Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Zeroaccess.B need help


  • This topic is locked This topic is locked
18 replies to this topic

#1 Ryan11444

Ryan11444

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 12 July 2012 - 10:35 PM

I have Norton Security Suite, and after running a scan the result's show that I have "Infections" the main one being Trojan.Zeroaccess.B which has caused my computer to run slower. It has also just started to redirect me when I click on links from google's search. I aldready have started my computer in Safe Mode and have tried running TDSS and NPE, which removed some "risks". But the Trojan.Zeroaccess.B is still there. I would appreciate it greatly if someone could please help me deal with this problem.


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Ryan at 21:52:00 on 2012-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1380 [GMT -5:00]
.
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.youtube.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\2456C6B696E6F5E4B2F5433324138303 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\25F6765627 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\25F6765627 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\377716E637F6E60286F6573756 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\377716E637F6E60286F6573756 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\7496E676562772370284F6573756 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\7496E676562772370284F6573756 : DhcpNameServer = 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R0 SMR300;Symantec SMR Utility Service 3.0.0;c:\windows\system32\drivers\SMR300.SYS [2012-7-12 83064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-7-20 167936]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-11 821920]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20120710.001\IDSvix86.sys [2012-7-10 382624]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys [2011-10-31 340088]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-7-20 176128]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-25 135664]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-6-2 763840]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files\m-audio\usb midi series\AudioDevMon.exe [2010-4-13 1636872]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files\common files\symantec shared\eengine\EraserUtilDrv11210.sys [2012-7-12 106656]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-1-11 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-25 135664]
S3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\drivers\MAudioUSBMIDI.sys [2010-4-13 170248]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-7-20 171520]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-7-20 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-28 1343400]
S4 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2011-1-12 28762]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-13 01:47:27 110080 ----a-r- c:\users\ryan\appdata\roaming\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconF7A21AF7.exe
2012-07-13 01:47:27 110080 ----a-r- c:\users\ryan\appdata\roaming\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconD7F16134.exe
2012-07-13 01:47:27 110080 ----a-r- c:\users\ryan\appdata\roaming\microsoft\installer\{9e897d0f-f804-41a3-966c-7bb6eb5b6be8}\IconCF33A0CE.exe
2012-07-13 01:47:26 -------- d-----w- C:\sh4ldr
2012-07-13 01:47:26 -------- d-----w- c:\program files\Enigma Software Group
2012-07-13 01:47:13 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-13 01:47:09 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-07-13 01:39:15 -------- d-----w- c:\users\ryan\appdata\roaming\GetRightToGo
2012-07-13 01:18:42 20 ----a-w- c:\windows\system32\drivers\SMR300.dat
2012-07-13 01:18:41 83064 ----a-w- c:\windows\system32\drivers\SMR300.SYS
2012-07-13 00:48:08 -------- d-----w- c:\users\ryan\appdata\roaming\SpeedyPC Software
2012-07-13 00:48:08 -------- d-----w- c:\users\ryan\appdata\roaming\DriverCure
2012-07-13 00:48:02 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-07-13 00:48:01 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-13 00:48:01 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-13 00:05:03 -------- d-----w- c:\users\ryan\appdata\roaming\Tific
2012-07-12 22:54:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-12 09:43:43 -------- d-----w- c:\users\ryan\appdata\local\NPE
2012-07-11 04:43:06 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 21:45:51 749568 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iKernel.dll
2012-07-10 21:45:51 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\ctor.dll
2012-07-10 21:45:51 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\DotNetInstaller.exe
2012-07-10 21:45:51 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iscript.dll
2012-07-10 21:45:51 180224 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iuser.dll
2012-07-10 21:45:48 192644 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\iGdi.dll
2012-07-10 21:45:47 323716 ----a-w- c:\program files\common files\installshield\professional\runtime\10\50\intel32\setup.dll
2012-07-10 12:05:29 -------- d-----w- c:\windows\DISNEY
2012-07-10 12:04:23 -------- d-----w- c:\program files\Disney Interactive
2012-07-10 12:03:49 304128 ----a-w- c:\windows\IsUninst.exe
2012-07-02 19:38:13 -------- d-----w- c:\users\ryan\appdata\local\{4848F142-1526-45DF-BD93-D02E5D194E21}
2012-07-02 19:32:14 87608 ----a-w- c:\users\ryan\appdata\roaming\inst.exe
2012-07-02 19:32:14 47360 ----a-w- c:\users\ryan\appdata\roaming\pcouffin.sys
2012-06-24 01:45:49 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 01:45:26 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 01:44:45 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 01:44:45 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-14 19:48:42 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 19:48:40 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 19:48:40 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 19:48:40 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 19:48:39 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 19:48:37 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 19:48:34 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 19:48:30 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 19:48:30 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 19:48:29 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
==================== Find3M ====================
.
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-19 03:57:38 113072 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
============= FINISH: 21:52:47.04 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 AM

Posted 13 July 2012 - 12:39 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Ryan11444

Ryan11444
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 13 July 2012 - 03:19 PM

Hello Gringo,

Thank you for your help! It is much appreciated. The computer is still running kinda slow, but the redirect on explorer has stopped. On safemode at least.

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
SpyHunter
Java™ 6 Update 14
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.2.152.32 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


ComboFix 12-07-13.03 - Ryan 07/13/2012 14:55:13.1.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1285 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\1.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\users\Ryan\AppData\Roaming\inst.exe
c:\users\Ryan\AppData\Roaming\vso_ts_preview.xml
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\f3PSSavr.scr
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 20:02 . 2012-07-13 20:05 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2012-07-13 01:47 . 2012-07-13 01:47 110080 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe
2012-07-13 01:47 . 2012-07-13 01:47 110080 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe
2012-07-13 01:47 . 2012-07-13 01:47 110080 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe
2012-07-13 01:47 . 2012-07-13 01:47 -------- d-----w- C:\sh4ldr
2012-07-13 01:47 . 2012-07-13 01:47 -------- d-----w- c:\program files\Enigma Software Group
2012-07-13 01:47 . 2012-07-13 01:47 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-13 01:47 . 2012-07-13 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-13 01:39 . 2012-07-13 01:40 -------- d-----w- c:\users\Ryan\AppData\Roaming\GetRightToGo
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\users\Ryan\AppData\Roaming\SpeedyPC Software
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-13 00:05 . 2012-07-13 00:05 -------- d-----w- c:\users\Ryan\AppData\Roaming\Tific
2012-07-12 22:54 . 2012-07-12 22:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-12 09:43 . 2012-07-13 01:19 -------- d-----w- c:\users\Ryan\AppData\Local\NPE
2012-07-11 04:43 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 21:45 . 2004-10-22 07:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-07-10 21:45 . 2004-10-22 07:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-07-10 21:45 . 2004-10-22 07:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-07-10 21:45 . 2004-10-22 07:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-07-10 21:45 . 2004-10-22 07:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-07-10 21:45 . 2012-07-10 21:45 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-07-10 21:45 . 2012-07-10 21:45 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-07-10 12:05 . 2012-07-10 12:05 -------- d-----w- c:\windows\DISNEY
2012-07-10 12:04 . 2012-07-13 02:31 -------- d-----w- c:\program files\Disney Interactive
2012-07-10 12:03 . 1998-01-23 17:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-07-02 19:32 . 2012-07-02 19:32 47360 ----a-w- c:\users\Ryan\AppData\Roaming\pcouffin.sys
2012-06-24 01:45 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 01:45 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 01:45 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 01:45 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 01:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 01:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 01:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 01:44 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 01:44 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 19:48 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 19:48 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 19:48 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 19:48 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 19:48 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 19:48 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 19:48 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 19:48 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 19:48 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 19:48 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 03:57 . 2012-04-19 03:57 113072 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-05 17:43 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 04:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [x]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120710.001\IDSvix86.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [x]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files\M-Audio\USB MIDI Series\AudioDevMon.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 17:21]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 17:21]
.
2012-07-13 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-13 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-07-13 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\25F6765627: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\377716E637F6E60286F6573756: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\7496E676562772370284F6573756: NameServer = 8.8.8.8,8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKCU-Run-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1335841894-2378013945-3772098520-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1335841894-2378013945-3772098520-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1335841894-2378013945-3772098520-1001\Software\SecuROM\License information*]
"datasecu"=hex:07,f6,10,b7,5c,0e,a2,9e,0e,d1,3a,e0,a7,65,db,81,ab,43,bc,f8,42,
fd,e6,35,ed,b3,f6,59,6f,52,62,90,7d,7e,9c,38,15,ad,b3,57,3d,65,f8,23,3a,18,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1520)
c:\windows\System32\Actioncenter.dll
c:\windows\system32\imapi2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2012-07-13 15:09:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-13 20:09
.
Pre-Run: 109,389,975,552 bytes free
Post-Run: 109,197,090,816 bytes free
.
- - End Of File - - 4B336F9638A901DCB70A08D04D594D48

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 AM

Posted 13 July 2012 - 03:28 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Ryan11444

Ryan11444
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 13 July 2012 - 04:08 PM

Hello again,

It is hard to tell if there is any difference in performance, but it seem's to load a bit faster.

15:48:04.0178 0608 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
15:48:05.0426 0608 ============================================================
15:48:05.0426 0608 Current date / time: 2012/07/13 15:48:05.0426
15:48:05.0426 0608 SystemInfo:
15:48:05.0426 0608
15:48:05.0426 0608 OS Version: 6.1.7601 ServicePack: 1.0
15:48:05.0426 0608 Product type: Workstation
15:48:05.0426 0608 ComputerName: RYAN-PC
15:48:05.0426 0608 UserName: Ryan
15:48:05.0426 0608 Windows directory: C:\windows
15:48:05.0426 0608 System windows directory: C:\windows
15:48:05.0426 0608 Processor architecture: Intel x86
15:48:05.0426 0608 Number of processors: 1
15:48:05.0426 0608 Page size: 0x1000
15:48:05.0426 0608 Boot type: Safe boot with network
15:48:05.0426 0608 ============================================================
15:48:06.0658 0608 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:48:06.0658 0608 Drive \Device\Harddisk1\DR2 - Size: 0x77200000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:48:06.0674 0608 ============================================================
15:48:06.0674 0608 \Device\Harddisk0\DR0:
15:48:06.0674 0608 MBR partitions:
15:48:06.0674 0608 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
15:48:06.0674 0608 \Device\Harddisk1\DR2:
15:48:06.0674 0608 MBR partitions:
15:48:06.0674 0608 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3B8FE0
15:48:06.0674 0608 ============================================================
15:48:06.0705 0608 C: <-> \Device\Harddisk0\DR0\Partition0
15:48:06.0705 0608 ============================================================
15:48:06.0705 0608 Initialize success
15:48:06.0705 0608 ============================================================
15:49:12.0428 1640 ============================================================
15:49:12.0428 1640 Scan started
15:49:12.0428 1640 Mode: Manual;
15:49:12.0428 1640 ============================================================
15:49:13.0504 1640 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
15:49:13.0520 1640 1394ohci - ok
15:49:13.0676 1640 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
15:49:13.0676 1640 ACPI - ok
15:49:13.0785 1640 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
15:49:13.0785 1640 AcpiPmi - ok
15:49:13.0957 1640 Adobe LM Service (8b46d5a1d3ef08232c04d0eafb871fb2) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:49:13.0957 1640 Adobe LM Service - ok
15:49:14.0082 1640 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:49:14.0097 1640 adp94xx - ok
15:49:14.0175 1640 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:49:14.0175 1640 adpahci - ok
15:49:14.0191 1640 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:49:14.0206 1640 adpu320 - ok
15:49:14.0300 1640 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
15:49:14.0300 1640 AeLookupSvc - ok
15:49:14.0409 1640 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
15:49:14.0409 1640 AFD - ok
15:49:14.0596 1640 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
15:49:14.0612 1640 AgereSoftModem - ok
15:49:14.0706 1640 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
15:49:14.0706 1640 agp440 - ok
15:49:14.0815 1640 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:49:14.0815 1640 aic78xx - ok
15:49:14.0986 1640 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
15:49:14.0986 1640 ALG - ok
15:49:15.0033 1640 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
15:49:15.0033 1640 aliide - ok
15:49:15.0220 1640 AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\windows\system32\atiesrxx.exe
15:49:15.0220 1640 AMD External Events Utility - ok
15:49:15.0252 1640 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
15:49:15.0252 1640 amdagp - ok
15:49:15.0330 1640 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
15:49:15.0330 1640 amdide - ok
15:49:15.0439 1640 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:49:15.0454 1640 AmdK8 - ok
15:49:15.0532 1640 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:49:15.0532 1640 AmdPPM - ok
15:49:15.0642 1640 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
15:49:15.0642 1640 amdsata - ok
15:49:15.0673 1640 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:49:15.0673 1640 amdsbs - ok
15:49:15.0751 1640 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
15:49:15.0766 1640 amdxata - ok
15:49:15.0860 1640 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
15:49:15.0860 1640 AppID - ok
15:49:15.0907 1640 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
15:49:15.0907 1640 AppIDSvc - ok
15:49:16.0016 1640 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
15:49:16.0016 1640 Appinfo - ok
15:49:16.0281 1640 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:49:16.0281 1640 Apple Mobile Device - ok
15:49:16.0390 1640 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:49:16.0406 1640 arc - ok
15:49:16.0468 1640 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:49:16.0468 1640 arcsas - ok
15:49:16.0515 1640 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:49:16.0515 1640 AsyncMac - ok
15:49:16.0593 1640 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
15:49:16.0593 1640 atapi - ok
15:49:16.0874 1640 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\windows\system32\DRIVERS\atikmdag.sys
15:49:17.0014 1640 atikmdag - ok
15:49:17.0295 1640 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
15:49:17.0311 1640 AtiPcie - ok
15:49:17.0420 1640 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:49:17.0420 1640 AudioEndpointBuilder - ok
15:49:17.0498 1640 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
15:49:17.0498 1640 Audiosrv - ok
15:49:17.0592 1640 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
15:49:17.0592 1640 AxInstSV - ok
15:49:17.0716 1640 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:49:17.0732 1640 b06bdrv - ok
15:49:17.0841 1640 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:49:17.0841 1640 b57nd60x - ok
15:49:17.0950 1640 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
15:49:17.0950 1640 BDESVC - ok
15:49:18.0044 1640 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:49:18.0044 1640 Beep - ok
15:49:18.0169 1640 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
15:49:18.0184 1640 BFE - ok
15:49:18.0762 1640 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
15:49:18.0980 1640 BHDrvx86 - ok
15:49:19.0308 1640 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
15:49:19.0448 1640 BITS - ok
15:49:19.0495 1640 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:49:19.0557 1640 blbdrive - ok
15:49:19.0713 1640 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:49:19.0776 1640 Bonjour Service - ok
15:49:19.0822 1640 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
15:49:19.0822 1640 bowser - ok
15:49:19.0900 1640 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:49:19.0900 1640 BrFiltLo - ok
15:49:19.0994 1640 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:49:19.0994 1640 BrFiltUp - ok
15:49:20.0041 1640 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
15:49:20.0041 1640 BridgeMP - ok
15:49:20.0150 1640 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
15:49:20.0150 1640 Browser - ok
15:49:20.0244 1640 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:49:20.0322 1640 Brserid - ok
15:49:20.0353 1640 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:49:20.0353 1640 BrSerWdm - ok
15:49:20.0431 1640 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:49:20.0431 1640 BrUsbMdm - ok
15:49:20.0446 1640 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:49:20.0446 1640 BrUsbSer - ok
15:49:20.0462 1640 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:49:20.0462 1640 BTHMODEM - ok
15:49:20.0618 1640 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
15:49:20.0618 1640 bthserv - ok
15:49:20.0821 1640 catchme - ok
15:49:21.0008 1640 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\windows\system32\drivers\N360\0404000.00C\ccHPx86.sys
15:49:21.0070 1640 ccHP - ok
15:49:21.0117 1640 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:49:21.0180 1640 cdfs - ok
15:49:21.0289 1640 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
15:49:21.0304 1640 cdrom - ok
15:49:21.0414 1640 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:49:21.0414 1640 CertPropSvc - ok
15:49:21.0632 1640 cfWiMAXService (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
15:49:21.0632 1640 cfWiMAXService - ok
15:49:21.0679 1640 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:49:21.0679 1640 circlass - ok
15:49:21.0772 1640 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:49:21.0772 1640 CLFS - ok
15:49:21.0944 1640 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:49:21.0944 1640 clr_optimization_v2.0.50727_32 - ok
15:49:22.0131 1640 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:49:22.0178 1640 clr_optimization_v4.0.30319_32 - ok
15:49:22.0272 1640 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:49:22.0272 1640 CmBatt - ok
15:49:22.0350 1640 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
15:49:22.0350 1640 cmdide - ok
15:49:22.0443 1640 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
15:49:22.0474 1640 CNG - ok
15:49:22.0552 1640 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:49:22.0568 1640 Compbatt - ok
15:49:22.0677 1640 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
15:49:22.0677 1640 CompositeBus - ok
15:49:22.0771 1640 COMSysApp - ok
15:49:22.0896 1640 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:49:22.0896 1640 ConfigFree Service - ok
15:49:23.0005 1640 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:49:23.0005 1640 crcdisk - ok
15:49:23.0114 1640 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
15:49:23.0114 1640 CryptSvc - ok
15:49:23.0223 1640 dc3d (94010220445f181ade8e7ca9c3a98bf4) C:\windows\system32\DRIVERS\dc3d.sys
15:49:23.0286 1640 dc3d - ok
15:49:23.0410 1640 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:49:23.0410 1640 DcomLaunch - ok
15:49:23.0520 1640 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
15:49:23.0520 1640 defragsvc - ok
15:49:23.0613 1640 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
15:49:23.0613 1640 DfsC - ok
15:49:23.0800 1640 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
15:49:23.0800 1640 Dhcp - ok
15:49:23.0847 1640 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:49:23.0847 1640 discache - ok
15:49:23.0941 1640 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:49:23.0956 1640 Disk - ok
15:49:24.0034 1640 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
15:49:24.0034 1640 Dnscache - ok
15:49:24.0144 1640 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
15:49:24.0144 1640 dot3svc - ok
15:49:24.0253 1640 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
15:49:24.0253 1640 DPS - ok
15:49:24.0346 1640 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:49:24.0346 1640 drmkaud - ok
15:49:24.0471 1640 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
15:49:24.0487 1640 DXGKrnl - ok
15:49:24.0565 1640 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
15:49:24.0580 1640 EapHost - ok
15:49:24.0861 1640 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:49:24.0892 1640 ebdrv - ok
15:49:25.0064 1640 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:49:25.0064 1640 eeCtrl - ok
15:49:25.0329 1640 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
15:49:25.0329 1640 EFS - ok
15:49:25.0454 1640 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
15:49:25.0516 1640 ehRecvr - ok
15:49:25.0563 1640 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
15:49:25.0563 1640 ehSched - ok
15:49:25.0750 1640 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:49:25.0766 1640 elxstor - ok
15:49:26.0000 1640 EraserUtilDrv11210 (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys
15:49:26.0000 1640 EraserUtilDrv11210 - ok
15:49:26.0203 1640 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:49:26.0203 1640 EraserUtilRebootDrv - ok
15:49:26.0296 1640 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
15:49:26.0296 1640 ErrDev - ok
15:49:26.0421 1640 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
15:49:26.0421 1640 EventSystem - ok
15:49:26.0530 1640 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:49:26.0530 1640 exfat - ok
15:49:26.0608 1640 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:49:26.0608 1640 fastfat - ok
15:49:26.0749 1640 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
15:49:26.0749 1640 Fax - ok
15:49:26.0827 1640 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:49:26.0827 1640 fdc - ok
15:49:26.0920 1640 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
15:49:26.0920 1640 fdPHost - ok
15:49:26.0952 1640 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
15:49:26.0952 1640 FDResPub - ok
15:49:27.0030 1640 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:49:27.0030 1640 FileInfo - ok
15:49:27.0061 1640 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:49:27.0061 1640 Filetrace - ok
15:49:27.0139 1640 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:49:27.0139 1640 flpydisk - ok
15:49:27.0248 1640 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:49:27.0248 1640 FltMgr - ok
15:49:27.0373 1640 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
15:49:27.0388 1640 FontCache - ok
15:49:27.0513 1640 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:49:27.0529 1640 FontCache3.0.0.0 - ok
15:49:27.0560 1640 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:49:27.0560 1640 FsDepends - ok
15:49:27.0669 1640 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
15:49:27.0669 1640 fssfltr - ok
15:49:27.0981 1640 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:49:28.0013 1640 fsssvc - ok
15:49:28.0278 1640 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
15:49:28.0278 1640 Fs_Rec - ok
15:49:28.0371 1640 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
15:49:28.0387 1640 fvevol - ok
15:49:28.0496 1640 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:49:28.0496 1640 gagp30kx - ok
15:49:28.0590 1640 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:49:28.0590 1640 GEARAspiWDM - ok
15:49:28.0699 1640 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
15:49:28.0715 1640 gpsvc - ok
15:49:29.0011 1640 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:49:29.0027 1640 gupdate - ok
15:49:29.0042 1640 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
15:49:29.0042 1640 gupdatem - ok
15:49:29.0151 1640 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:49:29.0167 1640 gusvc - ok
15:49:29.0261 1640 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:49:29.0261 1640 hcw85cir - ok
15:49:29.0370 1640 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
15:49:29.0370 1640 HdAudAddService - ok
15:49:29.0463 1640 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
15:49:29.0479 1640 HDAudBus - ok
15:49:29.0495 1640 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:49:29.0495 1640 HidBatt - ok
15:49:29.0573 1640 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:49:29.0573 1640 HidBth - ok
15:49:29.0682 1640 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:49:29.0682 1640 HidIr - ok
15:49:29.0697 1640 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
15:49:29.0713 1640 hidserv - ok
15:49:29.0791 1640 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\DRIVERS\hidusb.sys
15:49:29.0791 1640 HidUsb - ok
15:49:29.0822 1640 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
15:49:29.0822 1640 hkmsvc - ok
15:49:29.0916 1640 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
15:49:29.0916 1640 HomeGroupListener - ok
15:49:30.0072 1640 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
15:49:30.0072 1640 HomeGroupProvider - ok
15:49:30.0181 1640 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
15:49:30.0181 1640 HpSAMD - ok
15:49:30.0321 1640 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
15:49:30.0321 1640 HTTP - ok
15:49:30.0399 1640 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
15:49:30.0399 1640 hwpolicy - ok
15:49:30.0509 1640 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
15:49:30.0524 1640 i8042prt - ok
15:49:30.0618 1640 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
15:49:30.0633 1640 iaStorV - ok
15:49:30.0867 1640 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:49:30.0883 1640 idsvc - ok
15:49:31.0179 1640 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120710.001\IDSvix86.sys
15:49:31.0195 1640 IDSVix86 - ok
15:49:31.0382 1640 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:49:31.0382 1640 iirsp - ok
15:49:31.0507 1640 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
15:49:31.0569 1640 IKEEXT - ok
15:49:31.0866 1640 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
15:49:31.0897 1640 IntcAzAudAddService - ok
15:49:32.0131 1640 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
15:49:32.0131 1640 intelide - ok
15:49:32.0225 1640 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:49:32.0225 1640 intelppm - ok
15:49:32.0256 1640 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
15:49:32.0318 1640 IPBusEnum - ok
15:49:32.0334 1640 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:49:32.0334 1640 IpFilterDriver - ok
15:49:32.0443 1640 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
15:49:32.0459 1640 iphlpsvc - ok
15:49:32.0552 1640 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
15:49:32.0552 1640 IPMIDRV - ok
15:49:32.0583 1640 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:49:32.0583 1640 IPNAT - ok
15:49:32.0677 1640 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:49:32.0677 1640 IRENUM - ok
15:49:32.0771 1640 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
15:49:32.0786 1640 isapnp - ok
15:49:32.0880 1640 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
15:49:32.0880 1640 iScsiPrt - ok
15:49:32.0973 1640 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
15:49:32.0973 1640 kbdclass - ok
15:49:33.0020 1640 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
15:49:33.0020 1640 kbdhid - ok
15:49:33.0129 1640 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:49:33.0192 1640 KeyIso - ok
15:49:33.0239 1640 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
15:49:33.0239 1640 KSecDD - ok
15:49:33.0317 1640 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
15:49:33.0317 1640 KSecPkg - ok
15:49:33.0426 1640 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
15:49:33.0441 1640 KtmRm - ok
15:49:33.0551 1640 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
15:49:33.0551 1640 LanmanServer - ok
15:49:33.0629 1640 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
15:49:33.0644 1640 LanmanWorkstation - ok
15:49:33.0769 1640 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:49:33.0769 1640 lltdio - ok
15:49:33.0863 1640 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
15:49:33.0863 1640 lltdsvc - ok
15:49:33.0878 1640 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
15:49:33.0878 1640 lmhosts - ok
15:49:33.0972 1640 LPCFilter (6e3d3816749e107883eec5734ce44493) C:\windows\system32\DRIVERS\LPCFilter.sys
15:49:33.0972 1640 LPCFilter - ok
15:49:34.0065 1640 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:49:34.0065 1640 LSI_FC - ok
15:49:34.0112 1640 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:49:34.0112 1640 LSI_SAS - ok
15:49:34.0175 1640 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:49:34.0175 1640 LSI_SAS2 - ok
15:49:34.0268 1640 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:49:34.0268 1640 LSI_SCSI - ok
15:49:34.0284 1640 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:49:34.0299 1640 luafv - ok
15:49:34.0377 1640 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\windows\system32\Drivers\LUsbFilt.Sys
15:49:34.0377 1640 LUsbFilt - ok
15:49:34.0487 1640 MAUSBMIDI (69bc2b743d723d1923fce50eb68003cb) C:\windows\system32\DRIVERS\MAudioUSBMIDI.sys
15:49:34.0487 1640 MAUSBMIDI - ok
15:49:34.0518 1640 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
15:49:34.0580 1640 Mcx2Svc - ok
15:49:34.0627 1640 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:49:34.0627 1640 megasas - ok
15:49:34.0705 1640 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:49:34.0705 1640 MegaSR - ok
15:49:34.0814 1640 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:49:34.0814 1640 MMCSS - ok
15:49:34.0830 1640 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:49:34.0830 1640 Modem - ok
15:49:34.0939 1640 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:49:34.0939 1640 monitor - ok
15:49:35.0017 1640 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
15:49:35.0017 1640 mouclass - ok
15:49:35.0126 1640 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:49:35.0126 1640 mouhid - ok
15:49:35.0173 1640 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
15:49:35.0173 1640 mountmgr - ok
15:49:35.0251 1640 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
15:49:35.0313 1640 mpio - ok
15:49:35.0345 1640 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:49:35.0345 1640 mpsdrv - ok
15:49:35.0454 1640 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
15:49:35.0469 1640 MpsSvc - ok
15:49:35.0547 1640 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
15:49:35.0547 1640 MRxDAV - ok
15:49:35.0657 1640 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
15:49:35.0657 1640 mrxsmb - ok
15:49:35.0688 1640 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:49:35.0688 1640 mrxsmb10 - ok
15:49:35.0797 1640 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:49:35.0797 1640 mrxsmb20 - ok
15:49:35.0891 1640 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
15:49:35.0891 1640 msahci - ok
15:49:35.0969 1640 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
15:49:35.0984 1640 msdsm - ok
15:49:36.0000 1640 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
15:49:36.0000 1640 MSDTC - ok
15:49:36.0093 1640 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:49:36.0109 1640 Msfs - ok
15:49:36.0125 1640 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:49:36.0125 1640 mshidkmdf - ok
15:49:36.0203 1640 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
15:49:36.0203 1640 msisadrv - ok
15:49:36.0296 1640 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
15:49:36.0312 1640 MSiSCSI - ok
15:49:36.0312 1640 msiserver - ok
15:49:36.0405 1640 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:49:36.0421 1640 MSKSSRV - ok
15:49:36.0515 1640 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:49:36.0515 1640 MSPCLOCK - ok
15:49:36.0593 1640 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:49:36.0593 1640 MSPQM - ok
15:49:36.0624 1640 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:49:36.0639 1640 MsRPC - ok
15:49:36.0717 1640 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
15:49:36.0717 1640 mssmbios - ok
15:49:36.0811 1640 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:49:36.0827 1640 MSTEE - ok
15:49:36.0842 1640 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:49:36.0842 1640 MTConfig - ok
15:49:36.0920 1640 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:49:36.0920 1640 Mup - ok
15:49:37.0139 1640 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
15:49:37.0154 1640 N360 - ok
15:49:37.0263 1640 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
15:49:37.0263 1640 napagent - ok
15:49:37.0435 1640 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:49:37.0451 1640 NativeWifiP - ok
15:49:37.0731 1640 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120711.034\NAVENG.SYS
15:49:37.0747 1640 NAVENG - ok
15:49:37.0981 1640 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120711.034\NAVEX15.SYS
15:49:38.0012 1640 NAVEX15 - ok
15:49:38.0355 1640 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
15:49:38.0355 1640 NDIS - ok
15:49:38.0496 1640 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:49:38.0496 1640 NdisCap - ok
15:49:38.0527 1640 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:49:38.0527 1640 NdisTapi - ok
15:49:38.0636 1640 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
15:49:38.0652 1640 Ndisuio - ok
15:49:38.0730 1640 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
15:49:38.0730 1640 NdisWan - ok
15:49:38.0761 1640 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
15:49:38.0761 1640 NDProxy - ok
15:49:38.0870 1640 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:49:38.0870 1640 NetBIOS - ok
15:49:38.0964 1640 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
15:49:38.0964 1640 NetBT - ok
15:49:39.0042 1640 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:49:39.0042 1640 Netlogon - ok
15:49:39.0167 1640 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
15:49:39.0167 1640 Netman - ok
15:49:39.0198 1640 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
15:49:39.0276 1640 netprofm - ok
15:49:39.0401 1640 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:49:39.0401 1640 NetTcpPortSharing - ok
15:49:39.0572 1640 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:49:39.0572 1640 nfrd960 - ok
15:49:39.0681 1640 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
15:49:39.0681 1640 NlaSvc - ok
15:49:39.0791 1640 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\windows\system32\drivers\NMgamingms.sys
15:49:39.0791 1640 NMgamingmsFltr - ok
15:49:39.0822 1640 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:49:39.0822 1640 Npfs - ok
15:49:39.0915 1640 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
15:49:39.0931 1640 nsi - ok
15:49:39.0993 1640 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:49:39.0993 1640 nsiproxy - ok
15:49:40.0149 1640 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
15:49:40.0212 1640 Ntfs - ok
15:49:40.0508 1640 NuidFltr (37be10ff10a92031fc5a01e8363925cc) C:\windows\system32\DRIVERS\NuidFltr.sys
15:49:40.0508 1640 NuidFltr - ok
15:49:40.0539 1640 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:49:40.0539 1640 Null - ok
15:49:40.0649 1640 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
15:49:40.0649 1640 nvraid - ok
15:49:40.0727 1640 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
15:49:40.0727 1640 nvstor - ok
15:49:40.0758 1640 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
15:49:40.0758 1640 nv_agp - ok
15:49:41.0070 1640 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:49:41.0070 1640 odserv - ok
15:49:41.0163 1640 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
15:49:41.0163 1640 ohci1394 - ok
15:49:41.0273 1640 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:49:41.0273 1640 ose - ok
15:49:41.0382 1640 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:49:41.0382 1640 p2pimsvc - ok
15:49:41.0413 1640 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
15:49:41.0475 1640 p2psvc - ok
15:49:41.0522 1640 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:49:41.0522 1640 Parport - ok
15:49:41.0600 1640 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
15:49:41.0616 1640 partmgr - ok
15:49:41.0631 1640 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:49:41.0631 1640 Parvdm - ok
15:49:41.0725 1640 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
15:49:41.0725 1640 PcaSvc - ok
15:49:41.0819 1640 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
15:49:41.0819 1640 pci - ok
15:49:41.0850 1640 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
15:49:41.0850 1640 pciide - ok
15:49:41.0943 1640 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:49:41.0943 1640 pcmcia - ok
15:49:42.0021 1640 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:49:42.0021 1640 pcw - ok
15:49:42.0068 1640 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:49:42.0131 1640 PEAUTH - ok
15:49:42.0240 1640 pelmouse (e541a80cdffd6077c761b4578efc0450) C:\windows\system32\DRIVERS\pelmouse.sys
15:49:42.0240 1640 pelmouse - ok
15:49:42.0271 1640 pelusblf (6432858a4493e906a7d61b9b17a0672a) C:\windows\system32\DRIVERS\pelusblf.sys
15:49:42.0271 1640 pelusblf - ok
15:49:42.0489 1640 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
15:49:42.0505 1640 pla - ok
15:49:42.0786 1640 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
15:49:42.0786 1640 PlugPlay - ok
15:49:42.0879 1640 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
15:49:42.0879 1640 PNRPAutoReg - ok
15:49:42.0926 1640 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
15:49:42.0926 1640 PNRPsvc - ok
15:49:43.0113 1640 Point32 (7d7a9c17d5455203dea11e5ef886cc59) C:\windows\system32\DRIVERS\point32.sys
15:49:43.0113 1640 Point32 - ok
15:49:43.0223 1640 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
15:49:43.0223 1640 PolicyAgent - ok
15:49:43.0332 1640 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
15:49:43.0332 1640 Power - ok
15:49:43.0441 1640 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:49:43.0441 1640 PptpMiniport - ok
15:49:43.0472 1640 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:49:43.0472 1640 Processor - ok
15:49:43.0644 1640 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
15:49:43.0659 1640 ProfSvc - ok
15:49:43.0691 1640 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:49:43.0691 1640 ProtectedStorage - ok
15:49:43.0800 1640 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:49:43.0800 1640 Psched - ok
15:49:44.0003 1640 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:49:44.0018 1640 ql2300 - ok
15:49:44.0330 1640 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:49:44.0330 1640 ql40xx - ok
15:49:44.0439 1640 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
15:49:44.0439 1640 QWAVE - ok
15:49:44.0471 1640 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:49:44.0471 1640 QWAVEdrv - ok
15:49:44.0549 1640 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:49:44.0549 1640 RasAcd - ok
15:49:44.0673 1640 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:49:44.0673 1640 RasAgileVpn - ok
15:49:44.0689 1640 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
15:49:44.0689 1640 RasAuto - ok
15:49:44.0783 1640 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:49:44.0783 1640 Rasl2tp - ok
15:49:44.0892 1640 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
15:49:44.0907 1640 RasMan - ok
15:49:45.0001 1640 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:49:45.0001 1640 RasPppoe - ok
15:49:45.0095 1640 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:49:45.0095 1640 RasSstp - ok
15:49:45.0126 1640 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
15:49:45.0188 1640 rdbss - ok
15:49:45.0219 1640 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:49:45.0219 1640 rdpbus - ok
15:49:45.0313 1640 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
15:49:45.0329 1640 RDPCDD - ok
15:49:45.0422 1640 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:49:45.0422 1640 RDPENCDD - ok
15:49:45.0453 1640 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:49:45.0453 1640 RDPREFMP - ok
15:49:45.0547 1640 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
15:49:45.0547 1640 RDPWD - ok
15:49:45.0656 1640 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
15:49:45.0656 1640 rdyboost - ok
15:49:45.0734 1640 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
15:49:45.0734 1640 RemoteAccess - ok
15:49:45.0843 1640 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
15:49:45.0843 1640 RemoteRegistry - ok
15:49:45.0937 1640 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
15:49:45.0937 1640 RpcEptMapper - ok
15:49:45.0953 1640 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
15:49:45.0953 1640 RpcLocator - ok
15:49:46.0062 1640 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
15:49:46.0062 1640 RpcSs - ok
15:49:46.0171 1640 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:49:46.0171 1640 rspndr - ok
15:49:46.0343 1640 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
15:49:46.0343 1640 RSUSBSTOR - ok
15:49:46.0452 1640 RTL8167 (26a9d6227d12b9d9da5a81bb9b55d810) C:\windows\system32\DRIVERS\Rt86win7.sys
15:49:46.0452 1640 RTL8167 - ok
15:49:46.0561 1640 RTL8187Se (e48daf453d773a89a44134ce4ba9af44) C:\windows\system32\DRIVERS\RTL8187Se.sys
15:49:46.0561 1640 RTL8187Se - ok
15:49:46.0655 1640 RtsUIR - ok
15:49:46.0686 1640 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:49:46.0686 1640 SamSs - ok
15:49:46.0795 1640 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
15:49:46.0795 1640 sbp2port - ok
15:49:46.0889 1640 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
15:49:46.0889 1640 SCardSvr - ok
15:49:47.0013 1640 SCDEmu (bb68443901ff680c799e8f4a464ece39) C:\windows\system32\drivers\SCDEmu.sys
15:49:47.0013 1640 SCDEmu - ok
15:49:47.0091 1640 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
15:49:47.0107 1640 scfilter - ok
15:49:47.0216 1640 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
15:49:47.0232 1640 Schedule - ok
15:49:47.0310 1640 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
15:49:47.0310 1640 SCPolicySvc - ok
15:49:47.0341 1640 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
15:49:47.0403 1640 SDRSVC - ok
15:49:47.0450 1640 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:49:47.0450 1640 secdrv - ok
15:49:47.0544 1640 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
15:49:47.0544 1640 seclogon - ok
15:49:47.0622 1640 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
15:49:47.0622 1640 SENS - ok
15:49:47.0637 1640 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
15:49:47.0653 1640 SensrSvc - ok
15:49:47.0669 1640 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:49:47.0747 1640 Serenum - ok
15:49:47.0762 1640 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:49:47.0762 1640 Serial - ok
15:49:47.0918 1640 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:49:47.0918 1640 sermouse - ok
15:49:48.0043 1640 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
15:49:48.0043 1640 SessionEnv - ok
15:49:48.0074 1640 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
15:49:48.0074 1640 sffdisk - ok
15:49:48.0168 1640 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
15:49:48.0168 1640 sffp_mmc - ok
15:49:48.0183 1640 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
15:49:48.0183 1640 sffp_sd - ok
15:49:48.0277 1640 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:49:48.0277 1640 sfloppy - ok
15:49:48.0371 1640 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
15:49:48.0371 1640 SharedAccess - ok
15:49:48.0480 1640 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
15:49:48.0480 1640 ShellHWDetection - ok
15:49:48.0589 1640 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
15:49:48.0589 1640 sisagp - ok
15:49:48.0698 1640 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:49:48.0698 1640 SiSRaid2 - ok
15:49:48.0729 1640 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:49:48.0729 1640 SiSRaid4 - ok
15:49:48.0807 1640 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:49:48.0823 1640 Smb - ok
15:49:48.0979 1640 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
15:49:48.0979 1640 SNMPTRAP - ok
15:49:49.0010 1640 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:49:49.0010 1640 spldr - ok
15:49:49.0119 1640 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
15:49:49.0119 1640 Spooler - ok
15:49:49.0338 1640 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
15:49:49.0369 1640 sppsvc - ok
15:49:49.0572 1640 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
15:49:49.0572 1640 sppuinotify - ok
15:49:49.0790 1640 SpyHunter 4 Service (05580ac1c1cd96d04ef74ebd18dc81c3) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
15:49:49.0806 1640 SpyHunter 4 Service - ok
15:49:50.0040 1640 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS
15:49:50.0102 1640 SRTSP - ok
15:49:50.0227 1640 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS
15:49:50.0243 1640 SRTSPX - ok
15:49:50.0336 1640 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
15:49:50.0336 1640 srv - ok
15:49:50.0445 1640 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
15:49:50.0445 1640 srv2 - ok
15:49:50.0477 1640 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
15:49:50.0477 1640 srvnet - ok
15:49:50.0555 1640 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
15:49:50.0570 1640 SSDPSRV - ok
15:49:50.0648 1640 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
15:49:50.0664 1640 SstpSvc - ok
15:49:50.0804 1640 Steam Client Service - ok
15:49:50.0882 1640 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:49:50.0882 1640 stexstor - ok
15:49:51.0069 1640 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
15:49:51.0069 1640 StiSvc - ok
15:49:51.0101 1640 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
15:49:51.0101 1640 swenum - ok
15:49:51.0210 1640 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
15:49:51.0210 1640 swprv - ok
15:49:51.0428 1640 SymDS (56890bf9d9204b93042089d4b45ae671) C:\windows\system32\drivers\N360\0404000.00C\SYMDS.SYS
15:49:51.0428 1640 SymDS - ok
15:49:51.0615 1640 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS
15:49:51.0631 1640 SymEFA - ok
15:49:51.0725 1640 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\windows\system32\Drivers\SYMEVENT.SYS
15:49:51.0725 1640 SymEvent - ok
15:49:51.0834 1640 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\windows\system32\drivers\N360\0404000.00C\Ironx86.SYS
15:49:51.0849 1640 SymIRON - ok
15:49:52.0037 1640 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS
15:49:52.0052 1640 SYMTDIv - ok
15:49:52.0161 1640 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
15:49:52.0161 1640 SynTP - ok
15:49:52.0364 1640 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
15:49:52.0380 1640 SysMain - ok
15:49:52.0458 1640 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
15:49:52.0458 1640 TabletInputService - ok
15:49:52.0567 1640 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
15:49:52.0567 1640 TapiSrv - ok
15:49:52.0598 1640 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
15:49:52.0661 1640 TBS - ok
15:49:52.0879 1640 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
15:49:52.0895 1640 Tcpip - ok
15:49:53.0269 1640 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
15:49:53.0285 1640 TCPIP6 - ok
15:49:53.0565 1640 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
15:49:53.0565 1640 tcpipreg - ok
15:49:53.0737 1640 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
15:49:53.0737 1640 tdcmdpst - ok
15:49:53.0768 1640 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
15:49:53.0768 1640 TDPIPE - ok
15:49:53.0862 1640 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
15:49:53.0862 1640 TDTCP - ok
15:49:53.0893 1640 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
15:49:53.0971 1640 tdx - ok
15:49:54.0002 1640 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
15:49:54.0002 1640 TermDD - ok
15:49:54.0096 1640 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
15:49:54.0111 1640 TermService - ok
15:49:54.0252 1640 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
15:49:54.0252 1640 Themes - ok
15:49:54.0283 1640 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
15:49:54.0283 1640 THREADORDER - ok
15:49:54.0423 1640 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
15:49:54.0423 1640 TMachInfo - ok
15:49:54.0533 1640 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
15:49:54.0548 1640 TODDSrv - ok
15:49:54.0673 1640 TosCoSrv (451b09ba1a0d019ba0b5a27229559d55) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
15:49:54.0673 1640 TosCoSrv - ok
15:49:54.0813 1640 TOSHIBA HDD SSD Alert Service (94ecabe1ba3559214fe6c3ce6c9677eb) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
15:49:54.0813 1640 TOSHIBA HDD SSD Alert Service - ok
15:49:55.0016 1640 TPkd (409a577fd5781c717e55a28717514c58) C:\windows\system32\drivers\TPkd.sys
15:49:55.0016 1640 TPkd - ok
15:49:55.0125 1640 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
15:49:55.0141 1640 TrkWks - ok
15:49:55.0235 1640 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
15:49:55.0250 1640 TrustedInstaller - ok
15:49:55.0266 1640 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
15:49:55.0266 1640 tssecsrv - ok
15:49:55.0375 1640 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
15:49:55.0375 1640 TsUsbFlt - ok
15:49:55.0500 1640 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
15:49:55.0500 1640 tunnel - ok
15:49:55.0593 1640 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
15:49:55.0593 1640 TVALZ - ok
15:49:55.0703 1640 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:49:55.0703 1640 uagp35 - ok
15:49:55.0812 1640 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
15:49:55.0812 1640 udfs - ok
15:49:55.0905 1640 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
15:49:55.0905 1640 UI0Detect - ok
15:49:55.0952 1640 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
15:49:55.0952 1640 uliagpkx - ok
15:49:56.0046 1640 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
15:49:56.0046 1640 umbus - ok
15:49:56.0139 1640 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:49:56.0139 1640 UmPass - ok
15:49:56.0171 1640 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
15:49:56.0249 1640 upnphost - ok
15:49:56.0342 1640 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
15:49:56.0342 1640 USBAAPL - ok
15:49:56.0451 1640 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
15:49:56.0451 1640 usbaudio - ok
15:49:56.0498 1640 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
15:49:56.0498 1640 usbccgp - ok
15:49:56.0561 1640 USBCCID - ok
15:49:56.0592 1640 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
15:49:56.0592 1640 usbcir - ok
15:49:56.0685 1640 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
15:49:56.0685 1640 usbehci - ok
15:49:56.0795 1640 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
15:49:56.0795 1640 usbhub - ok
15:49:57.0044 1640 USBMIDIAudioDevMon (8d557006bb327c29cdd6a01ba49e0e4e) C:\Program Files\M-Audio\USB MIDI Series\AudioDevMon.exe
15:49:57.0075 1640 USBMIDIAudioDevMon - ok
15:49:57.0309 1640 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
15:49:57.0309 1640 usbohci - ok
15:49:57.0403 1640 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:49:57.0419 1640 usbprint - ok
15:49:57.0497 1640 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
15:49:57.0497 1640 usbscan - ok
15:49:57.0528 1640 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:49:57.0528 1640 USBSTOR - ok
15:49:57.0606 1640 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
15:49:57.0621 1640 usbuhci - ok
15:49:57.0653 1640 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
15:49:57.0653 1640 UxSms - ok
15:49:57.0762 1640 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
15:49:57.0762 1640 VaultSvc - ok
15:49:57.0855 1640 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
15:49:57.0855 1640 vdrvroot - ok
15:49:57.0949 1640 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
15:49:57.0965 1640 vds - ok
15:49:58.0043 1640 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:49:58.0058 1640 vga - ok
15:49:58.0074 1640 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:49:58.0089 1640 VgaSave - ok
15:49:58.0183 1640 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
15:49:58.0183 1640 vhdmp - ok
15:49:58.0292 1640 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
15:49:58.0292 1640 viaagp - ok
15:49:58.0370 1640 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:49:58.0386 1640 ViaC7 - ok
15:49:58.0417 1640 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
15:49:58.0417 1640 viaide - ok
15:49:58.0433 1640 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
15:49:58.0433 1640 volmgr - ok
15:49:58.0526 1640 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:49:58.0526 1640 volmgrx - ok
15:49:58.0635 1640 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
15:49:58.0635 1640 volsnap - ok
15:49:58.0729 1640 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:49:58.0745 1640 vsmraid - ok
15:49:58.0885 1640 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
15:49:58.0963 1640 VSS - ok
15:49:58.0979 1640 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:49:58.0979 1640 vwifibus - ok
15:49:59.0057 1640 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:49:59.0057 1640 vwififlt - ok
15:49:59.0103 1640 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
15:49:59.0103 1640 W32Time - ok
15:49:59.0213 1640 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:49:59.0213 1640 WacomPen - ok
15:49:59.0306 1640 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:49:59.0306 1640 WANARP - ok
15:49:59.0322 1640 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
15:49:59.0322 1640 Wanarpv6 - ok
15:49:59.0540 1640 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
15:49:59.0618 1640 WatAdminSvc - ok
15:49:59.0899 1640 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
15:49:59.0930 1640 wbengine - ok
15:50:00.0024 1640 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
15:50:00.0024 1640 WbioSrvc - ok
15:50:00.0133 1640 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
15:50:00.0133 1640 wcncsvc - ok
15:50:00.0211 1640 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
15:50:00.0211 1640 WcsPlugInService - ok
15:50:00.0320 1640 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:50:00.0336 1640 Wd - ok
15:50:00.0367 1640 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:50:00.0429 1640 Wdf01000 - ok
15:50:00.0476 1640 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:50:00.0476 1640 WdiServiceHost - ok
15:50:00.0539 1640 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
15:50:00.0539 1640 WdiSystemHost - ok
15:50:00.0648 1640 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
15:50:00.0663 1640 WebClient - ok
15:50:00.0679 1640 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
15:50:00.0741 1640 Wecsvc - ok
15:50:00.0773 1640 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
15:50:00.0773 1640 wercplsupport - ok
15:50:00.0897 1640 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
15:50:00.0897 1640 WerSvc - ok
15:50:00.0975 1640 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:50:00.0991 1640 WfpLwf - ok
15:50:01.0069 1640 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:50:01.0069 1640 WIMMount - ok
15:50:01.0225 1640 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
15:50:01.0287 1640 WinDefend - ok
15:50:01.0303 1640 WinHttpAutoProxySvc - ok
15:50:01.0412 1640 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
15:50:01.0428 1640 Winmgmt - ok
15:50:01.0553 1640 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
15:50:01.0568 1640 WinRM - ok
15:50:01.0771 1640 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
15:50:01.0771 1640 WinUsb - ok
15:50:01.0911 1640 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
15:50:01.0911 1640 Wlansvc - ok
15:50:02.0114 1640 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:50:02.0114 1640 wlcrasvc - ok
15:50:02.0364 1640 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:50:02.0379 1640 wlidsvc - ok
15:50:02.0645 1640 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
15:50:02.0645 1640 WmiAcpi - ok
15:50:02.0769 1640 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
15:50:02.0769 1640 wmiApSrv - ok
15:50:03.0081 1640 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:50:03.0097 1640 WMPNetworkSvc - ok
15:50:03.0331 1640 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
15:50:03.0331 1640 WPCSvc - ok
15:50:03.0378 1640 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
15:50:03.0378 1640 WPDBusEnum - ok
15:50:03.0487 1640 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:50:03.0487 1640 ws2ifsl - ok
15:50:03.0768 1640 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
15:50:03.0768 1640 wscsvc - ok
15:50:03.0846 1640 WSearch - ok
15:50:04.0080 1640 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
15:50:04.0111 1640 wuauserv - ok
15:50:04.0361 1640 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
15:50:04.0361 1640 WudfPf - ok
15:50:04.0470 1640 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
15:50:04.0470 1640 WUDFRd - ok
15:50:04.0579 1640 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
15:50:04.0579 1640 wudfsvc - ok
15:50:04.0673 1640 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
15:50:04.0688 1640 WwanSvc - ok
15:50:04.0766 1640 XDva379 - ok
15:50:04.0875 1640 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:50:05.0047 1640 \Device\Harddisk0\DR0 - ok
15:50:05.0125 1640 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR2
15:50:05.0936 1640 \Device\Harddisk1\DR2 - ok
15:50:05.0952 1640 Boot (0x1200) (d3d7be52a601234197775f17478fffea) \Device\Harddisk0\DR0\Partition0
15:50:05.0952 1640 \Device\Harddisk0\DR0\Partition0 - ok
15:50:06.0030 1640 Boot (0x1200) (b28bba494f7334087bb261a99b9501f8) \Device\Harddisk1\DR2\Partition0
15:50:06.0030 1640 \Device\Harddisk1\DR2\Partition0 - ok
15:50:06.0030 1640 ============================================================
15:50:06.0030 1640 Scan finished
15:50:06.0030 1640 ============================================================
15:50:06.0045 1400 Detected object count: 0
15:50:06.0045 1400 Actual detected object count: 0
15:50:52.0518 0972 Deinitialize success


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-13 15:51:30
-----------------------------
15:51:30.348 OS Version: Windows 6.1.7601 Service Pack 1
15:51:30.348 Number of processors: 1 586 0x301
15:51:30.348 ComputerName: RYAN-PC UserName: Ryan
15:51:31.580 Initialize success
15:52:23.591 AVAST engine defs: 12071301
15:53:06.460 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
15:53:06.460 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC64G Size: 238475MB BusType: 11
15:53:06.865 Disk 0 MBR read successfully
15:53:06.865 Disk 0 MBR scan
15:53:06.881 Disk 0 Windows VISTA default MBR code
15:53:06.881 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:53:06.912 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228693 MB offset 3074048
15:53:06.990 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8281 MB offset 471437312
15:53:06.990 Disk 0 scanning sectors +488396800
15:53:07.115 Disk 0 scanning C:\windows\system32\drivers
15:53:24.041 Service scanning
15:54:11.652 Modules scanning
15:54:27.720 Disk 0 trace - called modules:
15:54:28.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
15:54:28.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84c4c030]
15:54:28.594 3 CLASSPNP.SYS[8780459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84c3c908]
15:54:29.436 AVAST engine scan C:\windows
15:54:33.383 AVAST engine scan C:\windows\system32
15:58:34.310 AVAST engine scan C:\windows\system32\drivers
15:58:57.211 AVAST engine scan C:\Users\Ryan
16:00:20.063 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
16:00:20.079 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 AM

Posted 13 July 2012 - 05:21 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Ryan11444

Ryan11444
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 13 July 2012 - 08:50 PM

Hello,

The computer seems fine. It is running better, I ran a scan with norton after finishing the last thing you requested and the only thing it came across was tracking cookies which it removed.
There is nothing else wrong that I know of. I'm still not sure if it's safe to restart windows normally or not so I will wait for your next reply.

ComboFix 12-07-13.03 - Ryan 07/13/2012 18:41:09.2.1 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1790.1211 [GMT -5:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\users\Ryan\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))
.
.
2012-07-13 23:48 . 2012-07-13 23:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-13 20:02 . 2012-07-13 23:48 -------- d-----w- c:\users\Ryan\AppData\Local\temp
2012-07-13 01:47 . 2012-07-13 01:47 110080 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconF7A21AF7.exe
2012-07-13 01:47 . 2012-07-13 01:47 110080 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconD7F16134.exe
2012-07-13 01:47 . 2012-07-13 01:47 110080 ----a-r- c:\users\Ryan\AppData\Roaming\Microsoft\Installer\{9E897D0F-F804-41A3-966C-7BB6EB5B6BE8}\IconCF33A0CE.exe
2012-07-13 01:47 . 2012-07-13 01:47 -------- d-----w- C:\sh4ldr
2012-07-13 01:47 . 2012-07-13 01:47 -------- d-----w- c:\program files\Enigma Software Group
2012-07-13 01:47 . 2012-07-13 01:47 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-13 01:47 . 2012-07-13 01:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-07-13 01:39 . 2012-07-13 01:40 -------- d-----w- c:\users\Ryan\AppData\Roaming\GetRightToGo
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\users\Ryan\AppData\Roaming\SpeedyPC Software
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\users\Ryan\AppData\Roaming\DriverCure
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-13 00:48 . 2012-07-13 00:48 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-13 00:05 . 2012-07-13 00:05 -------- d-----w- c:\users\Ryan\AppData\Roaming\Tific
2012-07-12 22:54 . 2012-07-12 22:54 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-12 09:43 . 2012-07-13 01:19 -------- d-----w- c:\users\Ryan\AppData\Local\NPE
2012-07-11 04:43 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 21:45 . 2004-10-22 07:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-07-10 21:45 . 2004-10-22 07:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-07-10 21:45 . 2004-10-22 07:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-07-10 21:45 . 2004-10-22 07:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-07-10 21:45 . 2004-10-22 07:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-07-10 21:45 . 2012-07-10 21:45 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-07-10 21:45 . 2012-07-10 21:45 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-07-10 12:05 . 2012-07-10 12:05 -------- d-----w- c:\windows\DISNEY
2012-07-10 12:04 . 2012-07-13 02:31 -------- d-----w- c:\program files\Disney Interactive
2012-07-10 12:03 . 1998-01-23 17:22 304128 ----a-w- c:\windows\IsUninst.exe
2012-07-02 19:32 . 2012-07-02 19:32 47360 ----a-w- c:\users\Ryan\AppData\Roaming\pcouffin.sys
2012-06-24 01:45 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 01:45 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 01:45 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 01:45 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 01:45 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 01:45 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 01:45 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 01:44 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 01:44 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 19:48 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 19:48 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 19:48 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 19:48 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 19:48 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 19:48 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-14 19:48 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 19:48 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 19:48 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 19:48 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-19 03:57 . 2012-04-19 03:57 113072 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTOSHIBA]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-05 17:43 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-28 04:17 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [x]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120710.001\IDSvix86.sys [x]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [x]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files\M-Audio\USB MIDI Series\AudioDevMon.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 EraserUtilDrv11210;EraserUtilDrv11210;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys [x]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva379;XDva379;c:\windows\system32\XDva379.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 04997824
*NewlyCreated* - ASWMBR
*Deregistered* - 04997824
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 17:21]
.
2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 17:21]
.
2012-07-13 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 22:17]
.
2012-07-13 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-01-30 22:17]
.
2012-07-13 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.youtube.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\25F6765627: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\377716E637F6E60286F6573756: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}\7496E676562772370284F6573756: NameServer = 8.8.8.8,8.8.4.4
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1335841894-2378013945-3772098520-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1335841894-2378013945-3772098520-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1335841894-2378013945-3772098520-1001\Software\SecuROM\License information*]
"datasecu"=hex:07,f6,10,b7,5c,0e,a2,9e,0e,d1,3a,e0,a7,65,db,81,ab,43,bc,f8,42,
fd,e6,35,ed,b3,f6,59,6f,52,62,90,7d,7e,9c,38,15,ad,b3,57,3d,65,f8,23,3a,18,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1252)
c:\windows\system32\NetworkExplorer.dll
c:\windows\System32\ieframe.dll
.
Completion time: 2012-07-13 18:50:20
ComboFix-quarantined-files.txt 2012-07-13 23:50
ComboFix2.txt 2012-07-13 20:09
.
Pre-Run: 109,145,694,208 bytes free
Post-Run: 108,982,734,848 bytes free
.
- - End Of File - - 1073FAF3228D1D6D2FDF805070926B98

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 AM

Posted 13 July 2012 - 09:02 PM

Hello

Yes check things out in normal mode

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 9.1
Java™ 6 Update 14
My Web Search (Smiley Central)
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Ryan11444

Ryan11444
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 13 July 2012 - 10:35 PM

Hello,

Before I did these I checked out windows in normal mode. Norton popped up alerting me of "Trojan.Zeroaccess.B". I restarted in safe mode, and did as you requested. It seems about the same, but I still am not sure if anything is still corrupt.


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.13.11

Windows 7 Service Pack 1 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Ryan :: RYAN-PC [administrator]

7/13/2012 10:12:21 PM
mbam-log-2012-07-13 (22-12-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198313
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 11
HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:14 PM, on 7/13/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Safe mode with network support

Running processes:
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Users\Ryan\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{C39A41CC-48AD-49AC-8367-E967CF616362}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: USB MIDI Series Audio Device Monitor (USBMIDIAudioDevMon) - M-Audio - C:\Program Files\M-Audio\USB MIDI Series\AudioDevMon.exe

--
End of file - 7784 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 AM

Posted 14 July 2012 - 08:44 AM

Greetings

Before I did these I checked out windows in normal mode. Norton popped up alerting me of "Trojan.Zeroaccess.B". I restarted in safe mode, and did as you requested. It seems about the same, but I still am not sure if anything is still corrupt.

I need to know the location that Norton reports them in



These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
      O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60
      O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
      O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
      O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
      O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Ryan11444

Ryan11444
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 14 July 2012 - 12:25 PM

Hello,

Thank you for all you have done! But it seem's as tho the trojan.zeroaccess.b is still in the computer. Here is the scan result's from your last request.
Norton show's "Trojan.Zeroaccess.B" at "c:\windows\installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\u\80000000.@"
Also it show's three more. "Trojan.Gen.2" at "c:\windows\installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\u\000000cb.@"
"Trojan.Gen.2" at "c:\windows\installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\u\80000032.@"
And lastly "Trojan.Gen.2" at "c:\windows\installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\u\00000004.@"
While looking at these Norton popped up saying "Norton has removed (Trojan.Zeroaccess.B.), Your computer is secure"
But in the history it just say's "Quarantined"


C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3DTactl.dll.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTml.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSg.dll.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUtlcn.dll.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Windows\System32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
C:\TDSSKiller_Quarantine\12.07.2012_17.50.30\susp0001\svc0000\tsk0000.dta Win32/Toolbar.MyWebSearch application
C:\Users\Ryan\.frostwire5\updates\frostwire-5.0.8.windows.exe Win32/OpenCandy application
C:\Users\Ryan\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 AM

Posted 14 July 2012 - 01:03 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Ryan11444

Ryan11444
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 14 July 2012 - 01:15 PM

Hello,

Here is the requested information.

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 14-07-2012
Ran by SYSTEM at 14-07-2012 13:12:34
Running from F:\2
Windows 7 Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [476512 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [738616 2009-08-05] (TOSHIBA Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{C39A41CC-48AD-49AC-8367-E967CF616362}: [NameServer]8.8.8.8,8.8.4.4

================================ Services (Whitelisted) ==================

2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [185712 2009-08-10] (TOSHIBA CORPORATION)
2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 N360; "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2010-11-29] (TOSHIBA Corporation)
2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [464224 2009-08-05] (TOSHIBA Corporation)
3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [111960 2009-08-03] (TOSHIBA Corporation)
2 USBMIDIAudioDevMon; "C:\Program Files\M-Audio\USB MIDI Series\AudioDevMon.exe" [1636872 2010-04-13] (M-Audio)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [821920 2012-07-10] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120713.001\IDSvix86.sys [382624 2012-06-18] (Symantec Corporation)
0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.)
3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [170248 2010-04-13] (M-Audio)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120713.035\NAVENG.SYS [87928 2012-07-12] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120713.035\NAVEX15.SYS [1589752 2012-07-12] (Symantec Corporation)
3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [9472 2009-07-24] (Primax Ltd)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [16384 2003-01-10] (Primax Electronics Ltd.)
3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [9216 2003-02-11] (Primax Electronics Ltd.)
3 RTL8187Se; C:\Windows\System32\DRIVERS\RTL8187Se.sys [333824 2008-08-22] (Realtek Semiconductor Corporation )
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [113072 2012-04-18] (Power Software Ltd)
3 SRTSP; C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2009-10-14] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT.SYS [124976 2011-01-24] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation)
0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.)
3 catchme; \??\C:\Users\Ryan\AppData\Local\Temp\catchme.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
3 XDva379; \??\C:\windows\system32\XDva379.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-14 09:03 - 2012-07-14 09:03 - 00004841 ____A C:\Users\Ryan\Desktop\ESET Scan.txt
2012-07-14 07:09 - 2012-07-14 07:09 - 00000000 ____D C:\Users\Ryan\Desktop\backups
2012-07-13 19:30 - 2012-07-13 19:30 - 00007785 ____A C:\Users\Ryan\Desktop\hijackthis.log
2012-07-13 19:28 - 2012-07-13 19:28 - 00388608 ____A (Trend Micro Inc.) C:\Users\Ryan\Desktop\HijackThis.exe
2012-07-13 19:11 - 2012-07-13 19:11 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2012-07-13 19:10 - 2012-07-13 19:10 - 00001042 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 19:10 - 2012-07-13 19:10 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-13 19:10 - 2012-07-13 19:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-13 19:10 - 2012-07-03 10:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-13 19:05 - 2012-07-13 19:05 - 00000940 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-13 19:05 - 2012-07-13 19:05 - 00000000 ____D C:\Program Files\CCleaner
2012-07-13 19:01 - 2012-07-13 19:01 - 00000000 ____D C:\Users\All Users\Sun
2012-07-13 19:01 - 2012-07-13 19:01 - 00000000 ____D C:\Program Files\Common Files\Java
2012-07-13 19:00 - 2012-07-13 19:00 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-13 19:00 - 2012-07-13 19:00 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-13 19:00 - 2012-07-13 19:00 - 00000000 ____D C:\Program Files\Oracle
2012-07-13 19:00 - 2012-07-05 19:06 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-13 19:00 - 2012-07-05 19:06 - 00687544 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-13 19:00 - 2012-07-05 19:06 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-13 18:59 - 2012-07-13 18:59 - 00000000 ____D C:\Users\All Users\McAfee
2012-07-13 18:38 - 2012-07-13 18:38 - 00001197 ____A C:\Users\Ryan\Desktop\Revo Uninstaller.lnk
2012-07-13 18:38 - 2012-07-13 18:38 - 00000000 ____D C:\Program Files\VS Revo Group
2012-07-13 15:50 - 2012-07-13 15:50 - 00015007 ____A C:\ComboFix.txt
2012-07-13 11:53 - 2012-07-13 15:50 - 00000000 ____D C:\Qoobox
2012-07-13 11:53 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-13 11:53 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-13 11:53 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-13 11:53 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-13 11:53 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-13 11:53 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-13 11:53 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-13 11:53 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-13 11:52 - 2012-07-13 12:08 - 00000000 ____D C:\Windows\erdnt
2012-07-12 18:51 - 2012-07-13 18:27 - 00000000 ____D C:\Users\Ryan\Desktop\Fighting Virus
2012-07-12 18:50 - 2012-07-12 18:50 - 00000000 ____A C:\Users\Ryan\defogger_reenable
2012-07-12 17:47 - 2012-07-13 18:54 - 00000000 ____D C:\Windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-07-12 17:47 - 2012-07-13 18:54 - 00000000 ____D C:\sh4ldr
2012-07-12 17:47 - 2012-07-12 17:47 - 00000000 ____D C:\Program Files\Enigma Software Group
2012-07-12 17:47 - 2012-07-12 17:47 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2012-07-12 17:39 - 2012-07-12 17:40 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\GetRightToGo
2012-07-12 16:48 - 2012-07-13 18:54 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-12 16:48 - 2012-07-12 16:48 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\SpeedyPC Software
2012-07-12 16:48 - 2012-07-12 16:48 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\DriverCure
2012-07-12 16:05 - 2012-07-12 16:05 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Tific
2012-07-12 14:54 - 2012-07-12 14:54 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-12 14:02 - 2012-07-12 15:14 - 00000046 ___RH C:\Users\Ryan\Desktop\stinger.opt
2012-07-12 01:43 - 2012-07-12 17:19 - 00000000 ____D C:\Users\Ryan\AppData\Local\NPE
2012-07-10 21:09 - 2012-07-10 21:09 - 39297114 ____A C:\Users\Ryan\Desktop\Novi Novak - Chicago 2.wav
2012-07-10 20:43 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 15:44 - 2012-07-10 15:44 - 00001156 ____A C:\Users\Ryan\Desktop\San Andreas Multiplayer.lnk
2012-07-10 14:44 - 2012-07-10 21:13 - 00000000 ____D C:\Users\Ryan\Documents\GTA San Andreas User Files
2012-07-10 13:46 - 2012-07-10 13:46 - 00001860 ____A C:\Users\Public\Desktop\GTA San Andreas.lnk
2012-07-10 13:31 - 2012-07-10 13:36 - 00000000 ____D C:\Users\Ryan\Desktop\GTA SA
2012-07-10 04:05 - 2012-07-10 04:05 - 00000000 ____D C:\Windows\DISNEY
2012-07-10 04:03 - 2012-07-13 18:48 - 00000801 ____A C:\Windows\disney.ini
2012-07-10 04:03 - 1998-01-23 09:22 - 00304128 ____A (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2012-07-08 20:47 - 2012-07-08 20:48 - 62437845 ____A C:\Users\Ryan\Desktop\Dizzy Wright - Can't Trust Em - YouTube.mp4
2012-07-07 15:05 - 2012-07-07 21:51 - 149872965 ____A C:\Users\Ryan\Desktop\Urban Radio Ep1 (June 12, 2012).wmv
2012-07-07 13:48 - 2012-07-07 13:48 - 00299168 ____A C:\Users\Ryan\Desktop\Childish Gambino - Unnecessary ft Schoolboy Q & Ab-Soul (Royalty) - YouTube.mp4.sfk
2012-07-07 13:42 - 2012-07-07 13:42 - 06903475 ____A C:\Users\Ryan\Desktop\Childish Gambino - Unnecessary ft Schoolboy Q & Ab-Soul (Royalty) - YouTube.mp4
2012-07-07 12:49 - 2012-07-07 13:13 - 00220456 ____A C:\Users\Ryan\Desktop\Wiz Khalifa- The Grinder.mp3.sfk
2012-07-07 12:29 - 2012-07-07 12:42 - 00452336 ____A C:\Users\Ryan\Desktop\BoxCuttaz Music Group - Genius - 09 Light One (Prod. Dex Davis).mp3.sfk
2012-07-07 12:05 - 2012-07-07 12:16 - 00406960 ____A C:\Users\Ryan\Desktop\13 - ASAP Rocky-Leaf Feat Main Attrakionz.mp3.sfk
2012-07-07 12:04 - 2012-07-07 12:16 - 00237240 ____A C:\Users\Ryan\Desktop\Johnny Trouts - Ready or Not.mp3.sfk
2012-07-07 02:58 - 2012-07-07 03:00 - 00424504 ____A C:\Users\Ryan\Desktop\Eminem, D12 & Obie Trice Doe Ray Me.mp3.sfk
2012-07-07 02:56 - 2012-07-07 03:00 - 00297824 ____A C:\Users\Ryan\Desktop\Alyssa Marie - Passin' Me By.mp3.sfk
2012-07-07 02:46 - 2012-07-07 02:51 - 00351968 ____A C:\Users\Ryan\Desktop\Novi Novak - Everybody Know Me.mp3.sfk
2012-07-03 11:56 - 2012-07-04 02:01 - 262832431 ____A C:\Users\Ryan\Desktop\Urban Radio Ep1 (June 5, 2012).wmv
2012-07-02 11:43 - 2012-07-02 11:43 - 00000000 ____D C:\Users\Ryan\Documents\Xilisoft
2012-07-02 11:38 - 2012-07-02 11:38 - 00000000 ____D C:\Users\Ryan\AppData\Local\{4848F142-1526-45DF-BD93-D02E5D194E21}
2012-07-02 11:32 - 2012-07-02 11:32 - 00047360 ____A (VSO Software) C:\Users\Ryan\AppData\Roaming\pcouffin.sys
2012-07-02 11:32 - 2012-07-02 11:32 - 00007887 ____A C:\Users\Ryan\AppData\Roaming\pcouffin.cat
2012-07-02 11:32 - 2012-07-02 11:32 - 00000055 ____A C:\Users\Ryan\AppData\Roaming\pcouffin.log
2012-07-02 00:30 - 2012-07-02 00:31 - 00001849 ____A C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
2012-06-23 17:45 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 17:45 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-23 17:45 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 17:45 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 17:45 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-23 17:45 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 17:45 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-23 17:44 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-23 17:44 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 10:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-18 10:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-18 10:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-18 10:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-18 10:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-18 10:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-18 10:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-18 10:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-18 10:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-18 10:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-18 10:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-18 10:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-18 10:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-18 10:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 11:48 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 11:48 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 11:48 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 11:48 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 11:48 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 11:48 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 11:48 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 11:48 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 11:48 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 11:48 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll


============ 3 Months Modified Files ========================

2012-07-14 09:23 - 2010-07-20 10:35 - 01850134 ____A C:\Windows\WindowsUpdate.log
2012-07-14 09:20 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-14 09:20 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-14 09:16 - 2009-08-27 20:12 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-14 09:11 - 2010-12-25 09:21 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-14 09:08 - 2010-12-25 09:21 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-14 09:08 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-14 09:08 - 2009-07-13 20:39 - 00086294 ____A C:\Windows\setupact.log
2012-07-14 09:03 - 2012-07-14 09:03 - 00004841 ____A C:\Users\Ryan\Desktop\ESET Scan.txt
2012-07-13 19:30 - 2012-07-13 19:30 - 00007785 ____A C:\Users\Ryan\Desktop\hijackthis.log
2012-07-13 19:28 - 2012-07-13 19:28 - 00388608 ____A (Trend Micro Inc.) C:\Users\Ryan\Desktop\HijackThis.exe
2012-07-13 19:19 - 2009-08-27 20:23 - 00387826 ____A C:\Windows\PFRO.log
2012-07-13 19:10 - 2012-07-13 19:10 - 00001042 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-13 19:05 - 2012-07-13 19:05 - 00000940 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-07-13 19:00 - 2012-07-13 19:00 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-13 19:00 - 2012-07-13 19:00 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-13 18:48 - 2012-07-10 04:03 - 00000801 ____A C:\Windows\disney.ini
2012-07-13 18:38 - 2012-07-13 18:38 - 00001197 ____A C:\Users\Ryan\Desktop\Revo Uninstaller.lnk
2012-07-13 15:50 - 2012-07-13 15:50 - 00015007 ____A C:\ComboFix.txt
2012-07-13 15:48 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-07-13 12:03 - 2009-07-13 18:03 - 45088768 ____A C:\Windows\System32\config\software.bak
2012-07-13 12:03 - 2009-07-13 18:03 - 17039360 ____A C:\Windows\System32\config\system.bak
2012-07-13 12:03 - 2009-07-13 18:03 - 00524288 ____A C:\Windows\System32\config\default.bak
2012-07-13 12:03 - 2009-07-13 18:03 - 00262144 ____A C:\Windows\System32\config\security.bak
2012-07-13 12:03 - 2009-07-13 18:03 - 00262144 ____A C:\Windows\System32\config\sam.bak
2012-07-12 18:50 - 2012-07-12 18:50 - 00000000 ____A C:\Users\Ryan\defogger_reenable
2012-07-12 15:14 - 2012-07-12 14:02 - 00000046 ___RH C:\Users\Ryan\Desktop\stinger.opt
2012-07-10 21:09 - 2012-07-10 21:09 - 39297114 ____A C:\Users\Ryan\Desktop\Novi Novak - Chicago 2.wav
2012-07-10 15:44 - 2012-07-10 15:44 - 00001156 ____A C:\Users\Ryan\Desktop\San Andreas Multiplayer.lnk
2012-07-10 13:46 - 2012-07-10 13:46 - 00001860 ____A C:\Users\Public\Desktop\GTA San Andreas.lnk
2012-07-08 20:48 - 2012-07-08 20:47 - 62437845 ____A C:\Users\Ryan\Desktop\Dizzy Wright - Can't Trust Em - YouTube.mp4
2012-07-07 21:51 - 2012-07-07 15:05 - 149872965 ____A C:\Users\Ryan\Desktop\Urban Radio Ep1 (June 12, 2012).wmv
2012-07-07 13:48 - 2012-07-07 13:48 - 00299168 ____A C:\Users\Ryan\Desktop\Childish Gambino - Unnecessary ft Schoolboy Q & Ab-Soul (Royalty) - YouTube.mp4.sfk
2012-07-07 13:42 - 2012-07-07 13:42 - 06903475 ____A C:\Users\Ryan\Desktop\Childish Gambino - Unnecessary ft Schoolboy Q & Ab-Soul (Royalty) - YouTube.mp4
2012-07-07 13:13 - 2012-07-07 12:49 - 00220456 ____A C:\Users\Ryan\Desktop\Wiz Khalifa- The Grinder.mp3.sfk
2012-07-07 12:42 - 2012-07-07 12:29 - 00452336 ____A C:\Users\Ryan\Desktop\BoxCuttaz Music Group - Genius - 09 Light One (Prod. Dex Davis).mp3.sfk
2012-07-07 12:16 - 2012-07-07 12:05 - 00406960 ____A C:\Users\Ryan\Desktop\13 - ASAP Rocky-Leaf Feat Main Attrakionz.mp3.sfk
2012-07-07 12:16 - 2012-07-07 12:04 - 00237240 ____A C:\Users\Ryan\Desktop\Johnny Trouts - Ready or Not.mp3.sfk
2012-07-07 03:00 - 2012-07-07 02:58 - 00424504 ____A C:\Users\Ryan\Desktop\Eminem, D12 & Obie Trice Doe Ray Me.mp3.sfk
2012-07-07 03:00 - 2012-07-07 02:56 - 00297824 ____A C:\Users\Ryan\Desktop\Alyssa Marie - Passin' Me By.mp3.sfk
2012-07-07 02:51 - 2012-07-07 02:46 - 00351968 ____A C:\Users\Ryan\Desktop\Novi Novak - Everybody Know Me.mp3.sfk
2012-07-05 19:06 - 2012-07-13 19:00 - 00772544 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-05 19:06 - 2012-07-13 19:00 - 00687544 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-05 19:06 - 2012-07-13 19:00 - 00227760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-04 02:01 - 2012-07-03 11:56 - 262832431 ____A C:\Users\Ryan\Desktop\Urban Radio Ep1 (June 5, 2012).wmv
2012-07-03 10:46 - 2012-07-13 19:10 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 11:32 - 2012-07-02 11:32 - 00047360 ____A (VSO Software) C:\Users\Ryan\AppData\Roaming\pcouffin.sys
2012-07-02 11:32 - 2012-07-02 11:32 - 00007887 ____A C:\Users\Ryan\AppData\Roaming\pcouffin.cat
2012-07-02 11:32 - 2012-07-02 11:32 - 00000055 ____A C:\Users\Ryan\AppData\Roaming\pcouffin.log
2012-07-02 00:31 - 2012-07-02 00:30 - 00001849 ____A C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
2012-06-25 09:55 - 2009-07-13 20:33 - 03761784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-18 10:14 - 2010-12-31 15:44 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-23 17:45 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 17:45 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 17:45 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 17:45 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 17:45 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-23 17:45 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-23 17:45 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-23 17:44 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:12 - 2012-06-23 17:44 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 15:11 - 2012-06-18 10:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-18 10:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-18 10:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-18 10:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-18 10:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-18 10:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-18 10:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-18 10:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-18 10:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-18 10:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-18 10:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-18 10:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-18 10:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-18 10:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-14 17:05 - 2012-06-14 11:48 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-30 20:44 - 2012-06-14 11:48 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 18:08 - 2012-04-29 18:08 - 00000940 ____A C:\Users\Public\Desktop\PowerISO.lnk
2012-04-27 19:17 - 2012-06-14 11:48 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-14 11:48 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-14 11:48 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-14 11:48 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-14 11:48 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-14 11:48 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 11:48 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-18 19:57 - 2012-04-18 19:57 - 00113072 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys


ZeroAccess:
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\L
C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}\L\1afb2d56

ZeroAccess:
C:\Users\Ryan\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}
C:\Users\Ryan\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\@
C:\Users\Ryan\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\L
C:\Users\Ryan\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\n
C:\Users\Ryan\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 1790.42 MB
Available physical RAM: 1413.96 MB
Total Pagefile: 1790.42 MB
Available Pagefile: 1414.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.55 MB

======================= Partitions =========================

1 Drive c: (TI105866W0A) (Fixed) (Total:223.33 GB) (Free:101.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (KINGSTON) (Removable) (Total:1.86 GB) (Free:1.82 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 1906 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 223 GB 1501 MB
Partition 3 Primary 8 GB 224 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105866W0A NTFS Partition 223 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1905 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 1905 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-08 01:43

======================= End Of Log ==========================

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:44 AM

Posted 14 July 2012 - 02:37 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9}
C:\Users\Ryan\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Ryan11444

Ryan11444
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:44 AM

Posted 14 July 2012 - 03:09 PM

Hello,

I have done what you requested, and restarted in normal mode. Norton has not popped up with the trojan alerts, and I checked under "unresolved risks" and it is clear.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012
Ran by SYSTEM at 2012-07-14 14:59:26 Run:1
Running from F:\2

==============================================

C:\Windows\Installer\{5f39f308-db65-0458-aa60-040a08dbd9c9} moved successfully.
C:\Users\Ryan\AppData\Local\{5f39f308-db65-0458-aa60-040a08dbd9c9} moved successfully.

==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users