01:38:07.0928 7716 Processor architecture: Intel x86
01:38:07.0928 7716 Number of processors: 2
01:38:07.0928 7716 Page size: 0x1000
01:38:07.0928 7716 Boot type: Normal boot
01:38:07.0928 7716 ============================================================
01:38:08.0844 7716 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
01:38:09.0044 7716 ============================================================
01:38:09.0044 7716 \Device\Harddisk0\DR0:
01:38:09.0046 7716 MBR partitions:
01:38:09.0046 7716 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x391CF791
01:38:09.0046 7716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x391CF7D0, BlocksNum 0x11B50C0
01:38:09.0046 7716 ============================================================
01:38:09.0064 7716 C: <-> \Device\Harddisk0\DR0\Partition0
01:38:09.0187 7716 D: <-> \Device\Harddisk0\DR0\Partition1
01:38:09.0209 7716 ============================================================
01:38:09.0209 7716 Initialize success
01:38:09.0209 7716 ============================================================
01:38:12.0620 7660 ============================================================
01:38:12.0620 7660 Scan started
01:38:12.0620 7660 Mode: Manual;
01:38:12.0620 7660 ============================================================
01:38:14.0886 7660 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
01:38:14.0894 7660 ACPI - ok
01:38:15.0056 7660 Adobe LM Service (303c174a7303a7702a68653152fc65a0) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
01:38:15.0059 7660 Adobe LM Service - ok
01:38:15.0116 7660 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
01:38:15.0139 7660 adp94xx - ok
01:38:15.0178 7660 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
01:38:15.0197 7660 adpahci - ok
01:38:15.0231 7660 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
01:38:15.0237 7660 adpu160m - ok
01:38:15.0277 7660 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
01:38:15.0282 7660 adpu320 - ok
01:38:15.0327 7660 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
01:38:15.0330 7660 AeLookupSvc - ok
01:38:15.0358 7660 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
01:38:15.0379 7660 AFD - ok
01:38:15.0409 7660 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
01:38:15.0412 7660 agp440 - ok
01:38:15.0597 7660 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
01:38:15.0619 7660 aic78xx - ok
01:38:15.0664 7660 ALG (e69fb0e3112c40fdc0ef7d21a52dc951) C:\Windows\System32\alg.exe
01:38:15.0667 7660 ALG - ok
01:38:15.0772 7660 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
01:38:15.0789 7660 aliide - ok
01:38:15.0821 7660 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
01:38:15.0824 7660 amdagp - ok
01:38:15.0863 7660 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
01:38:15.0866 7660 amdide - ok
01:38:15.0889 7660 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
01:38:15.0892 7660 AmdK7 - ok
01:38:15.0916 7660 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\DRIVERS\amdk8.sys
01:38:15.0917 7660 AmdK8 - ok
01:38:15.0950 7660 Appinfo (cfa455816879f06f1c4e5bbf9e8aef7d) C:\Windows\System32\appinfo.dll
01:38:15.0951 7660 Appinfo - ok
01:38:16.0150 7660 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:38:16.0152 7660 Apple Mobile Device - ok
01:38:16.0165 7660 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
01:38:16.0167 7660 arc - ok
01:38:16.0183 7660 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
01:38:16.0185 7660 arcsas - ok
01:38:16.0562 7660 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:38:16.0570 7660 aspnet_state - ok
01:38:16.0590 7660 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
01:38:16.0591 7660 AsyncMac - ok
01:38:16.0643 7660 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
01:38:16.0657 7660 atapi - ok
01:38:16.0704 7660 AudioEndpointBuilder (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
01:38:16.0716 7660 AudioEndpointBuilder - ok
01:38:16.0722 7660 Audiosrv (e760fc1bd68f7f6f1b17eb4e8d9480b0) C:\Windows\System32\Audiosrv.dll
01:38:16.0725 7660 Audiosrv - ok
01:38:16.0777 7660 Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
01:38:16.0779 7660 Autodesk Licensing Service - ok
01:38:16.0807 7660 avg9wd - ok
01:38:16.0832 7660 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\System32\Drivers\avgldx86.sys
01:38:16.0846 7660 AvgLdx86 - ok
01:38:16.0866 7660 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\System32\Drivers\avgmfx86.sys
01:38:16.0868 7660 AvgMfx86 - ok
01:38:16.0881 7660 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
01:38:16.0884 7660 AvgRkx86 - ok
01:38:16.0916 7660 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\System32\Drivers\avgtdix.sys
01:38:16.0930 7660 AvgTdiX - ok
01:38:16.0967 7660 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
01:38:16.0968 7660 Beep - ok
01:38:16.0986 7660 BFE - ok
01:38:18.0602 7660 BHDrvx86 (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111123.001\BHDrvx86.sys
01:38:18.0716 7660 BHDrvx86 - ok
01:38:18.0827 7660 BITS (da551697e34d2b9943c8b1c8eaffe89a) C:\Windows\system32\qmgr.dll
01:38:18.0864 7660 BITS - ok
01:38:18.0886 7660 blbdrive - ok
01:38:19.0220 7660 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:38:19.0246 7660 Bonjour Service - ok
01:38:19.0828 7660 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
01:38:19.0880 7660 bowser - ok
01:38:19.0923 7660 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
01:38:19.0925 7660 BrFiltLo - ok
01:38:19.0948 7660 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
01:38:19.0951 7660 BrFiltUp - ok
01:38:19.0977 7660 Browser (beb6470532b7461d7bb426e3facb424f) C:\Windows\System32\browser.dll
01:38:19.0980 7660 Browser - ok
01:38:20.0002 7660 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
01:38:20.0005 7660 Brserid - ok
01:38:20.0043 7660 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
01:38:20.0046 7660 BrSerWdm - ok
01:38:20.0072 7660 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
01:38:20.0075 7660 BrUsbMdm - ok
01:38:20.0092 7660 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
01:38:20.0095 7660 BrUsbSer - ok
01:38:20.0116 7660 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
01:38:20.0118 7660 BTHMODEM - ok
01:38:20.0455 7660 catchme - ok
01:38:21.0244 7660 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
01:38:21.0246 7660 cdfs - ok
01:38:21.0274 7660 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
01:38:21.0276 7660 cdrom - ok
01:38:21.0297 7660 CertPropSvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
01:38:21.0298 7660 CertPropSvc - ok
01:38:21.0313 7660 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
01:38:21.0315 7660 circlass - ok
01:38:22.0233 7660 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
01:38:22.0250 7660 CLFS - ok
01:38:23.0088 7660 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:38:23.0197 7660 clr_optimization_v2.0.50727_32 - ok
01:38:23.0645 7660 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:38:23.0659 7660 clr_optimization_v4.0.30319_32 - ok
01:38:23.0677 7660 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
01:38:23.0678 7660 cmdide - ok
01:38:23.0696 7660 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
01:38:23.0697 7660 Compbatt - ok
01:38:23.0700 7660 COMSysApp - ok
01:38:23.0712 7660 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
01:38:23.0714 7660 crcdisk - ok
01:38:23.0723 7660 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
01:38:23.0724 7660 Crusoe - ok
01:38:23.0754 7660 CryptSvc (1c26fb097170a2a91066d1e3a24366e3) C:\Windows\system32\cryptsvc.dll
01:38:23.0761 7660 CryptSvc - ok
01:38:24.0151 7660 DcomLaunch (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
01:38:24.0172 7660 DcomLaunch - ok
01:38:24.0188 7660 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
01:38:24.0191 7660 DfsC - ok
01:38:24.0876 7660 DFSR (e0d584aa76c7d845ba9f3a788260528f) C:\Windows\system32\DFSR.exe
01:38:25.0027 7660 DFSR - ok
01:38:25.0185 7660 Dhcp (dc45739bc22d528d2b3e50d3f6761750) C:\Windows\System32\dhcpcsvc.dll
01:38:25.0197 7660 Dhcp - ok
01:38:25.0242 7660 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
01:38:25.0256 7660 disk - ok
01:38:25.0588 7660 Dnscache (05d7e62fd2eabad579eb4d0c29245eec) C:\Windows\System32\dnsrslvr.dll
01:38:25.0640 7660 Dnscache - ok
01:38:26.0204 7660 dot3svc (1f795d214820e496bf1124434a6db546) C:\Windows\System32\dot3svc.dll
01:38:26.0212 7660 dot3svc - ok
01:38:26.0244 7660 DPS (032c90ad677bf7b7a8013d6087c7a921) C:\Windows\system32\dps.dll
01:38:26.0250 7660 DPS - ok
01:38:26.0271 7660 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
01:38:26.0272 7660 drmkaud - ok
01:38:26.0344 7660 dualshock3 (d9d593f97d2004e92e18fab0b6f7fe48) C:\Windows\system32\DRIVERS\dualshock3.sys
01:38:26.0352 7660 dualshock3 - ok
01:38:26.0385 7660 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
01:38:26.0417 7660 DXGKrnl - ok
01:38:26.0441 7660 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
01:38:26.0448 7660 E1G60 - ok
01:38:26.0467 7660 EagleNT - ok
01:38:26.0492 7660 EapHost (90a0a875642e18618010645311b4e89e) C:\Windows\System32\eapsvc.dll
01:38:26.0494 7660 EapHost - ok
01:38:26.0518 7660 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
01:38:26.0526 7660 Ecache - ok
01:38:27.0156 7660 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
01:38:27.0194 7660 eeCtrl - ok
01:38:27.0235 7660 ehRecvr (b4580122b0a7b263b6ee9acba69c8013) C:\Windows\ehome\ehRecvr.exe
01:38:27.0249 7660 ehRecvr - ok
01:38:27.0262 7660 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
01:38:27.0268 7660 ehSched - ok
01:38:27.0278 7660 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
01:38:27.0279 7660 ehstart - ok
01:38:27.0316 7660 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
01:38:27.0328 7660 elxstor - ok
01:38:27.0363 7660 EMDMgmt (3226fda08988526e819e364e8cce4cee) C:\Windows\system32\emdmgmt.dll
01:38:27.0380 7660 EMDMgmt - ok
01:38:27.0439 7660 EraserSvc11014 - ok
01:38:28.0236 7660 EraserUtilDrv11210 (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
01:38:28.0276 7660 EraserUtilDrv11210 - ok
01:38:28.0299 7660 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
01:38:28.0331 7660 EraserUtilRebootDrv - ok
01:38:28.0370 7660 EventSystem (7b4971c3d43525175a4ea0d143e0412e) C:\Windows\system32\es.dll
01:38:28.0399 7660 EventSystem - ok
01:38:28.0433 7660 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
01:38:28.0439 7660 fastfat - ok
01:38:28.0452 7660 FastUserSwitchingCompatibility - ok
01:38:28.0469 7660 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
01:38:28.0470 7660 fdc - ok
01:38:28.0490 7660 fdPHost (e43bce1a77d6fd4ed5f8e0482b9e7df1) C:\Windows\system32\fdPHost.dll
01:38:28.0492 7660 fdPHost - ok
01:38:28.0502 7660 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
01:38:28.0505 7660 FDResPub - ok
01:38:28.0526 7660 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
01:38:28.0528 7660 FileInfo - ok
01:38:28.0571 7660 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
01:38:28.0578 7660 Filetrace - ok
01:38:29.0194 7660 FileZilla Server (bf72c20b44b85fd030aeaa721e35d512) C:\Program Files\FileZilla Server\FileZilla Server.exe
01:38:29.0245 7660 FileZilla Server - ok
01:38:29.0507 7660 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:38:29.0539 7660 FLEXnet Licensing Service - ok
01:38:30.0212 7660 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
01:38:30.0215 7660 flpydisk - ok
01:38:30.0242 7660 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
01:38:30.0255 7660 FltMgr - ok
01:38:30.0856 7660 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:38:30.0997 7660 FontCache3.0.0.0 - ok
01:38:31.0020 7660 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
01:38:31.0023 7660 Fs_Rec - ok
01:38:31.0049 7660 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
01:38:31.0052 7660 gagp30kx - ok
01:38:31.0170 7660 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
01:38:31.0183 7660 GameConsoleService - ok
01:38:31.0226 7660 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
01:38:31.0229 7660 GEARAspiWDM - ok
01:38:32.0193 7660 gpsvc (bcf6589c42d8f6a20f33ef133ffe0524) C:\Windows\System32\gpsvc.dll
01:38:32.0224 7660 gpsvc - ok
01:38:33.0284 7660 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:38:33.0288 7660 gupdate - ok
01:38:33.0298 7660 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
01:38:33.0301 7660 gupdatem - ok
01:38:34.0146 7660 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:38:34.0161 7660 gusvc - ok
01:38:34.0209 7660 hamachi (d30b31375c40309425c21efe75db90bb) C:\Windows\system32\DRIVERS\hamachi.sys
01:38:34.0212 7660 hamachi - ok
01:38:34.0267 7660 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
01:38:34.0278 7660 HdAudAddService - ok
01:38:34.0300 7660 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:38:34.0302 7660 HDAudBus - ok
01:38:34.0323 7660 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
01:38:34.0326 7660 HidBth - ok
01:38:34.0345 7660 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
01:38:34.0347 7660 HidIr - ok
01:38:34.0384 7660 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
01:38:34.0387 7660 hidserv - ok
01:38:34.0485 7660 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
01:38:34.0521 7660 HidUsb - ok
01:38:34.0546 7660 hkmsvc (d40aa05e29bf6ed29b139f044b461e9b) C:\Windows\system32\kmsvc.dll
01:38:34.0548 7660 hkmsvc - ok
01:38:35.0169 7660 HP Health Check Service (e48b80f6614d4befa7768b960ffef514) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
01:38:35.0172 7660 HP Health Check Service - ok
01:38:35.0201 7660 HP8207_8307 (d3c8a505dc4eab76cd2acf39d9cd0b76) C:\Windows\system32\DRIVERS\HP8207_8307.sys
01:38:35.0203 7660 HP8207_8307 - ok
01:38:35.0229 7660 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
01:38:35.0233 7660 HpCISSs - ok
01:38:36.0185 7660 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
01:38:36.0218 7660 HSF_DP - ok
01:38:37.0180 7660 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
01:38:37.0193 7660 HSXHWBS2 - ok
01:38:37.0700 7660 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
01:38:37.0725 7660 HTTP - ok
01:38:37.0746 7660 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
01:38:37.0748 7660 i2omp - ok
01:38:37.0785 7660 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
01:38:37.0787 7660 i8042prt - ok
01:38:37.0812 7660 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
01:38:37.0826 7660 iaStorV - ok
01:38:38.0166 7660 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:38:38.0264 7660 IDriverT - ok
01:38:39.0192 7660 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:38:39.0238 7660 idsvc - ok
01:38:40.0184 7660 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111209.002\IDSvix86.sys
01:38:40.0195 7660 IDSVix86 - ok
01:38:42.0246 7660 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
01:38:42.0247 7660 iirsp - ok
01:38:42.0282 7660 IKEEXT (35662fe4d8622f667aa5a5568f7f1b40) C:\Windows\System32\ikeext.dll
01:38:42.0285 7660 IKEEXT - ok
01:38:44.0170 7660 IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys
01:38:44.0226 7660 IntcAzAudAddService - ok
01:38:45.0299 7660 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
01:38:45.0341 7660 intelide - ok
01:38:45.0376 7660 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
01:38:45.0379 7660 intelppm - ok
01:38:45.0416 7660 IPBusEnum (88cf5281ed9880d74dc9011cf8b5262d) C:\Windows\system32\ipbusenum.dll
01:38:45.0422 7660 IPBusEnum - ok
01:38:45.0464 7660 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:38:45.0467 7660 IpFilterDriver - ok
01:38:45.0501 7660 iphlpsvc (ecc9ad72cfc4ab41cf6a9bcc11f9fef6) C:\Windows\System32\iphlpsvc.dll
01:38:45.0532 7660 iphlpsvc - ok
01:38:45.0540 7660 IpInIp - ok
01:38:45.0573 7660 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
01:38:45.0576 7660 IPMIDRV - ok
01:38:45.0600 7660 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
01:38:45.0615 7660 IPNAT - ok
01:38:45.0729 7660 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe
01:38:45.0786 7660 iPod Service - ok
01:38:45.0806 7660 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
01:38:45.0809 7660 IRENUM - ok
01:38:45.0834 7660 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
01:38:45.0837 7660 isapnp - ok
01:38:46.0163 7660 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
01:38:46.0169 7660 iScsiPrt - ok
01:38:46.0205 7660 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
01:38:46.0206 7660 iteatapi - ok
01:38:46.0236 7660 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
01:38:46.0237 7660 iteraid - ok
01:38:46.0316 7660 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
01:38:46.0323 7660 IviRegMgr - ok
01:38:46.0348 7660 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
01:38:46.0349 7660 kbdclass - ok
01:38:46.0377 7660 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
01:38:46.0378 7660 kbdhid - ok
01:38:46.0409 7660 KeyIso (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
01:38:46.0430 7660 KeyIso - ok
01:38:46.0478 7660 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
01:38:46.0498 7660 KSecDD - ok
01:38:46.0525 7660 KtmRm (45c537fe5dde9a0146aeff76e615737d) C:\Windows\system32\msdtckrm.dll
01:38:46.0539 7660 KtmRm - ok
01:38:46.0562 7660 LanmanServer (53d1482fc1aa36ac015a85e6cf2146bd) C:\Windows\System32\srvsvc.dll
01:38:46.0570 7660 LanmanServer - ok
01:38:46.0618 7660 LanmanWorkstation (435f0f6dc87a4b5da78f1fa309884189) C:\Windows\System32\wkssvc.dll
01:38:46.0632 7660 LanmanWorkstation - ok
01:38:46.0648 7660 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
01:38:46.0650 7660 libusb0 - ok
01:38:46.0682 7660 libusbd (8b4b572753419fe601220526205f9455) C:\Windows\system32\libusbd-nt.exe
01:38:46.0684 7660 libusbd - ok
01:38:46.0718 7660 LightScribeService (683a07b982832426128b684b7366710f) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
01:38:46.0720 7660 LightScribeService - ok
01:38:46.0742 7660 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
01:38:46.0744 7660 lltdio - ok
01:38:46.0812 7660 lltdsvc (7450dbcf754391dd6363fffd5ef0e789) C:\Windows\System32\lltdsvc.dll
01:38:46.0825 7660 lltdsvc - ok
01:38:46.0834 7660 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
01:38:46.0836 7660 lmhosts - ok
01:38:47.0174 7660 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
01:38:47.0176 7660 LSI_FC - ok
01:38:47.0186 7660 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
01:38:47.0188 7660 LSI_SAS - ok
01:38:47.0203 7660 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
01:38:47.0205 7660 LSI_SCSI - ok
01:38:47.0217 7660 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
01:38:47.0226 7660 luafv - ok
01:38:47.0695 7660 lxecCATSCustConnectService (6311f8863d898ce60c048779f9d86e74) C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
01:38:47.0711 7660 lxecCATSCustConnectService - ok
01:38:47.0730 7660 lxec_device - ok
01:38:47.0786 7660 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
01:38:47.0787 7660 MBAMProtector - ok
01:38:48.0215 7660 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
01:38:48.0219 7660 MBAMService - ok
01:38:48.0270 7660 Mcx2Svc (e93c1ad58e88a0846eaee10671c2a8f3) C:\Windows\system32\Mcx2Svc.dll
01:38:48.0273 7660 Mcx2Svc - ok
01:38:48.0326 7660 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
01:38:48.0339 7660 MDM - ok
01:38:48.0360 7660 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
01:38:48.0361 7660 mdmxsdk - ok
01:38:48.0392 7660 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
01:38:48.0394 7660 megasas - ok
01:38:48.0535 7660 mi-raysat_3dsmax9_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
01:38:48.0537 7660 mi-raysat_3dsmax9_32 - ok
01:38:48.0565 7660 MMCSS (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
01:38:48.0568 7660 MMCSS - ok
01:38:48.0599 7660 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
01:38:48.0599 7660 Modem - ok
01:38:48.0660 7660 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
01:38:48.0661 7660 monitor - ok
01:38:48.0712 7660 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
01:38:48.0713 7660 mouclass - ok
01:38:48.0750 7660 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
01:38:48.0751 7660 mouhid - ok
01:38:48.0776 7660 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
01:38:48.0778 7660 MountMgr - ok
01:38:49.0002 7660 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:38:49.0005 7660 MozillaMaintenance - ok
01:38:49.0030 7660 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
01:38:49.0033 7660 mpio - ok
01:38:49.0088 7660 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
01:38:49.0091 7660 mpsdrv - ok
01:38:49.0095 7660 MpsSvc - ok
01:38:49.0139 7660 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
01:38:49.0140 7660 Mraid35x - ok
01:38:49.0159 7660 MREMP50 - ok
01:38:49.0170 7660 MRESP50 - ok
01:38:49.0210 7660 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
01:38:49.0217 7660 MRxDAV - ok
01:38:49.0240 7660 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:38:49.0247 7660 mrxsmb - ok
01:38:49.0300 7660 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:38:49.0313 7660 mrxsmb10 - ok
01:38:49.0329 7660 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:38:49.0331 7660 mrxsmb20 - ok
01:38:49.0370 7660 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
01:38:49.0371 7660 msahci - ok
01:38:49.0475 7660 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
01:38:49.0477 7660 msdsm - ok
01:38:49.0499 7660 MSDTC (bc64a92d821efea8bab8e8caf1b668bc) C:\Windows\System32\msdtc.exe
01:38:49.0506 7660 MSDTC - ok
01:38:49.0526 7660 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
01:38:49.0527 7660 Msfs - ok
01:38:49.0550 7660 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
01:38:49.0552 7660 msisadrv - ok
01:38:49.0609 7660 MSiSCSI (8acf956d9154e893e789881430c12632) C:\Windows\system32\iscsiexe.dll
01:38:49.0616 7660 MSiSCSI - ok
01:38:49.0620 7660 msiserver - ok
01:38:49.0634 7660 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
01:38:49.0635 7660 MSKSSRV - ok
01:38:49.0652 7660 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
01:38:49.0653 7660 MSPCLOCK - ok
01:38:49.0665 7660 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
01:38:49.0666 7660 MSPQM - ok
01:38:49.0717 7660 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
01:38:49.0724 7660 MsRPC - ok
01:38:49.0767 7660 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
01:38:49.0768 7660 mssmbios - ok
01:38:49.0834 7660 MSSQL$SQLEXPRESS - ok
01:38:49.0881 7660 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
01:38:49.0883 7660 MSSQLServerADHelper100 - ok
01:38:49.0893 7660 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
01:38:49.0894 7660 MSTEE - ok
01:38:49.0902 7660 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
01:38:49.0904 7660 Mup - ok
01:38:49.0998 7660 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
01:38:50.0005 7660 N360 - ok
01:38:50.0031 7660 napagent (1cdbb5d002fe2bc5300aa20550d8a52e) C:\Windows\system32\qagentRT.dll
01:38:50.0077 7660 napagent - ok
01:38:50.0134 7660 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
01:38:50.0141 7660 NativeWifiP - ok
01:38:50.0293 7660 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111210.007\NAVENG.SYS
01:38:50.0299 7660 NAVENG - ok
01:38:50.0391 7660 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111210.007\NAVEX15.SYS
01:38:50.0457 7660 NAVEX15 - ok
01:38:50.0617 7660 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
01:38:50.0665 7660 NDIS - ok
01:38:50.0714 7660 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
01:38:50.0717 7660 NdisTapi - ok
01:38:50.0732 7660 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
01:38:50.0735 7660 Ndisuio - ok
01:38:50.0782 7660 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
01:38:50.0796 7660 NdisWan - ok
01:38:50.0813 7660 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
01:38:50.0816 7660 NDProxy - ok
01:38:50.0836 7660 NEC Usb3 - ok
01:38:50.0877 7660 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
01:38:50.0880 7660 NetBIOS - ok
01:38:50.0927 7660 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
01:38:50.0940 7660 netbt - ok
01:38:50.0990 7660 Netlogon (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
01:38:50.0993 7660 Netlogon - ok
01:38:51.0058 7660 Netman (90a4dae28b94497f83bea0f2a3b77092) C:\Windows\System32\netman.dll
01:38:51.0104 7660 Netman - ok
01:38:51.0208 7660 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:38:51.0222 7660 NetMsmqActivator - ok
01:38:51.0232 7660 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:38:51.0235 7660 NetPipeActivator - ok
01:38:51.0294 7660 netprofm (7c5c3d9ceee838856b828ab6f98a2857) C:\Windows\System32\netprofm.dll
01:38:51.0338 7660 netprofm - ok
01:38:51.0347 7660 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:38:51.0351 7660 NetTcpActivator - ok
01:38:51.0363 7660 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
01:38:51.0367 7660 NetTcpPortSharing - ok
01:38:51.0401 7660 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
01:38:51.0404 7660 nfrd960 - ok
01:38:51.0454 7660 NlaSvc (c424117a562f2de37a42266894c79aeb) C:\Windows\System32\nlasvc.dll
01:38:51.0500 7660 NlaSvc - ok
01:38:51.0567 7660 Norton PC Checkup Application Launcher - ok
01:38:51.0657 7660 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\Windows\system32\drivers\npf.sys
01:38:51.0660 7660 NPF - ok
01:38:51.0703 7660 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
01:38:51.0705 7660 Npfs - ok
01:38:51.0782 7660 npkcrypt (fd9666a8eb88e713c18e2e90f6e746d0) C:\Nexon\MapleStory\npkcrypt.sys
01:38:51.0785 7660 npkcrypt - ok
01:38:51.0816 7660 nsi (23b8201a363de0e649fc75ee9874dee2) C:\Windows\system32\nsisvc.dll
01:38:51.0822 7660 nsi - ok
01:38:51.0862 7660 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
01:38:51.0865 7660 nsiproxy - ok
01:38:52.0003 7660 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
01:38:52.0058 7660 Ntfs - ok
01:38:52.0108 7660 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
01:38:52.0109 7660 ntrigdigi - ok
01:38:52.0122 7660 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
01:38:52.0122 7660 Null - ok
01:38:52.0177 7660 NVENETFD (74c825c573aa6e115590d94e7bf86901) C:\Windows\system32\DRIVERS\nvmfdx32.sys
01:38:52.0205 7660 NVENETFD - ok
01:38:52.0503 7660 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:38:52.0702 7660 nvlddmkm - ok
01:38:52.0810 7660 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
01:38:52.0818 7660 nvraid - ok
01:38:52.0829 7660 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
01:38:52.0830 7660 nvstor - ok
01:38:52.0850 7660 nvstor32 (a1ce1a6fd74c046f029448fcfa5e386d) C:\Windows\system32\drivers\nvstor32.sys
01:38:52.0852 7660 nvstor32 - ok
01:38:52.0889 7660 nvsvc (cf7769f13b3ecc5e2bf1b3d1c5831ae8) C:\Windows\system32\nvvsvc.exe
01:38:52.0896 7660 nvsvc - ok
01:38:52.0915 7660 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
01:38:52.0921 7660 nv_agp - ok
01:38:52.0925 7660 NwlnkFlt - ok
01:38:52.0932 7660 NwlnkFwd - ok
01:38:52.0951 7660 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
01:38:52.0953 7660 ohci1394 - ok
01:38:53.0010 7660 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:38:53.0017 7660 ose - ok
01:38:53.0084 7660 p2pimsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
01:38:53.0091 7660 p2pimsvc - ok
01:38:53.0100 7660 p2psvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
01:38:53.0108 7660 p2psvc - ok
01:38:53.0118 7660 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
01:38:53.0120 7660 Parport - ok
01:38:53.0131 7660 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
01:38:53.0133 7660 partmgr - ok
01:38:53.0148 7660 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
01:38:53.0150 7660 Parvdm - ok
01:38:53.0169 7660 PcaSvc (d8c5c215c932233a4f1d7f368f4e4e65) C:\Windows\System32\pcasvc.dll
01:38:53.0172 7660 PcaSvc - ok
01:38:53.0214 7660 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files\Common Files\Motive\pcCMService.exe
01:38:53.0225 7660 pcCMService - ok
01:38:53.0307 7660 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
01:38:53.0314 7660 PCCUJobMgr - ok
01:38:53.0333 7660 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
01:38:53.0340 7660 pci - ok
01:38:53.0360 7660 pciide (caba65e9c41cd2900d4c92d4f825c5f8) C:\Windows\system32\drivers\pciide.sys
01:38:53.0361 7660 pciide - ok
01:38:53.0382 7660 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
01:38:53.0388 7660 pcmcia - ok
01:38:53.0438 7660 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
01:38:53.0459 7660 PEAUTH - ok
01:38:53.0553 7660 pla (cd05a38d166beade18030bafc0c0a939) C:\Windows\system32\pla.dll
01:38:53.0568 7660 pla - ok
01:38:53.0667 7660 PlugPlay (747bb4c31f3b6e8d1b5ed0ad61518cb5) C:\Windows\system32\umpnpmgr.dll
01:38:53.0682 7660 PlugPlay - ok
01:38:53.0714 7660 PNRPAutoReg (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
01:38:53.0722 7660 PNRPAutoReg - ok
01:38:53.0733 7660 PNRPsvc (016d01d3b8fb976a193c7434bed8dccf) C:\Windows\system32\p2psvc.dll
01:38:53.0741 7660 PNRPsvc - ok
01:38:53.0782 7660 PolicyAgent (5ebdec613bd377ce9a85382be5c6b83b) C:\Windows\System32\ipsecsvc.dll
01:38:53.0787 7660 PolicyAgent - ok
01:38:53.0825 7660 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
01:38:53.0827 7660 PptpMiniport - ok
01:38:53.0849 7660 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
01:38:53.0851 7660 Processor - ok
01:38:53.0879 7660 ProfSvc (213112e152e68f0e4705e36f052a2880) C:\Windows\system32\profsvc.dll
01:38:53.0894 7660 ProfSvc - ok
01:38:53.0922 7660 ProtectedStorage (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
01:38:53.0924 7660 ProtectedStorage - ok
01:38:53.0961 7660 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
01:38:53.0962 7660 Ps2 - ok
01:38:53.0988 7660 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
01:38:53.0990 7660 PSched - ok
01:38:54.0049 7660 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
01:38:54.0064 7660 PSI_SVC_2 - ok
01:38:54.0085 7660 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
01:38:54.0087 7660 PxHelp20 - ok
01:38:54.0141 7660 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
01:38:54.0162 7660 ql2300 - ok
01:38:54.0180 7660 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
01:38:54.0187 7660 ql40xx - ok
01:38:54.0225 7660 QWAVE (ca61bdfd3713a7ce75f2812afc431594) C:\Windows\system32\qwave.dll
01:38:54.0229 7660 QWAVE - ok
01:38:54.0269 7660 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
01:38:54.0271 7660 QWAVEdrv - ok
01:38:54.0283 7660 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
01:38:54.0284 7660 RasAcd - ok
01:38:54.0299 7660 RasAuto (f14f4aab9f54d099fe99192bdb100ac9) C:\Windows\System32\rasauto.dll
01:38:54.0306 7660 RasAuto - ok
01:38:54.0326 7660 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:38:54.0329 7660 Rasl2tp - ok
01:38:54.0346 7660 RasMan (11d65e29bc9d1e4114d18fe68194394c) C:\Windows\System32\rasmans.dll
01:38:54.0359 7660 RasMan - ok
01:38:54.0370 7660 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
01:38:54.0372 7660 RasPppoe - ok
01:38:54.0398 7660 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
01:38:54.0410 7660 rdbss - ok
01:38:54.0423 7660 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:38:54.0425 7660 RDPCDD - ok
01:38:54.0449 7660 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
01:38:54.0462 7660 rdpdr - ok
01:38:54.0476 7660 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
01:38:54.0477 7660 RDPENCDD - ok
01:38:54.0497 7660 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
01:38:54.0502 7660 RDPWD - ok
01:38:54.0528 7660 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
01:38:54.0529 7660 regi - ok
01:38:54.0553 7660 RemoteAccess (6c1a43c589ee8011a1ebfd51c01b77ce) C:\Windows\System32\mprdim.dll
01:38:54.0557 7660 RemoteAccess - ok
01:38:54.0569 7660 RemoteRegistry (9a043808667c8c1893da7275af373f0e) C:\Windows\system32\regsvc.dll
01:38:54.0584 7660 RemoteRegistry - ok
01:38:54.0706 7660 RoxMediaDB9 (2dac86f10c42b55f2511f14cbcee7284) c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
01:38:54.0736 7660 RoxMediaDB9 - ok
01:38:54.0771 7660 rpcapd (9ed13880478f14900a5840ff048d174c) C:\Program Files\WinPcap\rpcapd.exe
01:38:54.0778 7660 rpcapd - ok
01:38:54.0793 7660 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
01:38:54.0799 7660 RpcLocator - ok
01:38:54.0872 7660 RpcSs (7b981222a257d076885bffb66f19b7ce) C:\Windows\system32\rpcss.dll
01:38:54.0885 7660 RpcSs - ok
01:38:54.0940 7660 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
01:38:54.0952 7660 RsFx0102 - ok
01:38:54.0974 7660 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
01:38:54.0978 7660 rspndr - ok
01:38:55.0013 7660 SamSs (c731b1fe449d4e9cea358c9d55b69be9) C:\Windows\system32\lsass.exe
01:38:55.0017 7660 SamSs - ok
01:38:55.0038 7660 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
01:38:55.0042 7660 sbp2port - ok
01:38:55.0073 7660 SCardSvr (565b4b9e5ad2f2f18a4f8aafa6c06bbb) C:\Windows\System32\SCardSvr.dll
01:38:55.0080 7660 SCardSvr - ok
01:38:55.0137 7660 Schedule (886cec884b5be29ab9828b8ab46b11f7) C:\Windows\system32\schedsvc.dll
01:38:55.0167 7660 Schedule - ok
01:38:55.0207 7660 SCPolicySvc (0600e04315fe543802a379d5d23c8be0) C:\Windows\System32\certprop.dll
01:38:55.0208 7660 SCPolicySvc - ok
01:38:55.0242 7660 SDRSVC (56aa904311b3bacc67dba8679aff73d4) C:\Windows\System32\SDRSVC.dll
01:38:55.0257 7660 SDRSVC - ok
01:38:55.0273 7660 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:38:55.0276 7660 secdrv - ok
01:38:55.0291 7660 seclogon (8388c4133ddbe62ad7bc3ec9f14271ed) C:\Windows\system32\seclogon.dll
01:38:55.0300 7660 seclogon - ok
01:38:55.0318 7660 SENS (34350ae2c1d33d21c7305f861bd8dad8) C:\Windows\system32\sens.dll
01:38:55.0325 7660 SENS - ok
01:38:55.0347 7660 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
01:38:55.0350 7660 Serenum - ok
01:38:55.0371 7660 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
01:38:55.0378 7660 Serial - ok
01:38:55.0411 7660 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
01:38:55.0412 7660 sermouse - ok
01:38:55.0437 7660 SessionEnv (78878235da4df0d116e86837a0a21df8) C:\Windows\system32\sessenv.dll
01:38:55.0439 7660 SessionEnv - ok
01:38:55.0467 7660 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
01:38:55.0468 7660 sffdisk - ok
01:38:55.0476 7660 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
01:38:55.0478 7660 sffp_mmc - ok
01:38:55.0488 7660 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
01:38:55.0490 7660 sffp_sd - ok
01:38:55.0498 7660 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
01:38:55.0500 7660 sfloppy - ok
01:38:55.0523 7660 SharedAccess (9a82bf4c90b00a63150a606a1e2fd82b) C:\Windows\System32\ipnathlp.dll
01:38:55.0526 7660 SharedAccess - ok
01:38:55.0548 7660 ShellHWDetection (b264dfa21677728613267fe63802b332) C:\Windows\System32\shsvcs.dll
01:38:55.0553 7660 ShellHWDetection - ok
01:38:55.0567 7660 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
01:38:55.0569 7660 sisagp - ok
01:38:55.0583 7660 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
01:38:55.0585 7660 SiSRaid2 - ok
01:38:55.0599 7660 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
01:38:55.0601 7660 SiSRaid4 - ok
01:38:55.0697 7660 slsvc (a1dcd30534835cb67733ad00175125a6) C:\Windows\system32\SLsvc.exe
01:38:55.0752 7660 slsvc - ok
01:38:55.0853 7660 SLUINotify (56da296e7b376a727e7bdc5ac7fbee02) C:\Windows\system32\SLUINotify.dll
01:38:55.0856 7660 SLUINotify - ok
01:38:55.0887 7660 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
01:38:55.0889 7660 Smb - ok
01:38:55.0912 7660 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
01:38:55.0915 7660 SNMPTRAP - ok
01:38:55.0923 7660 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
01:38:55.0924 7660 spldr - ok
01:38:55.0942 7660 Spooler (da612ef2556776df2630b68bf2d48935) C:\Windows\System32\spoolsv.exe
01:38:55.0948 7660 Spooler - ok
01:38:56.0055 7660 SQLAgent$SQLEXPRESS (eb2fd937449b7aceb39372f875eb8e78) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
01:38:56.0066 7660 SQLAgent$SQLEXPRESS - ok
01:38:56.0087 7660 SQLBrowser (99de6acfa5ca83fad6a765c81c6f129f) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
01:38:56.0101 7660 SQLBrowser - ok
01:38:56.0124 7660 SQLWriter (637a0f23f9012358e92e6f99835494d1) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
01:38:56.0131 7660 SQLWriter - ok
01:38:56.0227 7660 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
01:38:56.0246 7660 SRTSP - ok
01:38:56.0259 7660 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
01:38:56.0261 7660 SRTSPX - ok
01:38:56.0288 7660 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
01:38:56.0301 7660 srv - ok
01:38:56.0325 7660 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
01:38:56.0332 7660 srv2 - ok
01:38:56.0343 7660 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
01:38:56.0351 7660 srvnet - ok
01:38:56.0367 7660 SSDPSRV (8d3e4baff8b3997138c38eb1b600519a) C:\Windows\System32\ssdpsrv.dll
01:38:56.0371 7660 SSDPSRV - ok
01:38:56.0404 7660 stisvc (a941e099ef46e3cc12f898cbe1c39910) C:\Windows\System32\wiaservc.dll
01:38:56.0447 7660 stisvc - ok
01:38:56.0510 7660 stllssvr (e5ff667e416dac99bff16b626234a379) c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
01:38:56.0512 7660 stllssvr - ok
01:38:56.0532 7660 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
01:38:56.0533 7660 swenum - ok
01:38:56.0561 7660 swprv (749ada8d6c18a08adfede69cbf5db2e0) C:\Windows\System32\swprv.dll
01:38:56.0574 7660 swprv - ok
01:38:56.0585 7660 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
01:38:56.0587 7660 Symc8xx - ok
01:38:56.0675 7660 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
01:38:56.0687 7660 SymDS - ok
01:38:56.0724 7660 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
01:38:56.0747 7660 SymEFA - ok
01:38:56.0775 7660 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
01:38:56.0782 7660 SymEvent - ok
01:38:56.0820 7660 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
01:38:56.0827 7660 SymIRON - ok
01:38:56.0849 7660 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
01:38:56.0861 7660 SYMTDIv - ok
01:38:56.0874 7660 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
01:38:56.0876 7660 Sym_hi - ok
01:38:56.0886 7660 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
01:38:56.0888 7660 Sym_u3 - ok
01:38:56.0926 7660 SysMain (8f2b5fede18bd3c4c926cbf88e6f1264) C:\Windows\system32\sysmain.dll
01:38:56.0943 7660 SysMain - ok
01:38:56.0972 7660 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
01:38:56.0975 7660 TabletInputService - ok
01:38:56.0994 7660 TapiSrv (ef3dd33c740fc2f82e7e4622f1c49289) C:\Windows\System32\tapisrv.dll
01:38:57.0007 7660 TapiSrv - ok
01:38:57.0020 7660 TBS (68fa52794ae9acc61bde16fe0956b414) C:\Windows\System32\tbssvc.dll
01:38:57.0024 7660 TBS - ok
01:38:57.0068 7660 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
01:38:57.0092 7660 Tcpip - ok
01:38:57.0106 7660 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
01:38:57.0113 7660 Tcpip6 - ok
01:38:57.0131 7660 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
01:38:57.0133 7660 tcpipreg - ok
01:38:57.0143 7660 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
01:38:57.0145 7660 TDPIPE - ok
01:38:57.0156 7660 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
01:38:57.0158 7660 TDTCP - ok
01:38:57.0194 7660 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
01:38:57.0196 7660 tdx - ok
01:38:57.0214 7660 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
01:38:57.0216 7660 TermDD - ok
01:38:57.0257 7660 TermService (fad71c1e8e4047b154e899ae31eb8caa) C:\Windows\System32\termsrv.dll
01:38:57.0276 7660 TermService - ok
01:38:57.0295 7660 Themes (b264dfa21677728613267fe63802b332) C:\Windows\system32\shsvcs.dll
01:38:57.0300 7660 Themes - ok
01:38:57.0320 7660 THREADORDER (9dfa3a459af0954aa85b4f7622ad87bb) C:\Windows\system32\mmcss.dll
01:38:57.0322 7660 THREADORDER - ok
01:38:57.0334 7660 TrkWks (6bba0582c0025d43729a1112d3b57897) C:\Windows\System32\trkwks.dll
01:38:57.0339 7660 TrkWks - ok
01:38:57.0382 7660 TrustedInstaller (34e388a395fedba1d0511ed39bbf4074) C:\Windows\servicing\TrustedInstaller.exe
01:38:57.0382 7660 TrustedInstaller - ok
01:38:57.0402 7660 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:38:57.0404 7660 tssecsrv - ok
01:38:57.0425 7660 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
01:38:57.0427 7660 tunmp - ok
01:38:57.0438 7660 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
01:38:57.0440 7660 tunnel - ok
01:38:57.0458 7660 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
01:38:57.0460 7660 uagp35 - ok
01:38:57.0483 7660 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
01:38:57.0496 7660 udfs - ok
01:38:57.0517 7660 UI0Detect (24a333f4f14dcfb6ff6d5a1b9e5d79dd) C:\Windows\system32\UI0Detect.exe
01:38:57.0521 7660 UI0Detect - ok
01:38:57.0540 7660 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
01:38:57.0543 7660 uliagpkx - ok
01:38:57.0564 7660 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
01:38:57.0577 7660 uliahci - ok
01:38:57.0590 7660 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
01:38:57.0598 7660 UlSata - ok
01:38:57.0614 7660 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
01:38:57.0620 7660 ulsata2 - ok
01:38:57.0630 7660 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
01:38:57.0632 7660 umbus - ok
01:38:57.0660 7660 upnphost (8eb871a3deb6b3d5a85eb6ddfc390b59) C:\Windows\System32\upnphost.dll
01:38:57.0672 7660 upnphost - ok
01:38:57.0727 7660 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
01:38:57.0729 7660 USBAAPL - ok
01:38:57.0753 7660 usbccgp (03b01e8dbd2da2b49157b7e51912aaf2) C:\Windows\system32\DRIVERS\usbccgp.sys
01:38:57.0755 7660 usbccgp - ok
01:38:57.0765 7660 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
01:38:57.0767 7660 usbcir - ok
01:38:57.0823 7660 usbehci (2f83363f98484f8edaf49f9b41520d14) C:\Windows\system32\DRIVERS\usbehci.sys
01:38:57.0826 7660 usbehci - ok
01:38:57.0851 7660 usbhub (14d2a4dcd92c0b3368667aed6893463d) C:\Windows\system32\DRIVERS\usbhub.sys
01:38:57.0863 7660 usbhub - ok
01:38:57.0882 7660 usbohci (51dc36722172d45f2f935ce5cc18a812) C:\Windows\system32\DRIVERS\usbohci.sys
01:38:57.0885 7660 usbohci - ok
01:38:57.0899 7660 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
01:38:57.0903 7660 usbprint - ok
01:38:57.0933 7660 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
01:38:57.0936 7660 usbscan - ok
01:38:57.0964 7660 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:38:57.0968 7660 USBSTOR - ok
01:38:57.0989 7660 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
01:38:57.0992 7660 usbuhci - ok
01:38:58.0020 7660 UxSms (f79d0d7c9004474cb42746d9b2c30a2b) C:\Windows\System32\uxsms.dll
01:38:58.0024 7660 UxSms - ok
01:38:58.0086 7660 vds (c9d0bafee0d0a2681f048ca61bc0da96) C:\Windows\System32\vds.exe
01:38:58.0105 7660 vds - ok
01:38:58.0117 7660 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
01:38:58.0119 7660 vga - ok
01:38:58.0134 7660 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
01:38:58.0136 7660 VgaSave - ok
01:38:58.0157 7660 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
01:38:58.0165 7660 viaagp - ok
01:38:58.0176 7660 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
01:38:58.0178 7660 ViaC7 - ok
01:38:58.0191 7660 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
01:38:58.0193 7660 viaide - ok
01:38:58.0215 7660 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
01:38:58.0217 7660 volmgr - ok
01:38:58.0245 7660 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
01:38:58.0257 7660 volmgrx - ok
01:38:58.0306 7660 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
01:38:58.0319 7660 volsnap - ok
01:38:58.0364 7660 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
01:38:58.0378 7660 vsmraid - ok
01:38:58.0454 7660 VSS (e0e29d9ef2524abd11749c7c2fd7f607) C:\Windows\system32\vssvc.exe
01:38:58.0519 7660 VSS - ok
01:38:58.0601 7660 W32Time (62b0d0f6f5580d9d0dfa5e0b466ff2ed) C:\Windows\system32\w32time.dll
01:38:58.0646 7660 W32Time - ok
01:38:58.0681 7660 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
01:38:58.0684 7660 WacomPen - ok
01:38:58.0714 7660 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
01:38:58.0718 7660 Wanarp - ok
01:38:58.0728 7660 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
01:38:58.0730 7660 Wanarpv6 - ok
01:38:58.0760 7660 wcncsvc (c1b19162e0509ceab4cdf664e139d956) C:\Windows\System32\wcncsvc.dll
01:38:58.0780 7660 wcncsvc - ok
01:38:58.0795 7660 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
01:38:58.0803 7660 WcsPlugInService - ok
01:38:58.0821 7660 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
01:38:58.0823 7660 Wd - ok
01:38:58.0870 7660 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:38:58.0881 7660 Wdf01000 - ok
01:38:58.0892 7660 WdiServiceHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
01:38:58.0896 7660 WdiServiceHost - ok
01:38:58.0899 7660 WdiSystemHost (2a424b89b14ef17a3d06bcb5a8f79601) C:\Windows\system32\wdi.dll
01:38:58.0902 7660 WdiSystemHost - ok
01:38:58.0936 7660 WebClient (01e41c264eedcb827820a1909162579f) C:\Windows\System32\webclnt.dll
01:38:58.0951 7660 WebClient - ok
01:38:58.0964 7660 Wecsvc (9cf67ff7f8d34cbf115d0c278b9f74aa) C:\Windows\system32\wecsvc.dll
01:38:58.0968 7660 Wecsvc - ok
01:38:58.0981 7660 wercplsupport (b68cab45db1dab59d92acadfad6364a8) C:\Windows\System32\wercplsupport.dll
01:38:58.0984 7660 wercplsupport - ok
01:38:58.0999 7660 WerSvc (36ba0707680ef4236fd752bee982cc25) C:\Windows\System32\WerSvc.dll
01:38:59.0006 7660 WerSvc - ok
01:38:59.0053 7660 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
01:38:59.0070 7660 winachsf - ok
01:38:59.0124 7660 WinDefend (0d5ad0e71ff5ddac5dd2f443b499abd0) C:\Program Files\Windows Defender\mpsvc.dll
01:38:59.0139 7660 WinDefend - ok
01:38:59.0149 7660 WinHttpAutoProxySvc - ok
01:38:59.0196 7660 Winmgmt (38a7b89de4e3417c122317949667fdd8) C:\Windows\system32\wbem\WMIsvc.dll
01:38:59.0209 7660 Winmgmt - ok
01:38:59.0254 7660 WinRM (3f6823040030c3e4da1cf11cd40b7534) C:\Windows\system32\WsmSvc.dll
01:38:59.0259 7660 WinRM - ok
01:38:59.0313 7660 Wlansvc (7640acea41348bfef34b76e245501261) C:\Windows\System32\wlansvc.dll
01:38:59.0318 7660 Wlansvc - ok
01:38:59.0351 7660 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
01:38:59.0363 7660 WLSetupSvc - ok
01:38:59.0397 7660 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
01:38:59.0398 7660 WmiAcpi - ok
01:38:59.0421 7660 wmiApSrv (a279323bee5fffafda222910bce92132) C:\Windows\system32\wbem\WmiApSrv.exe
01:38:59.0427 7660 wmiApSrv - ok
01:38:59.0473 7660 WMPNetworkSvc (acb2e63d50157e3ea7140f29d9e76a48) C:\Program Files\Windows Media Player\wmpnetwk.exe
01:38:59.0496 7660 WMPNetworkSvc - ok
01:38:59.0523 7660 WPCSvc (3d3b3b80c12abe506f56930c46422c28) C:\Windows\System32\wpcsvc.dll
01:38:59.0537 7660 WPCSvc - ok
01:38:59.0553 7660 WPDBusEnum (c24844a1d0d9528b19d5bc266b8cd572) C:\Windows\system32\wpdbusenum.dll
01:38:59.0557 7660 WPDBusEnum - ok
01:38:59.0605 7660 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
01:38:59.0607 7660 WpdUsb - ok
01:38:59.0748 7660 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:38:59.0770 7660 WPFFontCache_v0400 - ok
01:38:59.0790 7660 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
01:38:59.0791 7660 ws2ifsl - ok
01:38:59.0801 7660 wscsvc (f97cbb919af6d0a6643d1a59c15014d1) C:\Windows\system32\wscsvc.dll
01:38:59.0805 7660 wscsvc - ok
01:38:59.0847 7660 WSDPrintDevice (f01f25b4227ad8d717c21f25f62b43c8) C:\Windows\system32\DRIVERS\WSDPrint.sys
01:38:59.0848 7660 WSDPrintDevice - ok
01:38:59.0853 7660 WSearch - ok
01:38:59.0939 7660 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
01:38:59.0990 7660 wuauserv - ok
01:39:00.0093 7660 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:39:00.0100 7660 WUDFRd - ok
01:39:00.0121 7660 wudfsvc (db5bf5aab72b1b99b5331231d09ebb26) C:\Windows\System32\WUDFSvc.dll
01:39:00.0125 7660 wudfsvc - ok
01:39:00.0176 7660 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
01:39:00.0178 7660 XAudio - ok
01:39:00.0230 7660 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
01:39:00.0242 7660 XAudioService - ok
01:39:00.0255 7660 XDva143 - ok
01:39:00.0262 7660 XDva189 - ok
01:39:00.0320 7660 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
01:39:00.0479 7660 \Device\Harddisk0\DR0 - ok
01:39:00.0483 7660 Boot (0x1200) (e6f4cbad496b648e9bfd5c2f223b185d) \Device\Harddisk0\DR0\Partition0
01:39:00.0485 7660 \Device\Harddisk0\DR0\Partition0 - ok
01:39:00.0511 7660 Boot (0x1200) (68a9f06db0059eefb9f186ee53df07ec) \Device\Harddisk0\DR0\Partition1
01:39:00.0513 7660 \Device\Harddisk0\DR0\Partition1 - ok
01:39:00.0513 7660 ============================================================
01:39:00.0513 7660 Scan finished
01:39:00.0513 7660 ============================================================
01:39:00.0528 2320 Detected object count: 0
01:39:00.0528 2320 Actual detected object count: 0

____________________________________________________
____________________________________________________

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-17 01:41:05
-----------------------------
01:41:05.703 OS Version: Windows 6.0.6000
01:41:05.703 Number of processors: 2 586 0x4303
01:41:05.705 ComputerName: IKENEMEN2857-PC UserName: NotUsing
01:41:45.375 Initialize success
01:47:36.961 AVAST engine defs: 12071601
01:49:13.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
01:49:13.540 Disk 0 Vendor: ST350063 3.CH Size: 476940MB BusType: 6
01:49:13.558 Disk 0 MBR read successfully
01:49:13.562 Disk 0 MBR scan
01:49:13.574 Disk 0 Windows VISTA default MBR code
01:49:13.579 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 467870 MB offset 63
01:49:13.615 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9066 MB offset 958199760
01:49:13.641 Disk 0 scanning sectors +976767120
01:49:13.710 Disk 0 scanning C:\Windows\system32\drivers
01:49:26.091 Service scanning
01:49:53.395 Modules scanning
01:50:22.045 Disk 0 trace - called modules:
01:50:22.083 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys ndis.sys nvmfdx32.sys
01:50:22.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85b80ad8]
01:50:22.103 3 ntkrnlpa.exe[824b0d35] -> nt!IofCallDriver -> [0x848a2978]
01:50:22.113 5 acpi.sys[804d632a] -> nt!IofCallDriver -> \Device\0000005d[0x8530bb98]
01:50:24.039 AVAST engine scan C:\Windows
01:50:30.163 AVAST engine scan C:\Windows\system32
01:54:13.172 AVAST engine scan C:\Windows\system32\drivers
01:54:50.702 AVAST engine scan C:\Users\NotUsing
01:55:56.471 Disk 0 MBR has been saved successfully to "C:\Users\NotUsing\Desktop\MBR.dat"
01:55:56.480 The log file has been saved successfully to "C:\Users\NotUsing\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 AM

Posted 17 July 2012 - 10:37 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\ConduitEngine

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050

Firefox::
FF - ProfilePath - c:\users\NotUsing\AppData\Roaming\Mozilla\Firefox\Profiles\smxc841v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=4B1E3171-11E1-4D35-83F9-CA19AA0F0446&n=77ed2dfd&ind=2012032509&id=UXxdm038YYus&ptnrS=UXxdm038YYus&si=bing_maps-broad&searchfor=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 18 July 2012 - 11:10 PM

Here is the log. I didn't have any problems running combo fix. Other than I had to restart my computer before I could use firefox.
But after the restart, the computer seems to be operating better than ever.

ComboFix 12-07-18.04 - NotUsing 07/18/2012 21:51:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2942.887 [GMT -5:00]
Running from: c:\users\NotUsing\Desktop\ComboFix.exe
Command switches used :: c:\users\NotUsing\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
.
.
((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 )))))))))))))))))))))))))))))))
.
.
2012-07-12 09:43 . 2012-07-12 09:43 -------- d-----w- c:\users\NotUsing\AppData\Roaming\Malwarebytes
2012-07-12 09:43 . 2012-07-12 09:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-12 09:43 . 2012-07-12 09:43 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 09:43 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 05:56 . 2012-07-12 05:56 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 23:26 . 2006-11-02 08:57 68096 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-05-31 17:25 . 2009-10-02 18:21 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-25 13:05 . 2011-03-24 04:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 21:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NotUsing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NotUsing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\NotUsing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-08-24 3077528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-30 39408]
"Netscape"="c:\users\NotUsing\AppData\Local\Netscape\wvghvmos.dll" [2011-12-24 606208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"lxecmon.exe"="c:\program files\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files\Lexmark Pro800-Pro900 Series\ezprint.exe" [2010-05-17 148280]
"Joystick 2 Mouse"="c:\program files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe" [2005-07-28 176128]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-03-25 42536]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe" [2011-09-16 1040824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2011-06-07 19:29 2573312 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-03 08:43 136176 ----atw- c:\users\NotUsing\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy Search Scope Monitor]
2012-03-25 14:05 42536 ----a-w- c:\progra~1\MAPSGA~2\bar\1.bin\39SrchMn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MapsGalaxy_39 Browser Plugin Loader]
2012-03-25 14:05 30096 ----a-w- c:\progra~1\MAPSGA~2\bar\1.bin\39brmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-09-30 20:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-04-01 18:49 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-08-22 17:57 1006264 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - EraserUtilDrv11120
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
NECUsb3s REG_MULTI_SZ NEC Usb3
.
Contents of the 'Scheduled Tasks' folder
.
2007-12-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-30 20:05]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-30 20:05]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618752605-3819726555-3655755188-1003Core.job
- c:\users\NotUsing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 08:43]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3618752605-3819726555-3655755188-1003UA.job
- c:\users\NotUsing\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-03 08:43]
.
2007-12-25 c:\windows\Tasks\HPCeeScheduleForikeneme N2857.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-08-22 23:55]
.
2012-07-03 c:\windows\Tasks\HPCeeScheduleForNotUsing.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-08-22 23:55]
.
2012-07-18 c:\windows\Tasks\Norton Security Scan for NotUsing.job
- c:\progra~1\NORTON~4\Engine\301~1.8\Nss.exe [2011-01-12 07:45]
.
2012-07-19 c:\windows\Tasks\User_Feed_Synchronization-{3DAE6D88-D977-464C-9B31-122CE8B27C2E}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-07-19 c:\windows\Tasks\User_Feed_Synchronization-{411B3A11-83EC-45FB-8747-47A77A18EBA6}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-07-19 c:\windows\Tasks\User_Feed_Synchronization-{D21D2D4B-EAE2-4B00-8946-DE0E48A2A7C2}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
2012-07-19 c:\windows\Tasks\User_Feed_Synchronization-{EB042B35-A920-4B0C-AF10-2DBED7C4129D}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\NotUsing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\NotUsing\AppData\Roaming\Mozilla\Firefox\Profiles\smxc841v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 204.232.206.87
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-18 22:15
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Netscape = rundll32.exe c:\users\NotUsing\AppData\Local\Netscape\wvghvmos.dll,DllRegisterServer?123456789
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6048)
c:\users\NotUsing\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\System32\netshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\libusbd-nt.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxeccoms.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
c:\program files\Common Files\Motive\pcCMService.exe
c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DllHost.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
c:\program files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
.
**************************************************************************
.
Completion time: 2012-07-18 22:21:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-19 03:21
ComboFix2.txt 2012-07-12 20:14
.
Pre-Run: 181,923,729,408 bytes free
Post-Run: 182,773,985,280 bytes free
.
- - End Of File - - 6EAE0818A41CDDCA766CD366D5262218

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 AM

Posted 18 July 2012 - 11:15 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 19 July 2012 - 02:32 PM

Here is the report

010 Editor 3.1.2
2007 Office Sample: (Visual Basic) Ribbon Snippets
3Impact v5 Demos
4t Tray Minimizer Free 4.40
4U Download YouTube Video (version 1.5.6)
7-Zip 4.60 beta
ABBYY FineReader 6.0 Sprint
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Active GIF Creator 3.2
ActiveCheck component for HP Active Support Library
Adobe After Effects 7.0
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge 1.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 1.0
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 2.0
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files CS4
Adobe Reader 9.1
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AdobeColorCommonSetRGB
Advanced GIF Animator 3.0
Advanced IP Scanner v1.5
AI RoboForm (All Users)
Aimersoft iPod Video Converter(Build 1.1.30)
Alice Application
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aptana Studio 3
Ares Tube 3.0
As Simple As Photoshop 6.5
Audacity 1.2.6
Auto Macro Recorder V5.0 (Pro V5.2) Trial Version
Autodesk 3ds Max 9 32-bit
Autodesk DWF Viewer 7
AutoUpdate
Avatar - Legends of The Arena
AVS DVDMenu Editor 1.2.1.19
AVS Video to GO
AVS Video Tools 5.6
AVS4YOU Software Navigator 1.3
Axife Mouse Recorder DEMO 5.01
Backburner
Ben 10 Alien Force Bounty Hunters
Bing Maps 3D
BitLord 1.1
Blender
Bonjour
Build Your Own Net Dream (remove only)
Compatibility Pack for the 2007 Office system
Conduit Engine
Corel WinDVD 9
CreaToon 3.0
Dark Basic Lite
Dark GDK
Dark Source
DFOLauncher
Disney Pirates of the Caribbean Online
DivX Converter
DivX Web Player
DJ_SF_03_D1500_Software_Min
Dropbox
DVDVideoSoftTB Toolbar
Easy Gif Maker 1.8
Electronic Care Plan Maker Geriatric
eMusic - 50 Free MP3 offer
Enhanced Multimedia Keyboard Solution
Fast Video to GIF SWF Converter
FastCapPro version 2.0.1
Fiesta
Fighter Factory 1.0.9.2005 + Update Pack 1
FileZilla Server
Firewall 2.6 Demo
Flash Convert 2.5
FLV Player 2.0 (build 25)
FoxTab PDF Converter
Free iPod Video Converter 1.26
Free Studio version 4.6
Free YouTube Download 2.1
Free YouTube to iPod Converter version 2.8
Free YouTube to MP3 Converter version 3.10.11.923
Game Creators Dark GDK
Game Maker 7.0
Game Maker 8.0
Game Maker 8.0 BETA
Game Maker 8.0 BETA 2
Game Maker 8.0 RC
Game Maker 8.0 RC2
GIMP 2.4.6
gmax
Google Chrome
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
Graboid Video 1.3
GraphicsGale FreeEdition version 1.93.10
Hamachi 1.0.1.5
HiDownload
Higher Score on the ACT
Highlight Viewer (Windows Live Toolbar)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Deskjet D1500 Printer Driver 10.0 Rel .3
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPAsset component for HP Active Support Library
HyperCam 2
HyperCam Toolbar
iMesh
Install-CSB-3000
IrfanView (remove only)
iTunes
Jasc Animation Shop 3
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 1
Java™ SE Development Kit 7 Update 1
Java™ SE Runtime Environment 6 Update 1
Joystick 2 Mouse 3
JSmooth 0.9.9-7
Junior Icon Editor
LEGO Star Wars 2 DEMO
Lexmark Printable Web
Lexmark Pro800-Pro900 Series
Lexmark Toolbar
LFO Demo
LibUSB-Win32-0.1.10.1
LightScribe 1.6.45.1
Little Fighter 2 version 2.0
Magic Particles (Dev) 1.62
Malwarebytes Anti-Malware version 1.62.0.1300
Map Button (Windows Live Toolbar)
MapleStory
MapsGalaxy Toolbar
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft DirectX SDK (August 2007)
Microsoft DirectX SDK (August 2008)
Microsoft Document Explorer 2008
Microsoft Document Explorer 2008 (6001.18000.367)
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Ribbon for WPF October 2010 (Version 4.0.0.11019)
Microsoft Ribbon for WPF Source and Samples (V. 4.0.0.11019)
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server VSS Writer
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft VC Redist 2008 (6001.18000.367)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft VM for Java
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Windows Server 2008 (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Common Utilities (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Headers and Libraries (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Samples (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Utilities for Win32 Development (6001.18000.367)
Microsoft Windows SDK for Windows Server 2008 Win32 Documentation (6001.18000.367)
Microsoft Windows SDK MDAC Headers and Libraries (6001.18000.367)
Microsoft Works
MoleBox Pro 2 (3054)
Move Media Player
Movies
Mozilla ActiveX Control v1.7.12
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Converter Simple
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.0
My HP Games
MyITLab ActiveX Installer 2, 9, 8, 65535
NaturalMotion endorphin 2.7.1
NCLEX-RN 4000 - Individual Version
NetBeans IDE 7.0.1
Newsletter Tutorial - HUDS II - The Next Level
Newsletter Tutorial - Space Invaders Part III
No-IP.com DUC (remove only)
Norton 360
Norton Internet Security
Norton PC Checkup
Norton Security Scan
NortonVRQ
Notepad++
¤p°«¤h(¤G)NeoĀōĆö 2.7
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Outspark Launcher
Outspark Sharp Launcher
Paint.NET v3.5.3
Pando Media Booster
particleIllusion 3.0
particleView 3.2.1
PC Image Editor
Pcsx2 0.9.4 Watermoose
PDF Settings CS4
PECompact2
Photo Story 3 for Windows
PhotoFiltre
Phys2D Demo Box
Pirate Galaxy
Pivot Stickfigure Animator
Pixia
PopChar 3.3
Prince of Persia Warrior Within (Demo)
Pro Motion 6
project dogwaffle
Project Powder
PSP Video 9 2.25
PSSWCORE
Python 2.5
Python 2.6.2
Python 3.1
QuickTime
RCA Detective™ 2.0.0.98
RCA Digital Voice Manager 5.0.3.1
ReadPlease 2003/ReadPlease PLUS 2003
Realtek High Definition Audio Driver
RealWorld Cursor Editor
Recuva (remove only)
RGSS-RTP Standard
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RPGXP
Runes of Magic
Safari
Scratch
Security Update for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB2251487)
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Serif PhotoPlus 5.5
Shin Megami Tensei: Imagine
Sho Online
SkinCrafter 3.4.4 Demo
SkinCrafter Installer 3.0.2
Smart Menus (Windows Live Toolbar)
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Spider-Man Demo
Spriter's WorkShop
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Stickman 4.9
Stickman 5
StudyWare - Human Diseases
Stykz 1.0 for Windows (RC 4)
Subversion 1.4.5-r25188
swMSM
Sygate Personal Firewall
System Requirements Lab
TileSetMaker
Toolbox
Toon Boom Studio 4.5 Trial
Topaz Vivacity
Undelete Plus 2.98
Uninstall 1.0.0.1
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
vbAdvance 3.1
VC Runtimes MSI
VDrift (remove only)
Veoh Web Player
VideoGet
VideoLAN VLC media player 0.8.6d
VideoToolkit01
Visual C++ 8.0 CRT (x86) WinSXS MSM
Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
Visual C++ 8.0 MFC (x86) WinSXS MSM
Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
WavePad Sound Editor
WeatherBug Gadget
Winamp
Windows Driver Package - Hewlett-Packard (HidUsb) HIDClass (01/26/2010 1.12.7600.16385)
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Player Firefox Plugin
WindSlayer
WinPcap 4.0
WinRAR archiver
WM Recorder 12.1
wxdevcpp 7.0rc5
Wyzo 0.5.3
X-Men™ Legends 2 Demo
Xvid 1.1.3 final uninstall
XviD MPEG-4 Video Codec
Yahoo! Messenger
Yahoo! Search Protection
ZIP Reader 8.00.0018

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 AM

Posted 19 July 2012 - 02:48 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1
BitLord 1.1
Conduit Engine
eMusic - 50 Free MP3 offer
iMesh
Java™ 6 Update 29
Java™ 7 Update 1
Java™ SE Development Kit 7 Update 1
Java™ SE Runtime Environment 6 Update 1
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Daiquiri

Daiquiri
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:43 AM

Posted 20 July 2012 - 10:17 AM

MBAM Log
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.20.04

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.17037
NotUsing :: IKENEMEN2857-PC [administrator]

Protection: Enabled

7/20/2012 4:31:17 AM
mbam-log-2012-07-20 (04-31-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 315447
Time elapsed: 23 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)

HiJack This Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:02 AM, on 7/20/2012
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\rundll32.exe
C:\Users\NotUsing\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\NotUsing\Documents\RCA Detective\RCADetective.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
C:\Program Files\Mozilla Firefox 3 Beta 4\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
C:\Users\NotUsing\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\HyperCam Toolbar\tbcore3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [lxecmon.exe] "C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe"
O4 - HKLM\..\Run: [Joystick 2 Mouse] C:\Program Files\Joystick 2 Mouse 3\Joystick 2 Mouse.exe /NoConfigure
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Netscape] rundll32.exe C:\Users\NotUsing\AppData\Local\Netscape\wvghvmos.dll,DllRegisterServer
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Shockwave Updater] "C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Shockwave Updater] "C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update (User 'Default user')
O4 - User Startup: Dropbox.lnk = NotUsing\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - User Startup: RCA Detective.lnk = NotUsing\Documents\RCA Detective\RCADetective.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\NotUsing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG WatchDog (avg9wd) - Unknown owner - C:\Program Files\AVG\AVG9\avgwdsvc.exe (file missing)
O23 - Service: BFE - Unknown owner - C:\Windows\.
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxecserv.exe
O23 - Service: lxec_device - - C:\Windows\system32\lxeccoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MpsSvc - Unknown owner - C:\Windows\.
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Norton PC Checkup\Engine\2.0.2.506\ccSvcHst.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13897 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:43 AM

Posted 20 July 2012 - 09:58 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Netscape] rundll32.exe C:\Users\NotUsing\AppData\Local\Netscape\wvghvmos.dll,DllRegisterServer
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [Shockwave Updater] "C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [Shockwave Updater] "C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update (User 'Default user')
      O4 - User Startup: Dropbox.lnk = NotUsing\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - User Startup: RCA Detective.lnk = NotUsing\Documents\RCA Detective\RCADetective.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users