Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yes, another Sirefef/Zeroaccess complaint


  • This topic is locked This topic is locked
16 replies to this topic

#1 zqqz

zqqz

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 19 July 2012 - 05:29 PM

Hi-

This morning I woke up and turned on my puny Windows 7 netbook which I need to replace, only to discover - you guessed it - Chrome unable to access any Google pages due to a "weak signature algorithm" warning, plus random popups in my Chrome browsing. I have not downloaded anything suspicious or been anywhere unusual, but I did update my Adobe and Java in the last several days.

I ran MBAM (free version) in safe mode and it discovered four files, which I foolishly did not check or log. I simply had them taken care of, as in the recent past MBAM has been all I needed. However, upon reboot, I found the same problems on my system. I tried TDSSKiller - it found nothing, either in Safe or out, while running as an administrator.

I tried Hijackthis, got this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:56:23 PM, on 7/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\jasho\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\jasho\Downloads\tdsskiller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskmgr.exe
C:\Users\jasho\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/Toshiba/en-us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/Toshiba/en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\jasho\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [googletalk] C:\Users\jasho\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O4 - Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 10893 bytes


I also downloaded and ran ASWMBR. The first time I ran it, in regular mode, it discovered what I believe to be the Zeroaccess rootkit (labeled SIREFEF) somehow connected to my DESKTOP.INI file. Shortly after detecting it, the netbook BSOD'ed and rebooted. I ran it in Safe Mode, and this time ASWMBR completed its scan. The log is as follows:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-19 17:14:37
-----------------------------
17:14:37.037 OS Version: Windows 6.1.7601 Service Pack 1
17:14:37.037 Number of processors: 2 586 0x1C0A
17:14:37.037 ComputerName: JASHO-PC UserName: jasho
17:14:38.972 Initialize success
17:15:00.156 AVAST engine defs: 12071901
17:16:01.090 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:16:01.106 Disk 0 Vendor: TOSHIBA_ GH01 Size: 238475MB BusType: 3
17:16:01.137 Disk 0 MBR read successfully
17:16:01.137 Disk 0 MBR scan
17:16:01.153 Disk 0 Windows VISTA default MBR code
17:16:01.184 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:16:01.199 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 229004 MB offset 3074048
17:16:01.231 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7970 MB offset 472074240
17:16:01.277 Disk 0 scanning sectors +488396800
17:16:01.402 Disk 0 scanning C:\windows\system32\drivers
17:16:19.919 Service scanning
17:17:13.116 Modules scanning
17:17:26.204 Disk 0 trace - called modules:
17:17:26.251 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
17:17:26.266 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85260030]
17:17:26.298 3 CLASSPNP.SYS[86b9b59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x83ba1028]
17:17:27.062 AVAST engine scan C:\windows
17:17:30.978 AVAST engine scan C:\windows\system32
17:21:52.699 File: C:\windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:23:48.623 AVAST engine scan C:\windows\system32\drivers
17:24:09.465 AVAST engine scan C:\Users\jasho
17:36:18.969 File: C:\Users\jasho\AppData\Local\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\n **INFECTED** Win32:Sirefef-PL [Rtk]
17:43:43.086 AVAST engine scan C:\ProgramData
17:47:29.848 Scan finished successfully
17:47:54.496 Disk 0 MBR has been saved successfully to "C:\Users\jasho\Documents\MBR.dat"
17:47:54.512 The log file has been saved successfully to "C:\Users\jasho\Documents\aswMBR1.txt"


It only gave me the option to "FixMBR" after the scan. Upon reviewing what that required, I got gunshy and decided to bite the bullet and come here before proceeding forward.

I'm running Firefox fine with no perceived issues (EDIT: An hour after this was posted, Firefox began getting the random popups as well, but it's not Chrome. I haven't really checked IE, which I never use. I've since uninstalled Chrome, but I'm waiting to figure out my next move. I haven't run ESET yet. I'm relatively comp-illiterate, barely know what these new programs are, let alone ComboFix, or how to check a lot of stuff properly. I've backed up the files I want and am thisclose to buying a new computer, probably a Macbook, now that I don't need this slow old netbook anymore. But even if I do that, I want this cleaned; I can't stand for this rootkit, especially since I haven't had a real virus problem in some years. Help me, BleepingComputer, you're my only hope!

Edited by zqqz, 19 July 2012 - 06:17 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 23 July 2012 - 12:13 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 zqqz

zqqz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 23 July 2012 - 12:13 PM

Posting these fast before this thing crashes again, will update with info.

EDIT: Okay, this was the first time I've used the netbook in days. I've migrated to my new Mac which I'd been planning to get (rootkit sped the process along) but I still want the netbook cleaned. Firefox is pretty bogged down with the same thing that hit Chrome now, and I've been disabling the netbook's wifi every time I turn it on and off. It BSOD'ed on me again while I was compiling these logs, probably because I was running both at once, fearing what it might do. I ran them one at a time upon restart with no trouble.

It's true I did not have any active security programs running on the Netbook, as indicated below. It was a very simple machine and I'd always been able to take care of anything with MBAM on past machines; I hadn't had a real virus in years and I was tired of paying for Webroot, so I got lazy. My fault. The firewall should still be up, though I didn't check today. The most I had was MBAM (free version) and Spybot.

SecurityCheck:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be

accurate!

Norton Internet Security Netbook Edition
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader X (10.1.3)
Mozilla Firefox 13.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 13% Defragment your hard drive soon!


````````````````````End of Log``````````````````````

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by jasho at 9:57:03 on 2012-07-23
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.233 [GMT -7:00]
.
AV: Norton Internet Security Netbook Edition *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security Netbook Edition *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security Netbook Edition *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Giraffic\Veoh_Giraffic.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Windows\System32\WerFault.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.5.0.127\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.5.0.127\coIEPlg.dll
uRun: [Google Update] "c:\users\jasho\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\jasho\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\jasho\appdata\roaming\micros~1\windows\startm~1\programs\startup\bestbu~1.lnk - c:\program files\best buy software installer\Best Buy Software Installer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8425A552-E53F-49E8-A27C-D2CE3F698EA7} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8425A552-E53F-49E8-A27C-D2CE3F698EA7}\142796F6E60234166656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8425A552-E53F-49E8-A27C-D2CE3F698EA7}\14478656E6370274164756 : DhcpNameServer = 195.170.0.1 195.170.2.2 8.8.8.8
TCP: Interfaces\{8425A552-E53F-49E8-A27C-D2CE3F698EA7}\3595020516E6F62716D616 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8425A552-E53F-49E8-A27C-D2CE3F698EA7}\A59647F6022756374716572716E647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{DAB243F8-BC0F-49E5-99C0-52B863E495A2} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jasho\appdata\roaming\mozilla\firefox\profiles\umx5hdbx.default\
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jasho\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\jasho\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jasho\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.5.0.127\ccSvcHst.exe [2010-6-29 126392]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-6-29 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-29 277536]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-6-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-13 113120]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-29 189984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-7 52224]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
.
=============== Created Last 30 ================
.
2012-07-19 23:01:53 -------- d-----w- c:\program files\ESET
2012-07-19 21:06:22 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-19 21:06:22 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-19 20:17:14 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-17 20:13:06 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6e47983e-48e1-43de-8929-4dc5fdaf77f4}\mpengine.dll
2012-07-12 10:05:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:17:55 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 03:17:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 03:17:51 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-12 03:17:39 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-12 03:17:38 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 03:17:36 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 03:17:35 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 03:17:32 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 03:16:46 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-12 03:16:45 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-12 03:16:44 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2012-07-12 03:16:43 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2012-07-12 03:16:42 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2012-07-12 03:16:41 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
2012-07-12 03:16:39 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2012-07-05 09:14:14 -------- d-----w- c:\users\jasho\appdata\local\Macromedia
2012-06-25 23:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
==================== Find3M ====================
.
2012-07-19 09:39:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-19 09:39:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 10:56:26 1099264 ----a-w- c:\windows\system32\ac3filter.acm
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
============= FINISH: 9:59:33.94 ===============

Attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume1
Install Date: 9/12/2010 7:27:40 PM
System Uptime: 7/23/2012 9:54:00 AM (0 hours ago)
.
Motherboard: TOSHIBA | | PAV10 DDR2
Processor: Intel® Atom™ CPU N455 @ 1.66GHz | U2E1 | 1667/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 122.897 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&30A18522&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&30A18522&0&01
Service: vwifimp
.
==== System Restore Points ===================
.
RP252: 6/19/2012 9:12:42 AM - Windows Update
RP253: 6/21/2012 11:49:56 AM - Windows Update
RP254: 6/22/2012 10:23:59 AM - Windows Update
RP255: 6/26/2012 2:28:02 PM - Windows Update
RP256: 7/3/2012 4:19:56 PM - Windows Update
RP257: 7/11/2012 8:02:04 PM - Windows Update
RP258: 7/12/2012 3:02:31 AM - Windows Update
RP259: 7/17/2012 1:11:36 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
7-Zip 4.65
AC3Filter 2_3a
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Best Buy Software Installer
Boingo Wi-Fi
Comical 0.8
Compatibility Pack for the 2007 Office system
D3DX10
DivX Setup
DivX Web Player
Dr. Who - Adventures 1 and 2
ESET Online Scanner v3
FBReader for Windows
Final Draft
FoxTab Video Converter
Google Talk (remove only)
Google Talk Plugin
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mIRC
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Norton Internet Security
Norton Security Scan
OGA Notifier 2.0.0048.0
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.9
Synaptics Pointing Device Driver
TOSHIBA Application and Driver Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
VC80CRTRedist - 8.0.50727.4053
Veoh Giraffic Video Accelerator
Veoh Web Player
VLC media player 1.1.7
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
7/23/2012 9:55:21 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/23/2012 9:55:21 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/23/2012 9:55:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
7/23/2012 9:54:54 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/23/2012 9:54:51 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/23/2012 9:54:50 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/23/2012 9:54:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0xbf6a0038, 0x000000ff, 0x00000000, 0xb69cca34). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 072312-40373-01.
7/21/2012 4:44:23 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
7/21/2012 4:35:43 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/21/2012 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/21/2012 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/21/2012 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/21/2012 4:34:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/21/2012 4:34:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/21/2012 4:34:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/21/2012 4:34:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX tdx vwififlt Wanarpv6 WfpLwf
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/21/2012 4:34:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/19/2012 5:09:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/19/2012 5:09:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/19/2012 5:06:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x81d3c795, 0xb18bf44c, 0x00000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 071912-42167-01.
7/18/2012 3:19:31 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
7/17/2012 7:06:28 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{8425A552-E53F-49E8-A27C-D2CE3F698EA7} because another computer on the network has the same name. The server could not start.
7/17/2012 7:05:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
7/17/2012 1:49:46 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================

Edited by zqqz, 23 July 2012 - 12:24 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 23 July 2012 - 12:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a register key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 zqqz

zqqz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 23 July 2012 - 10:21 PM

Okay, so I dled Combofix and ran it. There were a few false starts where the Combofix utility seemed to be unpacking its stuff (and had a problem unpacking its iexplore.exe), and then nothing happened, so I ran it a few times before it rebooted the computer automatically and began working, but then it detected a Norton Security suite I didn't know was operational, and I disabled that. (Windows Defender was also apparently present on the computer, but I couldn't find it anywhere or how to disable it, and Combofix never detected or complained about it.) After disabling Norton I ran Combofix again, it worked fine (including unpacking the iexplore.exe this time), rebooted, then gave me my log file.

I haven't noticed any problems yet, but I haven't really looked around. I did notice before Combofix that my Windows Firewall had somehow been turned off; now it is operational again. Firefox is running a bit slow, but that's probably just due to this being an uber-cheap Netbook, my not having used Firefox on it in ages, and I think my memory is still pretty full. (It also sped up a bit once it got used to browsing, which is typical of this Netbook)

No popups or redirects yet. One thing that perturbs me - when I first tried the Google search bar in Firefox again, there was a brief pause, the Firefox tab header showed "Google Accounts" up top for a moment, I saw what looked like Russian words on the screen for a moment where a "loading" text might usually be for a Google account, and then I got my search results. I am not currently signed into an account on this Netbook, though I believe I was before the virus attack. I hope it was just a residual effect of the browser resetting or something after being overtaken by a Russian (I think?) rootkit. :P


Here's the log:

ComboFix 12-07-24.01 - jasho 07/23/2012 19:43:09.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.234 [GMT -7:00]
Running from: c:\users\jasho\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jasho\AppData\Roaming\mIRC\logs\status.log
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\@
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\L\00000004.@
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\L\1afb2d56
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\L\201d3dde
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\00000004.@
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\00000008.@
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\000000cb.@
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\80000000.@
c:\windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\80000032.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy7_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_{79007602-0CDB-4405-9DBF-1257BB3226EE}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))
.
.
2012-07-24 03:01 . 2012-07-24 03:04 -------- d-----w- c:\users\jasho\AppData\Local\temp
2012-07-24 03:01 . 2012-07-24 03:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 02:53 . 2012-07-24 02:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E47983E-48E1-43DE-8929-4DC5FDAF77F4}\offreg.dll
2012-07-19 23:01 . 2012-07-19 23:01 -------- d-----w- c:\program files\ESET
2012-07-19 21:06 . 2012-07-19 21:06 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-19 21:06 . 2012-07-19 21:06 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-19 20:17 . 2012-07-19 20:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-17 20:13 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E47983E-48E1-43DE-8929-4DC5FDAF77F4}\mpengine.dll
2012-07-12 10:05 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:17 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 03:17 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 03:17 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-12 03:17 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-12 03:17 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 03:17 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 03:17 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 03:17 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 03:16 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 03:16 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-12 03:16 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-12 03:16 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-12 03:16 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-12 03:16 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-12 03:16 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-05 09:14 . 2012-07-05 09:14 -------- d-----w- c:\users\jasho\AppData\Local\Macromedia
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 09:39 . 2012-04-01 00:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-19 09:39 . 2011-05-15 03:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2010-09-13 03:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 18:51 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 18:52 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:52 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:52 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 18:52 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 18:52 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 18:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 18:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-09-13 02:40 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 10:56 . 2011-02-15 12:14 1099264 ----a-w- c:\windows\system32\ac3filter.acm
2012-05-01 04:44 . 2012-06-14 03:51 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-14 03:51 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-14 03:51 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 03:51 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 03:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-19 21:06 . 2012-02-27 12:10 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\jasho\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-01-02 4692296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-24 2429]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\jasho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:39]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860772402-837991961-1244450927-1000Core.job
- c:\users\jasho\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-19 20:51]
.
2012-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860772402-837991961-1244450927-1000UA.job
- c:\users\jasho\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-19 20:51]
.
2012-07-19 c:\windows\Tasks\Norton Security Scan for jasho.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-21 08:51]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\jasho\AppData\Roaming\Mozilla\Firefox\Profiles\umx5hdbx.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-FoxTab Video Converter - d:\uninstall\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-860772402-837991961-1244450927-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-860772402-837991961-1244450927-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*n*i*‘Óp\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-860772402-837991961-1244450927-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-860772402-837991961-1244450927-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,f2,58,c7,c8,46,5c,52,18,74,5e,15,05,cc,24,56,6e,39,c1,50,41,
f7,dc,74,71,e0,54,89,55,58,69,12,86,10,fe,84,15,8b,40,3c,e8,1d,c6,eb,dd,5a,\
"rkeysecu"=hex:08,52,37,ea,98,68,e0,74,ae,4a,09,c1,ad,df,d8,f4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Giraffic\Veoh_Giraffic.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxext.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
.
**************************************************************************
.
Completion time: 2012-07-23 20:12:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-24 03:12
.
Pre-Run: 135,728,701,440 bytes free
Post-Run: 136,235,515,904 bytes free
.
- - End Of File - - 3BF11E245A3E119B375891E8F228E9A3

Edited by zqqz, 23 July 2012 - 10:32 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 24 July 2012 - 06:25 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 zqqz

zqqz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 24 July 2012 - 10:19 PM

Hey gringo,

So I ran them again. It looks clean, but I will note that before I came here for help, I ran TDSSKiller then as well and it showed up clean when the computer was crawling with the rootkit. Also, when I ran it this time it prompted me to update from version 46 (which I DLed last week) to 48; when I clicked the prompt, though, nothing happened despite multiple tries, so I just ran 46 instead.

Anyway, here's the TDSSKiller log:

19:46:36.0007 2356 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
19:46:44.0431 2356 ============================================================
19:46:44.0431 2356 Current date / time: 2012/07/24 19:46:44.0431
19:46:44.0431 2356 SystemInfo:
19:46:44.0431 2356
19:46:44.0431 2356 OS Version: 6.1.7601 ServicePack: 1.0
19:46:44.0431 2356 Product type: Workstation
19:46:44.0431 2356 ComputerName: JASHO-PC
19:46:44.0431 2356 UserName: jasho
19:46:44.0431 2356 Windows directory: C:\windows
19:46:44.0431 2356 System windows directory: C:\windows
19:46:44.0431 2356 Processor architecture: Intel x86
19:46:44.0431 2356 Number of processors: 2
19:46:44.0431 2356 Page size: 0x1000
19:46:44.0431 2356 Boot type: Normal boot
19:46:44.0431 2356 ============================================================
19:46:48.0315 2356 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:46:48.0331 2356 ============================================================
19:46:48.0331 2356 \Device\Harddisk0\DR0:
19:46:48.0331 2356 MBR partitions:
19:46:48.0331 2356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BF46000
19:46:48.0331 2356 ============================================================
19:46:48.0362 2356 C: <-> \Device\Harddisk0\DR0\Partition0
19:46:48.0362 2356 ============================================================
19:46:48.0362 2356 Initialize success
19:46:48.0362 2356 ============================================================
19:46:53.0822 1144 ============================================================
19:46:53.0822 1144 Scan started
19:46:53.0822 1144 Mode: Manual;
19:46:53.0822 1144 ============================================================
19:46:56.0864 1144 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
19:46:56.0864 1144 1394ohci - ok
19:46:56.0942 1144 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
19:46:56.0942 1144 ACPI - ok
19:46:56.0989 1144 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
19:46:56.0989 1144 AcpiPmi - ok
19:46:57.0160 1144 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:46:57.0160 1144 AdobeARMservice - ok
19:46:57.0269 1144 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:46:57.0285 1144 AdobeFlashPlayerUpdateSvc - ok
19:46:57.0441 1144 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
19:46:57.0457 1144 adp94xx - ok
19:46:57.0503 1144 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
19:46:57.0519 1144 adpahci - ok
19:46:57.0581 1144 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
19:46:57.0581 1144 adpu320 - ok
19:46:57.0644 1144 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
19:46:57.0659 1144 AeLookupSvc - ok
19:46:57.0722 1144 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
19:46:57.0737 1144 AFD - ok
19:46:57.0769 1144 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
19:46:57.0784 1144 agp440 - ok
19:46:57.0831 1144 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
19:46:57.0831 1144 aic78xx - ok
19:46:57.0893 1144 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
19:46:57.0893 1144 ALG - ok
19:46:57.0956 1144 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
19:46:57.0956 1144 aliide - ok
19:46:57.0987 1144 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
19:46:57.0987 1144 amdagp - ok
19:46:58.0034 1144 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
19:46:58.0034 1144 amdide - ok
19:46:58.0081 1144 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
19:46:58.0096 1144 AmdK8 - ok
19:46:58.0096 1144 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
19:46:58.0112 1144 AmdPPM - ok
19:46:58.0143 1144 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
19:46:58.0159 1144 amdsata - ok
19:46:59.0313 1144 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
19:46:59.0329 1144 amdsbs - ok
19:46:59.0360 1144 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
19:46:59.0360 1144 amdxata - ok
19:46:59.0438 1144 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
19:46:59.0438 1144 AppID - ok
19:46:59.0500 1144 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
19:46:59.0500 1144 AppIDSvc - ok
19:46:59.0547 1144 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
19:46:59.0547 1144 Appinfo - ok
19:46:59.0625 1144 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
19:46:59.0625 1144 arc - ok
19:46:59.0641 1144 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
19:46:59.0656 1144 arcsas - ok
19:46:59.0672 1144 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
19:46:59.0672 1144 AsyncMac - ok
19:46:59.0719 1144 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
19:46:59.0719 1144 atapi - ok
19:46:59.0828 1144 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys
19:46:59.0843 1144 athr - ok
19:46:59.0921 1144 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
19:46:59.0921 1144 AudioEndpointBuilder - ok
19:46:59.0953 1144 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
19:46:59.0953 1144 Audiosrv - ok
19:47:00.0015 1144 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
19:47:00.0015 1144 AxInstSV - ok
19:47:00.0093 1144 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
19:47:00.0109 1144 b06bdrv - ok
19:47:00.0140 1144 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
19:47:00.0155 1144 b57nd60x - ok
19:47:00.0202 1144 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
19:47:00.0218 1144 BDESVC - ok
19:47:00.0233 1144 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
19:47:00.0233 1144 Beep - ok
19:47:00.0327 1144 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
19:47:00.0343 1144 BFE - ok
19:47:00.0436 1144 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
19:47:00.0436 1144 blbdrive - ok
19:47:00.0483 1144 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
19:47:00.0499 1144 bowser - ok
19:47:00.0514 1144 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:47:00.0514 1144 BrFiltLo - ok
19:47:00.0530 1144 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:47:00.0545 1144 BrFiltUp - ok
19:47:00.0561 1144 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
19:47:00.0561 1144 BridgeMP - ok
19:47:00.0608 1144 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
19:47:00.0608 1144 Browser - ok
19:47:00.0670 1144 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
19:47:00.0686 1144 Brserid - ok
19:47:00.0701 1144 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
19:47:00.0701 1144 BrSerWdm - ok
19:47:00.0717 1144 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
19:47:00.0717 1144 BrUsbMdm - ok
19:47:00.0733 1144 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
19:47:00.0733 1144 BrUsbSer - ok
19:47:00.0764 1144 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
19:47:00.0764 1144 BTHMODEM - ok
19:47:00.0826 1144 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
19:47:00.0826 1144 bthserv - ok
19:47:00.0873 1144 catchme - ok
19:47:00.0935 1144 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
19:47:00.0935 1144 cdfs - ok
19:47:00.0982 1144 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
19:47:00.0982 1144 cdrom - ok
19:47:01.0045 1144 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
19:47:01.0045 1144 CertPropSvc - ok
19:47:01.0091 1144 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
19:47:01.0091 1144 circlass - ok
19:47:01.0123 1144 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
19:47:01.0138 1144 CLFS - ok
19:47:01.0216 1144 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:47:01.0216 1144 clr_optimization_v2.0.50727_32 - ok
19:47:01.0294 1144 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:47:01.0325 1144 clr_optimization_v4.0.30319_32 - ok
19:47:01.0372 1144 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
19:47:01.0388 1144 CmBatt - ok
19:47:01.0481 1144 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
19:47:01.0481 1144 cmdide - ok
19:47:01.0575 1144 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
19:47:01.0591 1144 CNG - ok
19:47:01.0669 1144 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
19:47:01.0669 1144 Compbatt - ok
19:47:01.0793 1144 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
19:47:01.0793 1144 CompositeBus - ok
19:47:01.0825 1144 COMSysApp - ok
19:47:01.0887 1144 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
19:47:01.0887 1144 crcdisk - ok
19:47:02.0121 1144 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
19:47:02.0121 1144 CryptSvc - ok
19:47:02.0308 1144 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
19:47:03.0525 1144 DcomLaunch - ok
19:47:03.0665 1144 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
19:47:03.0681 1144 defragsvc - ok
19:47:03.0775 1144 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
19:47:03.0775 1144 DfsC - ok
19:47:03.0899 1144 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
19:47:03.0899 1144 Dhcp - ok
19:47:03.0946 1144 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
19:47:03.0946 1144 discache - ok
19:47:04.0009 1144 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
19:47:04.0009 1144 Disk - ok
19:47:04.0055 1144 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
19:47:04.0071 1144 Dnscache - ok
19:47:04.0149 1144 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
19:47:04.0149 1144 dot3svc - ok
19:47:04.0227 1144 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
19:47:04.0227 1144 DPS - ok
19:47:04.0289 1144 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
19:47:04.0289 1144 drmkaud - ok
19:47:04.0367 1144 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
19:47:04.0367 1144 DXGKrnl - ok
19:47:04.0430 1144 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
19:47:04.0430 1144 EapHost - ok
19:47:05.0974 1144 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
19:47:06.0068 1144 ebdrv - ok
19:47:06.0302 1144 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
19:47:06.0317 1144 EFS - ok
19:47:06.0458 1144 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
19:47:06.0489 1144 elxstor - ok
19:47:06.0551 1144 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
19:47:06.0551 1144 ErrDev - ok
19:47:06.0723 1144 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
19:47:07.0862 1144 EventSystem - ok
19:47:07.0940 1144 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
19:47:07.0940 1144 exfat - ok
19:47:07.0987 1144 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
19:47:07.0987 1144 fastfat - ok
19:47:08.0080 1144 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
19:47:08.0096 1144 Fax - ok
19:47:08.0158 1144 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
19:47:08.0158 1144 fdc - ok
19:47:08.0205 1144 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
19:47:08.0205 1144 fdPHost - ok
19:47:08.0283 1144 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
19:47:08.0283 1144 FDResPub - ok
19:47:08.0314 1144 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
19:47:08.0330 1144 FileInfo - ok
19:47:08.0392 1144 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
19:47:08.0392 1144 Filetrace - ok
19:47:08.0455 1144 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
19:47:08.0455 1144 flpydisk - ok
19:47:08.0501 1144 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
19:47:08.0517 1144 FltMgr - ok
19:47:08.0626 1144 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
19:47:08.0642 1144 FontCache - ok
19:47:08.0798 1144 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:47:08.0798 1144 FontCache3.0.0.0 - ok
19:47:08.0860 1144 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
19:47:08.0860 1144 FsDepends - ok
19:47:08.0923 1144 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
19:47:08.0923 1144 Fs_Rec - ok
19:47:08.0985 1144 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
19:47:08.0985 1144 fvevol - ok
19:47:09.0063 1144 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
19:47:09.0079 1144 gagp30kx - ok
19:47:09.0359 1144 Giraffic - ok
19:47:10.0576 1144 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
19:47:10.0607 1144 gpsvc - ok
19:47:10.0670 1144 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
19:47:10.0670 1144 hcw85cir - ok
19:47:10.0748 1144 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
19:47:10.0748 1144 HdAudAddService - ok
19:47:10.0795 1144 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
19:47:10.0795 1144 HDAudBus - ok
19:47:10.0841 1144 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
19:47:10.0841 1144 HidBatt - ok
19:47:10.0857 1144 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
19:47:10.0873 1144 HidBth - ok
19:47:10.0888 1144 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
19:47:10.0904 1144 HidIr - ok
19:47:10.0966 1144 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
19:47:10.0966 1144 hidserv - ok
19:47:11.0029 1144 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
19:47:11.0044 1144 HidUsb - ok
19:47:11.0091 1144 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
19:47:11.0107 1144 hkmsvc - ok
19:47:11.0200 1144 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
19:47:11.0216 1144 HomeGroupListener - ok
19:47:11.0263 1144 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
19:47:11.0278 1144 HomeGroupProvider - ok
19:47:11.0341 1144 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
19:47:11.0341 1144 HpSAMD - ok
19:47:11.0465 1144 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
19:47:11.0481 1144 HTTP - ok
19:47:11.0528 1144 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
19:47:11.0528 1144 hwpolicy - ok
19:47:11.0590 1144 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
19:47:11.0590 1144 i8042prt - ok
19:47:12.0901 1144 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
19:47:12.0916 1144 iaStor - ok
19:47:12.0994 1144 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
19:47:13.0010 1144 iaStorV - ok
19:47:13.0197 1144 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:47:13.0275 1144 idsvc - ok
19:47:13.0977 1144 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\windows\system32\DRIVERS\igdkmd32.sys
19:47:14.0102 1144 igfx - ok
19:47:15.0365 1144 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
19:47:15.0381 1144 iirsp - ok
19:47:15.0475 1144 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
19:47:15.0490 1144 IKEEXT - ok
19:47:15.0755 1144 IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\windows\system32\drivers\RTKVHDA.sys
19:47:15.0865 1144 IntcAzAudAddService - ok
19:47:16.0021 1144 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
19:47:16.0021 1144 intelide - ok
19:47:16.0083 1144 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
19:47:16.0099 1144 intelppm - ok
19:47:16.0130 1144 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
19:47:16.0145 1144 IPBusEnum - ok
19:47:16.0161 1144 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:47:16.0161 1144 IpFilterDriver - ok
19:47:16.0255 1144 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
19:47:16.0270 1144 iphlpsvc - ok
19:47:16.0317 1144 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
19:47:16.0333 1144 IPMIDRV - ok
19:47:16.0364 1144 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
19:47:16.0364 1144 IPNAT - ok
19:47:16.0411 1144 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
19:47:16.0411 1144 IRENUM - ok
19:47:16.0457 1144 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
19:47:16.0457 1144 isapnp - ok
19:47:16.0504 1144 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
19:47:16.0504 1144 iScsiPrt - ok
19:47:16.0551 1144 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
19:47:16.0551 1144 kbdclass - ok
19:47:16.0613 1144 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
19:47:16.0613 1144 kbdhid - ok
19:47:16.0660 1144 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:47:16.0660 1144 KeyIso - ok
19:47:16.0723 1144 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
19:47:16.0723 1144 KSecDD - ok
19:47:16.0769 1144 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
19:47:16.0769 1144 KSecPkg - ok
19:47:16.0816 1144 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
19:47:16.0832 1144 KtmRm - ok
19:47:16.0894 1144 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
19:47:16.0910 1144 LanmanServer - ok
19:47:16.0972 1144 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
19:47:16.0988 1144 LanmanWorkstation - ok
19:47:17.0050 1144 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
19:47:17.0050 1144 lltdio - ok
19:47:17.0097 1144 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
19:47:17.0113 1144 lltdsvc - ok
19:47:17.0128 1144 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
19:47:17.0144 1144 lmhosts - ok
19:47:17.0206 1144 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys
19:47:17.0206 1144 LPCFilter - ok
19:47:17.0253 1144 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
19:47:17.0253 1144 LSI_FC - ok
19:47:17.0284 1144 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
19:47:17.0284 1144 LSI_SAS - ok
19:47:17.0300 1144 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:47:17.0300 1144 LSI_SAS2 - ok
19:47:17.0315 1144 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:47:17.0315 1144 LSI_SCSI - ok
19:47:17.0362 1144 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
19:47:17.0362 1144 luafv - ok
19:47:17.0487 1144 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
19:47:17.0503 1144 McComponentHostService - ok
19:47:17.0534 1144 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
19:47:17.0534 1144 megasas - ok
19:47:17.0581 1144 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
19:47:17.0581 1144 MegaSR - ok
19:47:17.0627 1144 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
19:47:17.0643 1144 MMCSS - ok
19:47:17.0674 1144 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
19:47:17.0674 1144 Modem - ok
19:47:17.0721 1144 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
19:47:17.0721 1144 monitor - ok
19:47:17.0768 1144 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
19:47:17.0768 1144 mouclass - ok
19:47:17.0830 1144 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
19:47:17.0830 1144 mouhid - ok
19:47:17.0877 1144 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
19:47:17.0877 1144 mountmgr - ok
19:47:17.0955 1144 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:47:17.0955 1144 MozillaMaintenance - ok
19:47:18.0002 1144 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
19:47:18.0017 1144 mpio - ok
19:47:18.0064 1144 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
19:47:18.0064 1144 mpsdrv - ok
19:47:18.0158 1144 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
19:47:18.0173 1144 MpsSvc - ok
19:47:18.0220 1144 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
19:47:18.0220 1144 MRxDAV - ok
19:47:19.0437 1144 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
19:47:19.0437 1144 mrxsmb - ok
19:47:19.0499 1144 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:47:19.0499 1144 mrxsmb10 - ok
19:47:19.0531 1144 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:47:19.0531 1144 mrxsmb20 - ok
19:47:19.0577 1144 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
19:47:19.0577 1144 msahci - ok
19:47:19.0624 1144 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
19:47:19.0624 1144 msdsm - ok
19:47:19.0671 1144 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
19:47:19.0671 1144 MSDTC - ok
19:47:19.0733 1144 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
19:47:19.0733 1144 Msfs - ok
19:47:19.0749 1144 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
19:47:19.0749 1144 mshidkmdf - ok
19:47:19.0780 1144 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
19:47:19.0780 1144 msisadrv - ok
19:47:19.0843 1144 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
19:47:19.0843 1144 MSiSCSI - ok
19:47:19.0858 1144 msiserver - ok
19:47:19.0921 1144 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
19:47:19.0921 1144 MSKSSRV - ok
19:47:19.0936 1144 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
19:47:19.0936 1144 MSPCLOCK - ok
19:47:19.0952 1144 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
19:47:19.0952 1144 MSPQM - ok
19:47:19.0983 1144 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
19:47:19.0983 1144 MsRPC - ok
19:47:20.0030 1144 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
19:47:20.0045 1144 mssmbios - ok
19:47:20.0092 1144 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
19:47:20.0092 1144 MSTEE - ok
19:47:20.0092 1144 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
19:47:20.0108 1144 MTConfig - ok
19:47:20.0123 1144 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
19:47:20.0123 1144 Mup - ok
19:47:20.0186 1144 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
19:47:20.0201 1144 napagent - ok
19:47:20.0279 1144 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
19:47:20.0279 1144 NativeWifiP - ok
19:47:20.0373 1144 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
19:47:20.0389 1144 NDIS - ok
19:47:20.0435 1144 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
19:47:20.0435 1144 NdisCap - ok
19:47:20.0467 1144 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
19:47:20.0482 1144 NdisTapi - ok
19:47:20.0513 1144 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
19:47:20.0513 1144 Ndisuio - ok
19:47:20.0560 1144 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
19:47:20.0560 1144 NdisWan - ok
19:47:20.0591 1144 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
19:47:20.0591 1144 NDProxy - ok
19:47:20.0638 1144 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
19:47:20.0638 1144 NetBIOS - ok
19:47:20.0701 1144 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
19:47:20.0701 1144 NetBT - ok
19:47:20.0747 1144 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:47:20.0747 1144 Netlogon - ok
19:47:21.0949 1144 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
19:47:21.0964 1144 Netman - ok
19:47:21.0995 1144 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
19:47:22.0011 1144 netprofm - ok
19:47:22.0073 1144 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:47:22.0073 1144 NetTcpPortSharing - ok
19:47:22.0136 1144 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
19:47:22.0136 1144 nfrd960 - ok
19:47:22.0183 1144 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
19:47:22.0198 1144 NlaSvc - ok
19:47:22.0229 1144 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
19:47:22.0229 1144 Npfs - ok
19:47:22.0261 1144 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
19:47:22.0261 1144 nsi - ok
19:47:22.0292 1144 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
19:47:22.0292 1144 nsiproxy - ok
19:47:22.0401 1144 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
19:47:22.0417 1144 Ntfs - ok
19:47:22.0448 1144 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
19:47:22.0448 1144 Null - ok
19:47:22.0510 1144 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
19:47:22.0526 1144 nvraid - ok
19:47:22.0541 1144 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
19:47:22.0557 1144 nvstor - ok
19:47:22.0604 1144 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
19:47:22.0604 1144 nv_agp - ok
19:47:22.0713 1144 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:47:22.0729 1144 odserv - ok
19:47:22.0775 1144 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
19:47:22.0775 1144 ohci1394 - ok
19:47:22.0838 1144 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:47:22.0838 1144 ose - ok
19:47:22.0900 1144 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
19:47:22.0900 1144 p2pimsvc - ok
19:47:22.0963 1144 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
19:47:22.0978 1144 p2psvc - ok
19:47:23.0025 1144 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
19:47:23.0025 1144 Parport - ok
19:47:23.0072 1144 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
19:47:23.0072 1144 partmgr - ok
19:47:23.0103 1144 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
19:47:23.0119 1144 Parvdm - ok
19:47:23.0150 1144 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
19:47:23.0165 1144 PcaSvc - ok
19:47:23.0197 1144 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
19:47:23.0212 1144 pci - ok
19:47:23.0243 1144 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
19:47:23.0243 1144 pciide - ok
19:47:23.0275 1144 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
19:47:23.0290 1144 pcmcia - ok
19:47:23.0306 1144 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
19:47:23.0321 1144 pcw - ok
19:47:23.0384 1144 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
19:47:23.0399 1144 PEAUTH - ok
19:47:23.0493 1144 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
19:47:23.0493 1144 PGEffect - ok
19:47:23.0633 1144 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
19:47:23.0665 1144 pla - ok
19:47:23.0821 1144 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
19:47:23.0836 1144 PlugPlay - ok
19:47:23.0883 1144 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
19:47:23.0899 1144 PNRPAutoReg - ok
19:47:23.0930 1144 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
19:47:23.0930 1144 PNRPsvc - ok
19:47:23.0992 1144 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
19:47:24.0008 1144 PolicyAgent - ok
19:47:24.0055 1144 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
19:47:24.0070 1144 Power - ok
19:47:24.0148 1144 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
19:47:24.0148 1144 PptpMiniport - ok
19:47:24.0179 1144 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
19:47:24.0179 1144 Processor - ok
19:47:25.0396 1144 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
19:47:25.0412 1144 ProfSvc - ok
19:47:25.0443 1144 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:47:25.0459 1144 ProtectedStorage - ok
19:47:25.0505 1144 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
19:47:25.0505 1144 Psched - ok
19:47:25.0599 1144 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
19:47:25.0630 1144 ql2300 - ok
19:47:25.0771 1144 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
19:47:25.0771 1144 ql40xx - ok
19:47:25.0817 1144 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
19:47:25.0817 1144 QWAVE - ok
19:47:25.0849 1144 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
19:47:25.0849 1144 QWAVEdrv - ok
19:47:25.0864 1144 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
19:47:25.0880 1144 RasAcd - ok
19:47:25.0927 1144 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
19:47:25.0927 1144 RasAgileVpn - ok
19:47:25.0973 1144 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
19:47:25.0989 1144 RasAuto - ok
19:47:26.0036 1144 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
19:47:26.0036 1144 Rasl2tp - ok
19:47:26.0098 1144 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
19:47:26.0098 1144 RasMan - ok
19:47:26.0145 1144 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
19:47:26.0161 1144 RasPppoe - ok
19:47:26.0192 1144 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
19:47:26.0192 1144 RasSstp - ok
19:47:26.0239 1144 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
19:47:26.0239 1144 rdbss - ok
19:47:26.0270 1144 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
19:47:26.0270 1144 rdpbus - ok
19:47:26.0301 1144 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
19:47:26.0301 1144 RDPCDD - ok
19:47:26.0348 1144 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
19:47:26.0348 1144 RDPENCDD - ok
19:47:26.0379 1144 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
19:47:26.0379 1144 RDPREFMP - ok
19:47:26.0426 1144 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
19:47:26.0426 1144 RDPWD - ok
19:47:26.0504 1144 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
19:47:26.0519 1144 rdyboost - ok
19:47:26.0551 1144 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
19:47:26.0566 1144 RemoteAccess - ok
19:47:26.0582 1144 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
19:47:26.0597 1144 RemoteRegistry - ok
19:47:26.0644 1144 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
19:47:26.0660 1144 RpcEptMapper - ok
19:47:26.0691 1144 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
19:47:26.0707 1144 RpcLocator - ok
19:47:26.0753 1144 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
19:47:26.0769 1144 RpcSs - ok
19:47:26.0816 1144 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
19:47:26.0816 1144 rspndr - ok
19:47:26.0878 1144 RSUSBSTOR (5bef0fd9b6e57bbc6f7920e3118ae108) C:\windows\system32\Drivers\RtsUStor.sys
19:47:26.0894 1144 RSUSBSTOR - ok
19:47:26.0941 1144 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\windows\system32\DRIVERS\Rt86win7.sys
19:47:26.0956 1144 RTL8167 - ok
19:47:27.0003 1144 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:47:27.0003 1144 SamSs - ok
19:47:27.0065 1144 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
19:47:27.0065 1144 sbp2port - ok
19:47:27.0128 1144 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
19:47:27.0128 1144 SCardSvr - ok
19:47:27.0175 1144 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
19:47:27.0175 1144 scfilter - ok
19:47:27.0268 1144 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
19:47:27.0284 1144 Schedule - ok
19:47:27.0315 1144 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
19:47:27.0315 1144 SCPolicySvc - ok
19:47:27.0377 1144 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
19:47:27.0377 1144 SDRSVC - ok
19:47:27.0440 1144 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
19:47:27.0440 1144 secdrv - ok
19:47:27.0471 1144 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
19:47:27.0487 1144 seclogon - ok
19:47:27.0518 1144 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
19:47:27.0533 1144 SENS - ok
19:47:27.0565 1144 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
19:47:27.0565 1144 Serenum - ok
19:47:27.0596 1144 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
19:47:27.0611 1144 Serial - ok
19:47:27.0658 1144 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
19:47:27.0658 1144 sermouse - ok
19:47:27.0721 1144 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
19:47:27.0736 1144 SessionEnv - ok
19:47:27.0752 1144 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
19:47:27.0767 1144 sffdisk - ok
19:47:27.0783 1144 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
19:47:27.0783 1144 sffp_mmc - ok
19:47:27.0814 1144 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
19:47:27.0814 1144 sffp_sd - ok
19:47:27.0845 1144 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
19:47:27.0845 1144 sfloppy - ok
19:47:27.0923 1144 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
19:47:27.0939 1144 SharedAccess - ok
19:47:28.0001 1144 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
19:47:28.0017 1144 ShellHWDetection - ok
19:47:28.0064 1144 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
19:47:28.0064 1144 sisagp - ok
19:47:28.0126 1144 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:47:28.0126 1144 SiSRaid2 - ok
19:47:28.0142 1144 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
19:47:28.0142 1144 SiSRaid4 - ok
19:47:28.0251 1144 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
19:47:29.0140 1144 SkypeUpdate - ok
19:47:29.0203 1144 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
19:47:29.0203 1144 Smb - ok
19:47:29.0265 1144 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
19:47:29.0281 1144 SNMPTRAP - ok
19:47:29.0312 1144 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
19:47:29.0312 1144 spldr - ok
19:47:29.0374 1144 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
19:47:29.0390 1144 Spooler - ok
19:47:29.0593 1144 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
19:47:29.0671 1144 sppsvc - ok
19:47:29.0811 1144 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
19:47:29.0811 1144 sppuinotify - ok
19:47:29.0889 1144 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
19:47:29.0889 1144 srv - ok
19:47:29.0936 1144 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
19:47:29.0951 1144 srv2 - ok
19:47:29.0983 1144 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
19:47:29.0998 1144 srvnet - ok
19:47:30.0045 1144 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
19:47:30.0045 1144 SSDPSRV - ok
19:47:30.0076 1144 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
19:47:30.0076 1144 SstpSvc - ok
19:47:30.0107 1144 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
19:47:30.0107 1144 stexstor - ok
19:47:30.0185 1144 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
19:47:30.0201 1144 StiSvc - ok
19:47:30.0263 1144 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
19:47:30.0263 1144 swenum - ok
19:47:30.0310 1144 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
19:47:30.0326 1144 swprv - ok
19:47:30.0419 1144 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
19:47:30.0419 1144 SynTP - ok
19:47:30.0513 1144 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
19:47:30.0544 1144 SysMain - ok
19:47:30.0591 1144 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
19:47:30.0591 1144 TabletInputService - ok
19:47:30.0653 1144 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
19:47:30.0653 1144 TapiSrv - ok
19:47:30.0700 1144 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
19:47:30.0700 1144 TBS - ok
19:47:30.0856 1144 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
19:47:30.0887 1144 Tcpip - ok
19:47:30.0934 1144 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
19:47:30.0950 1144 TCPIP6 - ok
19:47:30.0981 1144 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
19:47:30.0997 1144 tcpipreg - ok
19:47:31.0059 1144 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:47:31.0059 1144 tdcmdpst - ok
19:47:31.0090 1144 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
19:47:31.0106 1144 TDPIPE - ok
19:47:31.0137 1144 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
19:47:31.0153 1144 TDTCP - ok
19:47:31.0184 1144 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
19:47:31.0199 1144 tdx - ok
19:47:31.0231 1144 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
19:47:31.0231 1144 TermDD - ok
19:47:31.0309 1144 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
19:47:31.0324 1144 TermService - ok
19:47:31.0340 1144 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
19:47:31.0355 1144 Themes - ok
19:47:31.0402 1144 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
19:47:31.0402 1144 THREADORDER - ok
19:47:31.0496 1144 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:47:31.0496 1144 TMachInfo - ok
19:47:31.0558 1144 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
19:47:31.0574 1144 TODDSrv - ok
19:47:31.0667 1144 TosCoSrv (85edf7a274435e4df051bb23f8e01581) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:47:31.0683 1144 TosCoSrv - ok
19:47:31.0745 1144 TOSHIBA HDD SSD Alert Service (991e324dc137402148e01c2269632c6b) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:47:31.0761 1144 TOSHIBA HDD SSD Alert Service - ok
19:47:31.0808 1144 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
19:47:31.0823 1144 TrkWks - ok
19:47:31.0901 1144 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
19:47:31.0901 1144 TrustedInstaller - ok
19:47:31.0964 1144 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
19:47:31.0964 1144 tssecsrv - ok
19:47:32.0042 1144 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
19:47:32.0042 1144 TsUsbFlt - ok
19:47:32.0104 1144 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
19:47:32.0104 1144 tunnel - ok
19:47:32.0151 1144 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:47:32.0167 1144 TVALZ - ok
19:47:32.0198 1144 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
19:47:32.0213 1144 uagp35 - ok
19:47:32.0276 1144 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
19:47:32.0276 1144 udfs - ok
19:47:32.0338 1144 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
19:47:32.0354 1144 UI0Detect - ok
19:47:32.0385 1144 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
19:47:32.0385 1144 uliagpkx - ok
19:47:32.0447 1144 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
19:47:32.0447 1144 umbus - ok
19:47:32.0494 1144 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
19:47:32.0494 1144 UmPass - ok
19:47:32.0557 1144 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
19:47:32.0572 1144 upnphost - ok
19:47:32.0619 1144 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
19:47:32.0619 1144 usbccgp - ok
19:47:32.0666 1144 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
19:47:32.0666 1144 usbcir - ok
19:47:32.0697 1144 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
19:47:32.0697 1144 usbehci - ok
19:47:32.0759 1144 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
19:47:32.0775 1144 usbhub - ok
19:47:32.0806 1144 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
19:47:32.0806 1144 usbohci - ok
19:47:32.0853 1144 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
19:47:32.0853 1144 usbprint - ok
19:47:32.0900 1144 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
19:47:32.0900 1144 usbscan - ok
19:47:32.0931 1144 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:47:32.0931 1144 USBSTOR - ok
19:47:32.0962 1144 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
19:47:32.0962 1144 usbuhci - ok
19:47:33.0025 1144 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
19:47:33.0025 1144 usbvideo - ok
19:47:33.0056 1144 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
19:47:33.0071 1144 UxSms - ok
19:47:33.0118 1144 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
19:47:33.0118 1144 VaultSvc - ok
19:47:33.0165 1144 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
19:47:33.0181 1144 vdrvroot - ok
19:47:33.0227 1144 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
19:47:33.0243 1144 vds - ok
19:47:33.0290 1144 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
19:47:33.0290 1144 vga - ok
19:47:33.0305 1144 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
19:47:33.0305 1144 VgaSave - ok
19:47:33.0352 1144 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
19:47:33.0352 1144 vhdmp - ok
19:47:33.0399 1144 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
19:47:33.0399 1144 viaagp - ok
19:47:33.0430 1144 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
19:47:33.0430 1144 ViaC7 - ok
19:47:33.0477 1144 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
19:47:33.0477 1144 viaide - ok
19:47:33.0508 1144 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
19:47:33.0508 1144 volmgr - ok
19:47:33.0555 1144 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
19:47:33.0555 1144 volmgrx - ok
19:47:33.0617 1144 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
19:47:33.0633 1144 volsnap - ok
19:47:33.0680 1144 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
19:47:33.0680 1144 vsmraid - ok
19:47:33.0773 1144 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
19:47:33.0805 1144 VSS - ok
19:47:33.0836 1144 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
19:47:33.0836 1144 vwifibus - ok
19:47:33.0867 1144 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
19:47:33.0867 1144 vwififlt - ok
19:47:33.0914 1144 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
19:47:33.0914 1144 vwifimp - ok
19:47:33.0961 1144 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
19:47:33.0976 1144 W32Time - ok
19:47:34.0023 1144 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
19:47:34.0023 1144 WacomPen - ok
19:47:34.0085 1144 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:47:34.0085 1144 WANARP - ok
19:47:34.0085 1144 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
19:47:34.0101 1144 Wanarpv6 - ok
19:47:34.0226 1144 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
19:47:34.0257 1144 wbengine - ok
19:47:34.0319 1144 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
19:47:34.0335 1144 WbioSrvc - ok
19:47:34.0382 1144 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
19:47:34.0397 1144 wcncsvc - ok
19:47:34.0429 1144 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
19:47:34.0444 1144 WcsPlugInService - ok
19:47:34.0522 1144 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
19:47:34.0522 1144 Wd - ok
19:47:34.0569 1144 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
19:47:34.0569 1144 Wdf01000 - ok
19:47:34.0616 1144 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
19:47:34.0631 1144 WdiServiceHost - ok
19:47:34.0631 1144 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
19:47:34.0647 1144 WdiSystemHost - ok
19:47:34.0694 1144 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
19:47:34.0709 1144 WebClient - ok
19:47:34.0756 1144 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
19:47:34.0772 1144 Wecsvc - ok
19:47:34.0803 1144 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
19:47:34.0819 1144 wercplsupport - ok
19:47:34.0865 1144 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
19:47:34.0865 1144 WerSvc - ok
19:47:34.0912 1144 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
19:47:34.0928 1144 WfpLwf - ok
19:47:34.0943 1144 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
19:47:34.0943 1144 WIMMount - ok
19:47:35.0068 1144 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:47:35.0084 1144 WinDefend - ok
19:47:35.0099 1144 WinHttpAutoProxySvc - ok
19:47:35.0177 1144 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
19:47:35.0193 1144 Winmgmt - ok
19:47:35.0287 1144 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
19:47:35.0318 1144 WinRM - ok
19:47:35.0427 1144 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
19:47:35.0458 1144 Wlansvc - ok
19:47:35.0630 1144 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:47:35.0661 1144 wlidsvc - ok
19:47:35.0786 1144 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
19:47:35.0801 1144 WmiAcpi - ok
19:47:35.0879 1144 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
19:47:35.0879 1144 wmiApSrv - ok
19:47:36.0004 1144 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:47:36.0035 1144 WMPNetworkSvc - ok
19:47:36.0082 1144 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
19:47:36.0082 1144 WPCSvc - ok
19:47:36.0129 1144 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
19:47:36.0145 1144 WPDBusEnum - ok
19:47:36.0207 1144 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
19:47:36.0223 1144 ws2ifsl - ok
19:47:36.0316 1144 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
19:47:36.0332 1144 wscsvc - ok
19:47:36.0347 1144 WSearch - ok
19:47:36.0503 1144 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
19:47:36.0550 1144 wuauserv - ok
19:47:36.0691 1144 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
19:47:36.0691 1144 WudfPf - ok
19:47:36.0722 1144 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
19:47:36.0737 1144 WUDFRd - ok
19:47:36.0784 1144 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
19:47:36.0800 1144 wudfsvc - ok
19:47:36.0862 1144 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
19:47:36.0862 1144 WwanSvc - ok
19:47:36.0940 1144 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:47:37.0159 1144 \Device\Harddisk0\DR0 - ok
19:47:37.0190 1144 Boot (0x1200) (6b9376ae63008b21968de9b6f269e43d) \Device\Harddisk0\DR0\Partition0
19:47:37.0190 1144 \Device\Harddisk0\DR0\Partition0 - ok
19:47:37.0190 1144 ============================================================
19:47:37.0190 1144 Scan finished
19:47:37.0190 1144 ============================================================
19:47:37.0237 5888 Detected object count: 0
19:47:37.0237 5888 Actual detected object count: 0

Here's the aswMBR log. Again, as mentioned in the OP, I ran this also before coming here and it definitely detected the rootkit before BSODing and making me run it in Safe Mode in order to complete. No such trouble this time.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-24 19:49:36
-----------------------------
19:49:36.611 OS Version: Windows 6.1.7601 Service Pack 1
19:49:36.611 Number of processors: 2 586 0x1C0A
19:49:36.611 ComputerName: JASHO-PC UserName: jasho
19:50:34.799 Initialize success
19:52:35.152 AVAST engine defs: 12072401
19:52:47.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
19:52:47.554 Disk 0 Vendor: TOSHIBA_ GH01 Size: 238475MB BusType: 3
19:52:47.569 Disk 0 MBR read successfully
19:52:47.585 Disk 0 MBR scan
19:52:47.679 Disk 0 Windows VISTA default MBR code
19:52:47.679 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:52:47.725 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 229004 MB offset 3074048
19:52:47.772 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 7970 MB offset 472074240
19:52:47.819 Disk 0 scanning sectors +488396800
19:52:47.944 Disk 0 scanning C:\windows\system32\drivers
19:53:05.088 Service scanning
19:53:57.863 Modules scanning
19:54:31.138 Disk 0 trace - called modules:
19:54:31.185 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
19:54:31.200 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85262268]
19:54:31.232 3 CLASSPNP.SYS[86ba559e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84801028]
19:54:32.651 AVAST engine scan C:\windows
19:54:40.467 AVAST engine scan C:\windows\system32
20:01:12.074 AVAST engine scan C:\windows\system32\drivers
20:01:35.006 AVAST engine scan C:\Users\jasho
20:11:23.159 AVAST engine scan C:\ProgramData
20:14:26.240 Scan finished successfully
20:14:39.547 Disk 0 MBR has been saved successfully to "C:\Users\jasho\Documents\MBR.dat"
20:14:39.563 The log file has been saved successfully to "C:\Users\jasho\Documents\aswMBR2.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 24 July 2012 - 10:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 zqqz

zqqz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 24 July 2012 - 11:38 PM

Here's the new Combofix log. Didn't have to reboot, no noticeable problem.

ComboFix 12-07-25.04 - jasho 07/24/2012 21:13:56.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.329 [GMT -7:00]
Running from: c:\users\jasho\Downloads\ComboFix.exe
Command switches used :: c:\users\jasho\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 04:30 . 2012-07-25 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-24 03:01 . 2012-07-25 04:30 -------- d-----w- c:\users\jasho\AppData\Local\temp
2012-07-24 02:53 . 2012-07-24 02:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E47983E-48E1-43DE-8929-4DC5FDAF77F4}\offreg.dll
2012-07-19 23:01 . 2012-07-19 23:01 -------- d-----w- c:\program files\ESET
2012-07-19 21:06 . 2012-07-19 21:06 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-19 21:06 . 2012-07-19 21:06 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-19 20:17 . 2012-07-19 20:17 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-17 20:13 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6E47983E-48E1-43DE-8929-4DC5FDAF77F4}\mpengine.dll
2012-07-12 10:05 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 03:17 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 03:17 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 03:17 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-12 03:17 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-12 03:17 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 03:17 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 03:17 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 03:17 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 03:16 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 03:16 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-12 03:16 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-12 03:16 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-12 03:16 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-12 03:16 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-12 03:16 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-05 09:14 . 2012-07-05 09:14 -------- d-----w- c:\users\jasho\AppData\Local\Macromedia
2012-06-25 23:04 . 2012-06-25 23:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-19 09:39 . 2012-04-01 00:22 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-19 09:39 . 2011-05-15 03:06 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2010-09-13 03:03 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2012-06-21 18:51 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 18:52 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:52 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:52 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 18:52 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 18:52 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 18:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 18:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-09-13 02:40 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-29 10:56 . 2011-02-15 12:14 1099264 ----a-w- c:\windows\system32\ac3filter.acm
2012-05-01 04:44 . 2012-06-14 03:51 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17 . 2012-06-14 03:51 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45 . 2012-06-14 03:51 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 03:51 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 03:51 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2012-07-19 21:06 . 2012-02-27 12:10 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\users\jasho\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2012-01-02 4692296]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-14 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-14 694816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-24 2429]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\jasho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\Giraffic\Veoh_GirafficWatchdog.exe [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:39]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860772402-837991961-1244450927-1000Core.job
- c:\users\jasho\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-19 20:51]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-860772402-837991961-1244450927-1000UA.job
- c:\users\jasho\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-19 20:51]
.
2012-07-19 c:\windows\Tasks\Norton Security Scan for jasho.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-12-21 08:51]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\jasho\AppData\Roaming\Mozilla\Firefox\Profiles\umx5hdbx.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-860772402-837991961-1244450927-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-860772402-837991961-1244450927-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*i*n*i*‘Óp\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-860772402-837991961-1244450927-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-860772402-837991961-1244450927-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,f2,58,c7,c8,46,5c,52,18,74,5e,15,05,cc,24,56,6e,39,c1,50,41,
f7,dc,74,71,e0,54,89,55,58,69,12,86,10,fe,84,15,8b,40,3c,e8,1d,c6,eb,dd,5a,\
"rkeysecu"=hex:08,52,37,ea,98,68,e0,74,ae,4a,09,c1,ad,df,d8,f4
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-24 21:36:18
ComboFix-quarantined-files.txt 2012-07-25 04:36
ComboFix2.txt 2012-07-24 03:12
.
Pre-Run: 135,731,585,024 bytes free
Post-Run: 135,808,462,848 bytes free
.
- - End Of File - - 30781F3556298A6D677919526AEF285F

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 24 July 2012 - 11:52 PM

Hello
:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Java™ 6 Update 31
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 zqqz

zqqz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 25 July 2012 - 03:34 PM

Hey gringo-

Here's the new MBAM log.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.25.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
jasho :: JASHO-PC [administrator]

7/25/2012 1:19:25 PM
mbam-log-2012-07-25 (13-19-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 184027
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

And here's HJT. I already had it installed so I just ran it again (not as an administrator):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:30:30 PM, on 7/25/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Users\jasho\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\windows\system32\igfxext.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Users\jasho\Downloads\HijackThis.exe
C:\windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/Toshiba/en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE3
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Boingo Wi-Fi] "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [googletalk] C:\Users\jasho\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O4 - Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) - Unknown owner - C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

--
End of file - 8706 bytes


No trouble that I can notice yet but I haven't done much. Java tried to get me to reinstall McAfee when I reinstalled Java but I declined.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 25 July 2012 - 03:40 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
      O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
      O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
      O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
      O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [googletalk] C:\Users\jasho\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
      O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
      O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
      O4 - Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 zqqz

zqqz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 25 July 2012 - 10:41 PM

Hey gringo-

Good news, I think. HJT went fine, and this is all ESET found:

C:\Qoobox\Quarantine\C\Windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{a8826605-2627-b5e8-bfd6-08eb4c376c20}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win32/Sirefef.FC trojan

These are just the quarantined old files, right?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:14 PM

Posted 25 July 2012 - 10:48 PM

Hello

The Online scan looks very good!! It is only reporting backups created during the course of this fix!!


C:\Qoobox\Quarantine\<-- combofix


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 zqqz

zqqz
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 25 July 2012 - 10:51 PM

Thanks, gringo, I'll get on it tomorrow. Can I run MBAM on the system from time to time while still using MSE or something?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users