Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sirefef.b Virus (already have farbar logs)


  • This topic is locked This topic is locked
19 replies to this topic

#1 Craig210

Craig210

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 26 July 2012 - 07:54 PM

I already got the logs i just want to make sure i don't make the script wrong and end up messing up my windows install


Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 26-07-2012 20:30:12
Running from J:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [171520 2009-11-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [184320 2007-04-17] (Creative Technology Ltd)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-05-26] (Elaborate Bytes AG)
HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2011-01-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-04-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe" [314280 2012-07-01] (Razer USA Ltd)
HKU\Craig\...\Run: [Steam] "Z:\Games\Steam\steam.exe" -silent [x]
HKU\Craig\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [287536 2012-03-07] (BitTorrent, Inc.)
HKU\Craig\...\Run: [PlayNC Launcher] [x]
HKU\Craig\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Craig\...\Run: [Utopia Angel] "Z:\Games\Utopia Angel\Angel.exe" [x]
HKU\Craig\...\Run: [Google Update] "C:\Users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-10] (Google Inc.)
HKU\Craig\...\Run: [F.lux] "C:\Users\Craig\Local Settings\Apps\F.lux\flux.exe" /noshow [966656 2009-08-28] ()
HKU\Craig\...\Run: [Akamai NetSession Interface] "C:\Users\Craig\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Craig\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [3035968 2012-02-02] (DT Soft Ltd)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\Craig\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Craig\Start Menu\Programs\Startup\Pandora.lnk
ShortcutTarget: Pandora.lnk -> C:\Program Files (x86)\Pandora\Pandora.exe ()

==================== Services (Whitelisted) ======

2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-14] (Akamai Technologies, Inc)
3 Creative ALchemy AL1 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [79360 2009-06-04] (Creative Labs)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2011-10-01] ()
3 DAUpdaterSvc; C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
2 HiPatchService; C:\Games\Tribes_Ascend\HiPatchService.exe [x]

========================== Drivers (Whitelisted) =============

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2009-07-03] ()
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-03-08] (DT Soft Ltd)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2009-07-03] ()
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
2 MySQL; "C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" MySQL [8960 2010-09-14] ()
3 RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [10568 2012-06-19] ()
3 SaiH8000; C:\Windows\System32\Drivers\SaiH8000.sys [178560 2008-04-04] (Saitek)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-26 20:30 - 2012-07-26 20:30 - 00000000 ____D C:\FRST
2012-07-26 15:41 - 2012-07-26 15:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4571515EE807E5F9
2012-07-26 15:34 - 2012-07-26 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E62E3EF4854BF042
2012-07-26 15:28 - 2012-07-26 15:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1796B1C30BC27B5D
2012-07-26 15:23 - 2012-07-26 15:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F6B2EF0B156249A
2012-07-26 14:30 - 2012-07-26 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06DCB519AD137B8B
2012-07-26 14:27 - 2012-07-26 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18D1FEA956E2D190
2012-07-26 14:23 - 2012-07-26 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13CF0E13FC8AC825
2012-07-26 14:16 - 2012-07-26 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C0E8361785FD9601
2012-07-26 14:12 - 2012-07-26 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF91AA2C1FFC6684
2012-07-26 14:06 - 2012-07-26 14:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-26 14:05 - 2012-07-26 14:05 - 12621696 ____A (Microsoft Corporation) C:\Users\Craig\Downloads\mseinstall.exe
2012-07-25 14:57 - 2012-07-25 14:57 - 00000816 ____A C:\Users\Public\Desktop\Smite Closed Beta.lnk
2012-07-25 14:56 - 2012-07-25 14:56 - 13846728 ____A (Hi-Rez Studios) C:\Users\Craig\Downloads\InstallHiRezGamesEnglish.exe
2012-07-24 15:04 - 2012-07-24 15:04 - 00000000 ____D C:\Users\Craig\AppData\Local\{C09C08DA-D092-11E1-8270-B8AC6F996F26}
2012-07-18 18:42 - 2012-07-18 18:42 - 00480256 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzdevicedll.dll
2012-07-17 20:49 - 2012-07-17 20:49 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-07-15 18:38 - 2012-07-15 18:38 - 00101376 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzudd.sys
2012-07-15 18:32 - 2012-07-15 18:32 - 00165888 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzaudiodll.dll
2012-07-15 18:32 - 2012-07-15 18:32 - 00143360 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rztouchdll.dll
2012-06-30 04:45 - 2012-07-26 13:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

============ 3 Months Modified Files ========================

2012-07-26 16:25 - 2011-07-10 15:50 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422572306-349336893-3865425523-1000UA.job
2012-07-26 16:24 - 2009-07-13 15:19 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-07-26 16:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-26 16:23 - 2009-07-13 20:51 - 02969435 ____A C:\Windows\setupact.log
2012-07-26 15:41 - 2012-07-26 15:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4571515EE807E5F9
2012-07-26 15:34 - 2012-07-26 15:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E62E3EF4854BF042
2012-07-26 15:34 - 2011-03-06 21:37 - 00002086 ____A C:\Windows\epplauncher.mif
2012-07-26 15:28 - 2012-07-26 15:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1796B1C30BC27B5D
2012-07-26 15:23 - 2012-07-26 15:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3F6B2EF0B156249A
2012-07-26 14:30 - 2012-07-26 14:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.06DCB519AD137B8B
2012-07-26 14:27 - 2012-07-26 14:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.18D1FEA956E2D190
2012-07-26 14:23 - 2012-07-26 14:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.13CF0E13FC8AC825
2012-07-26 14:16 - 2012-07-26 14:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C0E8361785FD9601
2012-07-26 14:12 - 2012-07-26 14:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CF91AA2C1FFC6684
2012-07-26 14:12 - 2009-11-17 03:48 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-26 14:12 - 2009-11-17 03:48 - 00009696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-26 14:10 - 2009-11-17 04:15 - 01773613 ____A C:\Windows\WindowsUpdate.log
2012-07-26 14:07 - 2009-12-03 14:34 - 00236548 ____A C:\Windows\DPINST.LOG
2012-07-26 14:06 - 2010-04-16 16:31 - 00809004 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-26 14:05 - 2012-07-26 14:05 - 12621696 ____A (Microsoft Corporation) C:\Users\Craig\Downloads\mseinstall.exe
2012-07-26 13:59 - 2012-06-30 04:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-25 19:25 - 2011-07-10 15:50 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422572306-349336893-3865425523-1000Core.job
2012-07-25 14:57 - 2012-07-25 14:57 - 00000816 ____A C:\Users\Public\Desktop\Smite Closed Beta.lnk
2012-07-25 14:57 - 2012-02-14 13:38 - 00000807 ____A C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
2012-07-25 14:56 - 2012-07-25 14:56 - 13846728 ____A (Hi-Rez Studios) C:\Users\Craig\Downloads\InstallHiRezGamesEnglish.exe
2012-07-24 15:03 - 2009-11-17 04:01 - 00069328 ____A C:\Windows\PFRO.log
2012-07-22 13:22 - 2012-06-11 19:42 - 00001122 ____A C:\Users\Craig\Desktop\MSI Afterburner.lnk
2012-07-18 18:42 - 2012-07-18 18:42 - 00480256 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzdevicedll.dll
2012-07-15 18:38 - 2012-07-15 18:38 - 00101376 ____A (Razer USA Ltd) C:\Windows\System32\Drivers\rzudd.sys
2012-07-15 18:32 - 2012-07-15 18:32 - 00165888 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rzaudiodll.dll
2012-07-15 18:32 - 2012-07-15 18:32 - 00143360 ____A (Razer USA Ltd) C:\Windows\SysWOW64\rztouchdll.dll
2012-07-14 20:00 - 2012-04-04 11:01 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-14 20:00 - 2011-05-25 10:16 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-11 19:06 - 2012-06-11 19:05 - 24139013 ____A C:\Users\Craig\Desktop\MSIAfterburnerSetup221.zip
2012-06-02 14:19 - 2012-06-20 19:50 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-20 19:50 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-20 19:50 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-20 19:50 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-20 19:50 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-20 19:50 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-20 19:50 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-20 19:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-20 19:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 08:25 - 2009-10-02 22:01 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-23 16:51 - 2009-06-02 20:06 - 00568018 ____A C:\Windows\DirectX.log
2012-05-14 12:42 - 2012-05-14 12:34 - 00000804 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-11 17:42 - 2012-05-11 17:42 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_WinUsb_01005.Wdf
2012-05-11 17:38 - 2010-01-03 15:38 - 00000893 ____A C:\Users\Public\Desktop\Pandora.lnk
2012-05-11 17:34 - 2009-07-13 20:45 - 00308712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 17:30 - 2012-05-11 17:30 - 00000057 ____A C:\Users\Craig\Desktop\Open me.txt
2012-05-11 17:28 - 2012-05-11 17:28 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_rzudd_01009.Wdf
2012-05-11 17:28 - 2009-11-17 04:25 - 00063224 ____A C:\Users\Craig\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-01 14:54 - 2012-05-01 14:54 - 00000924 ____A C:\Users\Public\Desktop\World of Warcraft Beta.lnk

ZeroAccess:
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}\@
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}\L
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}\n
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}\U
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}\U\00000001.@

ZeroAccess:
C:\Users\Craig\AppData\Local\{4575b94b-1f87-7fe7-81c3-b17b880e885b}
C:\Users\Craig\AppData\Local\{4575b94b-1f87-7fe7-81c3-b17b880e885b}\@
C:\Users\Craig\AppData\Local\{4575b94b-1f87-7fe7-81c3-b17b880e885b}\L
C:\Users\Craig\AppData\Local\{4575b94b-1f87-7fe7-81c3-b17b880e885b}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 4087.11 MB
Available physical RAM: 3504.36 MB
Total Pagefile: 4085.26 MB
Available Pagefile: 3485.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:186.31 GB) (Free:72.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive d: (Local Disk) (Fixed) (Total:736.2 GB) (Free:153.44 GB) NTFS
4 Drive e: (BLAMBLAM) (Fixed) (Total:195.31 GB) (Free:195.22 GB) NTFS
9 Drive j: () (Removable) (Total:0.48 GB) (Free:0.29 GB) FAT
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 186 GB 0 B
Disk 1 Online 931 GB 1024 KB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 489 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 186 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C NTFS Partition 186 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 736 GB 1024 KB
Partition 2 Primary 195 GB 736 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D Local Disk NTFS Partition 736 GB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E BLAMBLAM NTFS Partition 195 GB Healthy

==================================================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 488 MB 16 KB

==================================================================================

Disk: 6
Partition 1
Type : 0E
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 J FAT Removable 488 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 21:42

======================= End Of Log ==========================







Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 20:47:11
Running from J:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2012-07-26 16:24] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Also my apologies for having Virtual Clone drive running i will disable it once i can get into windows for more than a minute.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:26 AM

Posted 28 July 2012 - 01:34 PM

please run the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM-x32\...\Run: [] [x]
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}
C:\Users\Craig\AppData\Local\{4575b94b-1f87-7fe7-81c3-b17b880e885b}
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST (or FRST64 if you have the 64bit version) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.


NEXT

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Edited by CatByte, 28 July 2012 - 01:35 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Craig210

Craig210
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 29 July 2012 - 08:46 AM

start
HKLM-x32\...\Run: [] [x]
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}
C:\Users\Craig\AppData\Local\{4575b94b-1f87-7fe7-81c3-b17b880e885b}
replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

After reviewing a few other logs that people posted and my own i made my own code block which was very similar to yours

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b}
C:\Users\Craig\AppData\Local\{4575b94b-1f87-7fe7-81c3-b17b880e885b}

which left me with

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-26 23:08:17 Run:1
Running from J:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{4575b94b-1f87-7fe7-81c3-b17b880e885b} moved successfully.
C:\Users\Craig\AppData\Local\{4575b94b-1f87-7fe7-81c3-b17b880e885b} moved successfully.

==== End of Fixlog ====

Also i ran combo fix twice and i didn't rename the first log like a dummy so all i have is the second log. Sorry!
Edit: this was the run where i ran it with the ClearJavacache command

ComboFix 12-07-27.02 - Craig 07/27/2012   0:00.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4087.2344 [GMT -4:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
Command switches used :: c:\users\Craig\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-27 to 2012-07-27  )))))))))))))))))))))))))))))))
.
.
2012-07-27 04:30 . 2012-07-27 04:30	--------	d-----w-	C:\FRST
2012-07-27 04:09 . 2012-07-27 04:09	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FB19297-CF07-47DA-846D-D301049F3558}\offreg.dll
2012-07-27 04:07 . 2012-07-27 04:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-27 03:59 . 2012-07-27 03:59	9230024	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-26 23:41 . 2012-07-26 23:41	328704	----a-w-	c:\windows\system32\services.exe.4571515EE807E5F9
2012-07-26 23:34 . 2012-07-26 23:34	328704	----a-w-	c:\windows\system32\services.exe.E62E3EF4854BF042
2012-07-26 23:28 . 2012-07-26 23:28	328704	----a-w-	c:\windows\system32\services.exe.1796B1C30BC27B5D
2012-07-26 23:23 . 2012-07-26 23:23	328704	----a-w-	c:\windows\system32\services.exe.3F6B2EF0B156249A
2012-07-26 22:30 . 2012-07-26 22:30	328704	----a-w-	c:\windows\system32\services.exe.06DCB519AD137B8B
2012-07-26 22:27 . 2012-07-26 22:27	328704	----a-w-	c:\windows\system32\services.exe.18D1FEA956E2D190
2012-07-26 22:23 . 2012-07-26 22:23	328704	----a-w-	c:\windows\system32\services.exe.13CF0E13FC8AC825
2012-07-26 22:16 . 2012-07-26 22:16	328704	----a-w-	c:\windows\system32\services.exe.C0E8361785FD9601
2012-07-26 22:12 . 2012-07-26 22:12	328704	----a-w-	c:\windows\system32\services.exe.CF91AA2C1FFC6684
2012-07-26 22:10 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0FB19297-CF07-47DA-846D-D301049F3558}\mpengine.dll
2012-07-26 22:07 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-26 22:06 . 2012-07-26 22:06	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-07-24 23:04 . 2012-07-24 23:04	--------	d-----w-	c:\users\Craig\AppData\Local\{C09C08DA-D092-11E1-8270-B8AC6F996F26}
2012-07-19 02:42 . 2012-07-19 02:42	480256	----a-w-	c:\windows\SysWow64\rzdevicedll.dll
2012-07-18 04:49 . 2012-07-18 04:49	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-07-16 02:38 . 2012-07-16 02:38	101376	----a-w-	c:\windows\system32\drivers\rzudd.sys
2012-07-16 02:32 . 2012-07-16 02:32	143360	----a-w-	c:\windows\SysWow64\rztouchdll.dll
2012-07-16 02:32 . 2012-07-16 02:32	165888	----a-w-	c:\windows\SysWow64\rzaudiodll.dll
2012-07-04 03:26 . 2012-02-10 20:01	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25615ABE-14C7-473E-AFAC-AD9D89FA1928}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 03:59 . 2012-04-04 19:01	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 03:59 . 2011-05-25 18:16	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 03:50	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 03:50	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 03:50	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 03:50	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 03:50	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 03:50	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 03:50	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 03:49	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 03:49	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2009-10-03 06:01	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-27_03.46.37   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-27 03:59	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-27 03:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-27 03:46	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 03:59	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 03:46	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 03:59	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-17 22:41 . 2012-07-27 04:14	43772              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-27 04:14	49180              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-17 12:52 . 2012-07-27 04:14	16894              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2422572306-349336893-3865425523-1000_UserData.bin
+ 2012-07-27 04:08 . 2012-07-27 04:08	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-27 03:45 . 2012-07-27 03:45	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 04:08 . 2012-07-27 04:08	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-27 03:45 . 2012-07-27 03:45	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-27 03:59 . 2012-07-27 03:59	686792              c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.exe
+ 2012-07-27 03:59 . 2012-07-27 03:59	466632              c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_ActiveX.dll
- 2012-04-04 19:01 . 2012-07-15 04:00	250056              c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-04 19:01 . 2012-07-27 03:59	250056              c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-27 03:59 . 2012-07-27 03:59	417992              c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
+ 2012-07-27 03:59 . 2012-07-27 03:59	513224              c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.dll
+ 2009-11-17 11:50 . 2012-07-27 03:59	442368              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-17 11:50 . 2012-07-26 22:08	442368              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-07-27 04:07	264200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-27 03:44	264200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-07-26 06:09	9961472              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-07-27 04:05	9961472              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-11-17 11:50 . 2012-07-26 22:08	4423680              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-17 11:50 . 2012-07-27 03:59	4423680              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 03:59	1671168              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-26 22:08	1671168              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-12 01:32 . 2012-07-27 03:44	3211313              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2422572306-349336893-3865425523-1000-12288.dat
+ 2012-05-12 01:32 . 2012-07-27 04:07	3211313              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2422572306-349336893-3865425523-1000-12288.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Steam"="z:\games\Steam\steam.exe" [2011-08-05 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-07 287536]
"F.lux"="c:\users\Craig\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Akamai NetSession Interface"="c:\users\Craig\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SPIRunE"="SPIRunE.dll" [2009-03-05 18432]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-07-01 314280]
.
c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-1-22 0]
Pandora.lnk - c:\program files (x86)\Pandora\Pandora.exe [2012-5-11 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;z:\games\Tribes_Ascend\HiPatchService.exe [2012-07-12 8704]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [2009-06-04 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-25 79360]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-08 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-06-20 10568]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-07-16 101376]
S3 SaiH8000;SaiH8000;c:\windows\system32\DRIVERS\SaiH8000.sys [2008-04-04 178560]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 639512]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 03:59]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422572306-349336893-3865425523-1000Core.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 23:50]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2422572306-349336893-3865425523-1000UA.job
- c:\users\Craig\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-10 23:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-11-10 171520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-07-27  00:16:29 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-27 04:16
ComboFix2.txt  2012-07-27 03:54
.
Pre-Run: 93,048,963,072 bytes free
Post-Run: 92,719,177,728 bytes free
.
- - End Of File - - 08CFDA61C9755A983731874BBF993317

Edited by Craig210, 29 July 2012 - 09:03 AM.


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:26 AM

Posted 29 July 2012 - 11:26 AM

very good :)

(older combofix logs are stored at C:\qoobox\combofix2.txt)

Please run the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
NEXT

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Craig210

Craig210
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 29 July 2012 - 10:16 PM

MiniToolBox by Farbar  Version: 23-07-2012
Ran by Craig (administrator) on 29-07-2012 at 22:37:01
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

127.0.0.1       localhost


=========================== Installed Programs ============================

µTorrent (Version: 1.8.3)
Activision(R) (Version: 1.00.0000)
Adobe AIR (Version: 3.3.0.3670)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.268)
Adobe Flash Player 11 Plugin (Version: 11.3.300.268)
Adobe Reader 9.4.4 (Version: 9.4.4)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Age of Conan - Hyborian Adventures
Age of Empires Online
Aion
Akamai NetSession Interface
Akamai NetSession Interface Service
Alien Swarm
AMD APP SDK Runtime (Version: 2.4.595.10)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
And Yet It Moves
Application Profiles (Version: 2.0.4273.33792)
Assassin's Creed
ATI Catalyst Install Manager (Version: 3.0.825.0)
ATI Catalyst Registration (Version: 3.00.0000)
Bandisoft MPEG-1 Decoder
Battlefield 3™ Open Beta (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 0.80.0)
BIT.TRIP RUNNER
Bitcoin (Version: 0.3.21)
Bloodline Champions Beta (Version: 0.8.2)
Blur(TM) (Version: 1.00.0000)
Borderlands
C-Media CM6501 Like Sound Driver
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Juarez: Bound in Blood
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0419.2218.38209)
Catalyst Control Center Graphics Previews Common (Version: 2011.0419.2218.38209)
Catalyst Control Center InstallProxy (Version: 2011.0419.2218.38209)
Cave Story+
ccc-utility64 (Version: 2011.0419.2218.38209)
CCC Help English (Version: 2011.0419.2217.38209)
Chains
Character Builder (Version: 1.10.0000)
Cities XL 2012
Cogs
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Counter-Strike: Source
Counter-Strike: Source Beta
Crayon Physics Deluxe
Creative ALchemy (X-Fi Edition)
Creative Audio Control Panel (Version: 3.00)
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties x64 Edition
Creative System Information
Crysis WARHEAD(R)
Crysis WARHEAD(R) (Version: 1.0)
Curse Client (Version: 5.1.1.370)
DAEMON Tools Pro (Version: 5.0.0316.0317)
Darkspore Beta
Deus Ex: Human Revolution
Diablo III (Version: 1.0.3.10235)
Diablo III Beta (Version: 0.11.0.9359)
DivX Web Player (Version: 1.5.0)
Dota 2
Dragon Age: Origins (Version: 1.02)
Dungeon Defenders
Dungeon Siege III
DUNGEONS (Version: 1.0.0.1)
Empire Earth Gold Edition
ESET Online Scanner v3
ESN Sonar (Version: 0.70.0)
EVE Online (remove only)
EVEMon (Version: 1.6.1.3611)
F.lux
Far Cry 2
FileZilla Client 3.3.0.1 (Version: 3.3.0.1)
Google Chrome (Version: 20.0.1132.57)
Google Talk Plugin (Version: 3.3.2.8436)
Gratuitous Space Battles
GTK+ Runtime 2.14.7 rev a (remove only)
Hammerfight
Heroes of Newerth (Version: 1.0.0)
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
Host OpenAL (Version: 1.00)
IP Camera DS Filter (Version: 5.5.0.0)
Jamestown
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 15 (64-bit) (Version: 6.0.150)
Java(TM) 6 Update 32 (Version: 6.0.320)
Killing Floor
King's Bounty: Armored Princess
King's Bounty: Crossworlds
King's Bounty: The Legend
League of Legends (Version: 1.0020)
Left 4 Dead
Left 4 Dead 2
Livestream Procaster (Version: 20.2.69)
Magic ISO Maker v5.5 (build 0281)
Magicka
Majesty 2: Kingmaker (Version: 1.3.336.0)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MapleStory
Master Of Magic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Home and Business 2010 - English (Version: 14.0.6114.5002)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Might and Magic Heroes VI Beta
Move Media Player
MSI Afterburner 2.2.2 (Version: 2.2.2)
Mumble 1.2.3 (Version: 1.2.3)
MySQL Server 5.1 (Version: 5.1.50)
Naga Firmware Updater 1.13 (Version: 1.13.01)
Nation Red
NCsoft Launcher (Version: 1.5.4.2)
Nexon Game Manager
NightSky
Nuclear Dawn
NVIDIA Display Control Panel (Version: 6.14.11.9745)
NVIDIA Drivers (Version: 1.10.59.37)
NVIDIA PhysX (Version: 9.10.0224)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.11.9745)
OEM Logo and Information
Opera 12.00 (Version: 12.00.1467)
Orcs Must Die!
Origin (Version: 8.2.6.475)
osu! (Version: 0.0.0.0)
Pando Media Booster (Version: 2.3.4.8)
Pandora (Version: 2.0.6)
Pidgin (Version: 2.5.6)
Plain Sight
Portal
Portal 2
PunkBuster Services (Version: 0.991)
pyfa 1.1.1 (Version: 1.1.1)
Razer Synapse 2.0 (Version: 1.3.7)
Realm Of The Titans
RIFT (Version: 0.1.10)
RIFT (Version: 1.0.0)
SAMSUNG USB Driver for Mobile Phones (Version: 1.3.550.0)
Sanctum
Shank
Sid Meier's Civilization 4 - Beyond the Sword (Version: 3.19)
Sid Meier's Civilization 4 Complete (Version: 1.74)
Sid Meier's Civilization IV Colonization (Version: 1.00)
Sid Meier's Civilization V
Skype™ 5.10 (Version: 5.10.116)
Smite Closed Beta (Version: 0.1.976.1)
Sound Blaster X-Fi (Version: 1.0)
Spiral Knights
Star Wars: The Old Republic (Version: 1.00)
StarCraft II (Version: 1.4.3.21029)
StarCraft II Beta (Version: 0.21.0.16094)
Steam (Version: 1.0.0.0)
Super Meat Boy
Super Meat Boy Editor
Super Monday Night Combat
System Requirements Lab (Version: 4.1.14.0)
Team Fortress 2
TeamSpeak 3 Client
TERA (Version: 1.21.0000)
Terraria
The Elder Scrolls V: Skyrim
The Settlers 7 - Paths to a Kingdom (Version: 1.02.1221)
The Sims™ 3 (Version: 1.32.3)
The Sims™ 3 Ambitions (Version: 4.0.87)
The Sims™ 3 Fast Lane Stuff (Version: 5.0.44)
The Sims™ 3 Generations (Version: 8.0.152)
The Sims™ 3 High-End Loft Stuff (Version: 3.0.38)
The Sims™ 3 Late Night (Version: 6.0.81)
The Sims™ 3 Master Suite Stuff (Version: 11.0.84)
The Sims™ 3 Outdoor Living Stuff (Version: 7.0.55)
The Sims™ 3 Pets (Version: 10.0.96)
The Sims™ 3 Town Life Stuff (Version: 9.0.73)
The Sims™ 3 World Adventures (Version: 2.0.86)
The Witcher Enhanced Edition (Version: 1.5)
Titan Quest
Titan Quest: Immortal Throne
Tom Clancy's Rainbow Six: Vegas 2
Torchlight (Version: 0.0.66.192)
Tribes Ascend Closed Beta (Version: 1.0.961.0)
Ubisoft Game Launcher (Version: 1.0.0.0)
v 1.0
Ventrilo Client for Windows x64 (Version: 3.0.5.0)
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR) (Version: 1.10.1002)
Vindictus
VirtualCloneDrive
VLC media player 1.0.0 (Version: 1.0.0)
VMoo Pro 1.6 (Version: Pro 1.6)
VVVVVV
Warcraft III: All Products
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR archiver
WinSCP 4.2.7 (Version: 4.2.7)
WMV9/VC-1 Video Playback (Version: 1.0.60419.2210)
World of Warcraft (Version: 5.0.1.15726)
World of Warcraft Beta (Version: 5.0.1.15762)
World of Warcraft Model Viewer 64-bit (Version: 07.01.597)
Yahoo! Detect

**** End of log ****


Farbar Service Scanner Version: 26-07-2012
Ran by Craig (administrator) on 29-07-2012 at 22:39:19
Running from "C:\Users\Craig\Downloads"
Microsoft Windows 7 Ultimate   (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy: 
========================


Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2011-03-07 01:36] - [2010-04-09 07:06] - 1898376 ____A (Microsoft Corporation) 7FC877A25796D8ADF539E64703FCA7E1

C:\Windows\System32\dnsrslvr.dll
[2009-07-13 19:21] - [2009-07-13 21:40] - 0182272 ____A (Microsoft Corporation) 676108C4E3AA6F6B34633748BD0BEBD9

C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


The ESET scan is still going after 2:30 hours so no result from that yet although there has been one thing found "HTML/fame.B.Gen virus"

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:26 AM

Posted 30 July 2012 - 08:08 AM

Please run the following:

Download the attached registry fix and save it to your desktop

double click it and allow it to merge into your registry

then delete it as you wont need it any more, please make sure once completed, that your windows update is now working as it should

[attachment=127557:bits7.reg]



NEXT


Visit ADOBE and download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.


NEXT

Your Java is out of date, so go to Start > Control Panel > Programs and Features > scroll down to the Java installation and Remove it, now download the latest Java version 7 update 5 and install it: http://java.com/en/download/index.jsp



NEXT


Please advise how your computer is running now and if there are any outstanding issues

Edited by CatByte, 30 July 2012 - 08:09 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Craig210

Craig210
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 30 July 2012 - 04:35 PM

It wouldn't let me delete one of my 2 Java updates but i installed the latest version. Other than that everything is working very well

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:26 AM

Posted 30 July 2012 - 05:35 PM

We just have some housekeeping to do now,

Please do the following:


You can delete the MiniToolBox, FarbarServiceScanner and FRST logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Craig210

Craig210
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 30 July 2012 - 05:55 PM

Everything seems to be running great thanks a lot!

My parents one computer seems to be having an issue with google redirects. Should i post that here or should i open a new thread?

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:26 AM

Posted 30 July 2012 - 06:11 PM

you can post it here?

what OS is it? If it's Vista and up, post a FRST log

if it's XP run the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Craig210

Craig210
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 02 August 2012 - 09:01 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/26/2005 7:32:08 PM
System Uptime: 8/2/2012 7:43:05 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0YC523
Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 144 GiB total, 67.31 GiB free.
D: is CDROM (CDFS)
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1
AIM 6
AOL Instant Messenger
AOLIcon
Apple Application Support
Apple Software Update
Bing Maps 3D
BlitzIn 2.7
Call of Duty® 2
Call of Duty® 2 Patch 1.3
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
Digital RAG Version 1.5
Download Updater (AOL LLC)
EducateU
ESPNMotion
FATE
GemMaster Mystic
Half-Life® 2
Half-Life: Counter-Strike
Heroes of Newerth
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IGN Download Manager 2.2.2
ImageMixer for Sony
Intel Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
iPod for Windows 2006-01-10
iSEEK AnswerWorks English Runtime
iTunes
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 9
Japanese Fonts Support For Adobe Reader 9
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java™ 6 Update 3
Java™ 6 Update 31
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
Learn2 Player (Uninstall Only)
LimeWire 4.18.8
Macromedia Flash Player
Macromedia Shockwave Player
Masque Games on aim
McAfee Shredder
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
mIRC
Modem Helper
Move Media Player
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 14.0 (x86 en-US)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Musicmatch for Windows Media Player
MyWay Search Assistant
Netscape Browser (remove only)
NetWaiting
NetZeroInstallers
Norton Security Suite
NVIDIA Drivers
NVIDIA Media Center extensions for display
Otto
PowerDVD 5.5
QuickBooks Simple Start Special Edition
QuickTime
RealArcade
RealPlayer
Roxio Easy Media Creator 7
Sandlot Games Client Services
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sony USB Driver
Spybot - Search & Destroy
Steam
Steam™
TeamSpeak 2 RC2
TurboTax 2009
TurboTax 2009 wdeiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wmdiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wdeiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmdiper
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmdiper
TurboTax 2011 wrapper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Update Rollup 2 for Windows XP Media Center Edition 2005
Ventrilo Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
Webshots Desktop
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB895198
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/1/2012 8:18:25 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/1/2012 11:09:17 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/27/2012 9:52:05 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
7/26/2012 8:28:15 AM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/26/2012 8:28:15 AM, error: Service Control Manager [7000] - The Ventrilo service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_31
Run by Dad at 9:41:22 on 2012-08-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.429 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
uDefault_Page_URL = hxxp://www.dell4me.com/myway
mDefault_Page_URL = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
uURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mbti.exe
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.4.0.12\IPSBHO.DLL
BHO: {6f4d6ad9-2080-42a7-b6b4-cec3ad83d032} - c:\windows\system32\ddccb.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.4.0.12\coIEPlg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [igndlm.exe] c:\program files\ign\download manager\DLM.exe /windowsstart /startifwork
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
Trusted Zone: intuit.com\ttlc
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://rapps.ucg.com/vdesk/terminal/f5tunsrv.cab#version=6031,2009,1010,310
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://rapps.ucg.com/vdesk/terminal/InstallerControl.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://rapps.ucg.com/vdesk/terminal/urxhost.cab#version=6031,2009,1010,304
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6E87E2A0-59AE-48A4-894F-28FC19287AA6} : DhcpNameServer = 75.75.75.75 75.75.76.76
SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dad\application data\mozilla\firefox\profiles\8db84yxv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\dad\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\dad\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\dad\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\ign\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre6\bin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmasque.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2012-4-5 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2012-4-5 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2012-4-5 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2012-4-5 116784]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2012-4-5 126400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-6-4 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-30 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20120801.001\IDSXpx86.sys [2012-8-1 369632]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20120801.037\NAVENG.SYS [2012-8-2 87928]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20120801.037\NAVEX15.SYS [2012-8-2 1589752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Time;Time Service;c:\windows\system32\mlsdf8hvnfxpnfx.exe --> c:\windows\system32\mlsdf8hvnfxpnfx.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-01 14:50:18 -------- d-----w- c:\documents and settings\dad\application data\Xeeq
2012-08-01 14:50:18 -------- d-----w- c:\documents and settings\dad\application data\Uvwamos
2012-07-04 18:47:04 -------- d-----w- c:\documents and settings\dad\local settings\application data\Thunderbird
.
==================== Find3M ====================
.
2012-07-27 15:25:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 15:25:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll
2008-07-02 19:34:27 774144 ----a-w- c:\program files\RngInterstitial.dll
.
============= FINISH: 9:43:15.10 ===============


aswMBR is now running a scan

#12 Craig210

Craig210
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 02 August 2012 - 09:22 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-02 09:49:24
-----------------------------
09:49:24.830 OS Version: Windows 5.1.2600 Service Pack 3
09:49:24.830 Number of processors: 2 586 0x404
09:49:24.830 ComputerName: DH9MSP81 UserName: Dad
09:49:25.971 Initialize success
09:51:45.637 AVAST engine defs: 12080200
09:52:02.841 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:52:02.857 Disk 0 Vendor: ST316002 8.12 Size: 152587MB BusType: 3
09:52:02.857 Disk 0 MBR read successfully
09:52:02.857 Disk 0 MBR scan
09:52:02.888 Disk 0 unknown MBR code
09:52:02.888 Disk 0 MBR hidden
09:52:02.888 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
09:52:02.919 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 147785 MB offset 96390
09:52:02.951 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 4753 MB offset 302760990
09:52:02.951 Disk 0 scanning sectors +312496380
09:52:03.013 Disk 0 scanning C:\WINDOWS\system32\drivers
09:52:56.314 Service scanning
09:53:23.519 Modules scanning
09:53:32.863 Disk 0 trace - called modules:
09:53:32.863 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89a6d4b1]<<
09:53:32.879 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a581ab8]
09:53:32.879 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x89a7d190]
09:53:32.879 \Driver\iastor[0x89c197a0] -> IRP_MJ_CREATE -> 0x89a6d4b1
09:53:33.504 AVAST engine scan C:\WINDOWS
09:53:58.865 AVAST engine scan C:\WINDOWS\system32
09:58:49.430 AVAST engine scan C:\WINDOWS\system32\drivers
09:59:19.010 AVAST engine scan C:\Documents and Settings\Dad
10:03:07.976 AVAST engine scan C:\Documents and Settings\All Users
10:06:48.348 Scan finished successfully
10:15:55.440 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dad\My Documents\MBR.dat"
10:15:55.440 The log file has been saved successfully to "C:\Documents and Settings\Dad\My Documents\aswMBR.txt"

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:26 AM

Posted 02 August 2012 - 11:07 AM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 Craig210

Craig210
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 02 August 2012 - 04:19 PM

12:16:49.0515 1728 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:16:51.0515 1728 ============================================================
12:16:51.0515 1728 Current date / time: 2012/08/02 12:16:51.0515
12:16:51.0515 1728 SystemInfo:
12:16:51.0515 1728
12:16:51.0515 1728 OS Version: 5.1.2600 ServicePack: 3.0
12:16:51.0515 1728 Product type: Workstation
12:16:51.0515 1728 ComputerName: DH9MSP81
12:16:51.0531 1728 UserName: Dad
12:16:51.0531 1728 Windows directory: C:\WINDOWS
12:16:51.0531 1728 System windows directory: C:\WINDOWS
12:16:51.0531 1728 Processor architecture: Intel x86
12:16:51.0531 1728 Number of processors: 2
12:16:51.0531 1728 Page size: 0x1000
12:16:51.0531 1728 Boot type: Normal boot
12:16:51.0531 1728 ============================================================
12:16:52.0484 1728 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:16:52.0531 1728 ============================================================
12:16:52.0531 1728 \Device\Harddisk0\DR0:
12:16:52.0531 1728 MBR partitions:
12:16:52.0531 1728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x120A4B98
12:16:52.0531 1728 ============================================================
12:16:52.0578 1728 C: <-> \Device\Harddisk0\DR0\Partition0
12:16:52.0578 1728 ============================================================
12:16:52.0578 1728 Initialize success
12:16:52.0578 1728 ============================================================
12:17:41.0890 2644 ============================================================
12:17:41.0890 2644 Scan started
12:17:41.0890 2644 Mode: Manual; TDLFS;
12:17:41.0890 2644 ============================================================
12:17:42.0171 2644 Abiosdsk - ok
12:17:42.0187 2644 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:17:42.0218 2644 abp480n5 - ok
12:17:42.0250 2644 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:17:42.0265 2644 ACPI - ok
12:17:42.0281 2644 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:17:42.0312 2644 ACPIEC - ok
12:17:42.0375 2644 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:17:42.0390 2644 AdobeFlashPlayerUpdateSvc - ok
12:17:42.0421 2644 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:17:42.0437 2644 adpu160m - ok
12:17:42.0453 2644 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:17:42.0468 2644 aec - ok
12:17:42.0515 2644 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
12:17:42.0531 2644 AFD - ok
12:17:42.0531 2644 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:17:42.0546 2644 agp440 - ok
12:17:42.0562 2644 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:17:42.0562 2644 agpCPQ - ok
12:17:42.0578 2644 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:17:42.0578 2644 Aha154x - ok
12:17:42.0593 2644 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:17:42.0593 2644 aic78u2 - ok
12:17:42.0609 2644 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:17:42.0609 2644 aic78xx - ok
12:17:42.0625 2644 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
12:17:42.0656 2644 Alerter - ok
12:17:42.0687 2644 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
12:17:42.0687 2644 ALG - ok
12:17:42.0718 2644 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:17:42.0734 2644 AliIde - ok
12:17:42.0750 2644 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:17:42.0765 2644 alim1541 - ok
12:17:42.0781 2644 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:17:42.0781 2644 amdagp - ok
12:17:42.0812 2644 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:17:42.0812 2644 amsint - ok
12:17:42.0828 2644 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
12:17:42.0859 2644 AppMgmt - ok
12:17:42.0890 2644 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:17:42.0890 2644 asc - ok
12:17:42.0906 2644 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:17:42.0906 2644 asc3350p - ok
12:17:42.0921 2644 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:17:42.0921 2644 asc3550 - ok
12:17:43.0015 2644 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
12:17:43.0015 2644 aspnet_state - ok
12:17:43.0062 2644 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:17:43.0062 2644 AsyncMac - ok
12:17:43.0109 2644 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:17:43.0109 2644 atapi - ok
12:17:43.0125 2644 Atdisk - ok
12:17:43.0140 2644 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:17:43.0140 2644 Atmarpc - ok
12:17:43.0187 2644 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
12:17:43.0187 2644 AudioSrv - ok
12:17:43.0203 2644 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:17:43.0203 2644 audstub - ok
12:17:43.0234 2644 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:17:43.0234 2644 Beep - ok
12:17:43.0515 2644 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
12:17:43.0562 2644 BHDrvx86 - ok
12:17:43.0640 2644 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
12:17:43.0656 2644 BITS - ok
12:17:43.0703 2644 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
12:17:43.0703 2644 Browser - ok
12:17:43.0734 2644 bvrp_pci - ok
12:17:43.0765 2644 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:17:43.0765 2644 cbidf - ok
12:17:43.0781 2644 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:17:43.0781 2644 cbidf2k - ok
12:17:43.0796 2644 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:17:43.0796 2644 CCDECODE - ok
12:17:43.0906 2644 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\WINDOWS\system32\drivers\N360\0404000.00C\ccHPx86.sys
12:17:43.0921 2644 ccHP - ok
12:17:43.0953 2644 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:17:43.0953 2644 cd20xrnt - ok
12:17:43.0984 2644 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:17:43.0984 2644 Cdaudio - ok
12:17:44.0015 2644 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:17:44.0015 2644 Cdfs - ok
12:17:44.0046 2644 Cdr4_xp (7bb548f646500f735fa8320d29830d2a) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
12:17:44.0046 2644 Cdr4_xp - ok
12:17:44.0078 2644 Cdralw2k (5e839ae76fdb359f3d2c2ed6345f23a3) C:\WINDOWS\system32\drivers\Cdralw2k.sys
12:17:44.0093 2644 Cdralw2k - ok
12:17:44.0109 2644 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:17:44.0109 2644 Cdrom - ok
12:17:44.0156 2644 cdudf_xp (849e1e16288133f4aa412b2ff6813197) C:\WINDOWS\system32\drivers\cdudf_xp.sys
12:17:44.0171 2644 cdudf_xp - ok
12:17:44.0171 2644 Changer - ok
12:17:44.0203 2644 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
12:17:44.0218 2644 CiSvc - ok
12:17:44.0250 2644 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
12:17:44.0265 2644 ClipSrv - ok
12:17:44.0359 2644 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:17:44.0375 2644 clr_optimization_v2.0.50727_32 - ok
12:17:44.0421 2644 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:17:44.0437 2644 clr_optimization_v4.0.30319_32 - ok
12:17:44.0468 2644 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:17:44.0484 2644 CmdIde - ok
12:17:44.0484 2644 COMSysApp - ok
12:17:44.0515 2644 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:17:44.0531 2644 Cpqarray - ok
12:17:44.0562 2644 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
12:17:44.0562 2644 CryptSvc - ok
12:17:44.0593 2644 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:17:44.0609 2644 dac2w2k - ok
12:17:44.0625 2644 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:17:44.0640 2644 dac960nt - ok
12:17:44.0687 2644 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:17:44.0718 2644 DcomLaunch - ok
12:17:44.0734 2644 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
12:17:44.0750 2644 Dhcp - ok
12:17:44.0765 2644 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:17:44.0765 2644 Disk - ok
12:17:44.0765 2644 dmadmin - ok
12:17:44.0828 2644 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:17:44.0906 2644 dmboot - ok
12:17:44.0953 2644 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:17:44.0953 2644 dmio - ok
12:17:44.0953 2644 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:17:44.0953 2644 dmload - ok
12:17:45.0000 2644 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
12:17:45.0000 2644 dmserver - ok
12:17:45.0031 2644 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:17:45.0031 2644 DMusic - ok
12:17:45.0062 2644 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
12:17:45.0062 2644 Dnscache - ok
12:17:45.0109 2644 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
12:17:45.0171 2644 Dot3svc - ok
12:17:45.0203 2644 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
12:17:45.0234 2644 dot4 - ok
12:17:45.0265 2644 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
12:17:45.0296 2644 Dot4Print - ok
12:17:45.0312 2644 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
12:17:45.0312 2644 dot4usb - ok
12:17:45.0328 2644 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:17:45.0328 2644 dpti2o - ok
12:17:45.0359 2644 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:17:45.0359 2644 drmkaud - ok
12:17:45.0390 2644 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
12:17:45.0406 2644 drvmcdb - ok
12:17:45.0406 2644 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
12:17:45.0406 2644 drvnddm - ok
12:17:45.0515 2644 DSBrokerService (fe80901578e7e3da70299a5aeb2b7fbd) C:\Program Files\DellSupport\brkrsvc.exe
12:17:45.0531 2644 DSBrokerService - ok
12:17:45.0578 2644 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
12:17:45.0578 2644 DSproct - ok
12:17:45.0593 2644 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
12:17:45.0593 2644 dsunidrv - ok
12:17:45.0625 2644 DVDVRRdr_xp (b930b8d83996fadecc3b24f4f91207fe) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys
12:17:45.0625 2644 DVDVRRdr_xp - ok
12:17:45.0671 2644 dvd_2K (a85194c160f9c4d0ad8a87321738304a) C:\WINDOWS\system32\drivers\dvd_2K.sys
12:17:45.0671 2644 dvd_2K - ok
12:17:45.0703 2644 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
12:17:45.0718 2644 E100B - ok
12:17:45.0734 2644 e1express (0849eacdc01487573add86f5e470806c) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:17:45.0750 2644 e1express - ok
12:17:45.0765 2644 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
12:17:45.0781 2644 EapHost - ok
12:17:45.0875 2644 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:17:45.0890 2644 eeCtrl - ok
12:17:45.0921 2644 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:17:45.0921 2644 EraserUtilRebootDrv - ok
12:17:45.0953 2644 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
12:17:45.0984 2644 ERSvc - ok
12:17:46.0015 2644 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:17:46.0015 2644 Eventlog - ok
12:17:46.0062 2644 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
12:17:46.0078 2644 EventSystem - ok
12:17:46.0140 2644 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:17:46.0156 2644 Fastfat - ok
12:17:46.0187 2644 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:17:46.0203 2644 FastUserSwitchingCompatibility - ok
12:17:46.0265 2644 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
12:17:46.0281 2644 Fax - ok
12:17:46.0312 2644 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
12:17:46.0312 2644 Fdc - ok
12:17:46.0328 2644 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:17:46.0343 2644 Fips - ok
12:17:46.0359 2644 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
12:17:46.0359 2644 Flpydisk - ok
12:17:46.0406 2644 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
12:17:46.0421 2644 FltMgr - ok
12:17:46.0546 2644 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:17:46.0546 2644 FontCache3.0.0.0 - ok
12:17:46.0562 2644 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:17:46.0562 2644 Fs_Rec - ok
12:17:46.0609 2644 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:17:46.0625 2644 Ftdisk - ok
12:17:46.0656 2644 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
12:17:46.0687 2644 GEARAspiWDM - ok
12:17:46.0718 2644 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:17:46.0718 2644 Gpc - ok
12:17:46.0750 2644 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:17:46.0750 2644 HDAudBus - ok
12:17:46.0796 2644 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:17:46.0828 2644 helpsvc - ok
12:17:46.0859 2644 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
12:17:46.0859 2644 HidServ - ok
12:17:46.0875 2644 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:17:46.0890 2644 HidUsb - ok
12:17:46.0921 2644 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
12:17:46.0953 2644 hkmsvc - ok
12:17:46.0984 2644 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:17:47.0000 2644 hpn - ok
12:17:47.0031 2644 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
12:17:47.0046 2644 HSFHWBS2 - ok
12:17:47.0125 2644 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
12:17:47.0187 2644 HSF_DP - ok
12:17:47.0250 2644 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:17:47.0265 2644 HTTP - ok
12:17:47.0296 2644 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
12:17:47.0328 2644 HTTPFilter - ok
12:17:47.0343 2644 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:17:47.0343 2644 i2omgmt - ok
12:17:47.0359 2644 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:17:47.0359 2644 i2omp - ok
12:17:47.0375 2644 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:17:47.0390 2644 i8042prt - ok
12:17:47.0484 2644 IAANTMon (d43e91e271c041bb86a6223462a41d28) C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
12:17:47.0500 2644 IAANTMon - ok
12:17:47.0546 2644 iastor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\drivers\iastor.sys
12:17:47.0546 2644 iastor - ok
12:17:47.0656 2644 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:17:47.0687 2644 IDriverT - ok
12:17:47.0859 2644 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:17:47.0906 2644 idsvc - ok
12:17:48.0218 2644 IDSxpx86 (eeebf3616db90124c1c57019d39aa9a2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120801.001\IDSxpx86.sys
12:17:48.0234 2644 IDSxpx86 - ok
12:17:48.0328 2644 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:17:48.0328 2644 Imapi - ok
12:17:48.0359 2644 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
12:17:48.0406 2644 ImapiService - ok
12:17:48.0421 2644 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:17:48.0421 2644 ini910u - ok
12:17:48.0437 2644 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:17:48.0437 2644 IntelIde - ok
12:17:48.0453 2644 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:17:48.0453 2644 intelppm - ok
12:17:48.0578 2644 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
12:17:48.0578 2644 IntuitUpdateService - ok
12:17:48.0625 2644 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
12:17:48.0625 2644 IntuitUpdateServiceV4 - ok
12:17:48.0640 2644 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
12:17:48.0640 2644 Ip6Fw - ok
12:17:48.0656 2644 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:17:48.0656 2644 IpFilterDriver - ok
12:17:48.0703 2644 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:17:48.0703 2644 IpInIp - ok
12:17:48.0718 2644 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:17:48.0734 2644 IpNat - ok
12:17:48.0781 2644 iPodService (4b532ad0d7614f701f2d29355d6321fb) C:\Program Files\iPod\bin\iPodService.exe
12:17:48.0812 2644 iPodService - ok
12:17:48.0812 2644 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:17:48.0812 2644 IPSec - ok
12:17:48.0843 2644 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:17:48.0843 2644 IRENUM - ok
12:17:48.0875 2644 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:17:48.0875 2644 isapnp - ok
12:17:48.0984 2644 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
12:17:49.0000 2644 JavaQuickStarterService - ok
12:17:49.0015 2644 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:17:49.0046 2644 Kbdclass - ok
12:17:49.0062 2644 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:17:49.0093 2644 kbdhid - ok
12:17:49.0140 2644 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:17:49.0140 2644 kmixer - ok
12:17:49.0203 2644 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:17:49.0203 2644 KSecDD - ok
12:17:49.0250 2644 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
12:17:49.0265 2644 lanmanserver - ok
12:17:49.0296 2644 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
12:17:49.0312 2644 lanmanworkstation - ok
12:17:49.0312 2644 lbrtfdc - ok
12:17:49.0359 2644 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
12:17:49.0359 2644 LmHosts - ok
12:17:49.0375 2644 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
12:17:49.0375 2644 MASPINT - ok
12:17:49.0406 2644 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:17:49.0406 2644 mdmxsdk - ok
12:17:49.0437 2644 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
12:17:49.0484 2644 Messenger - ok
12:17:49.0515 2644 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
12:17:49.0546 2644 MHN - ok
12:17:49.0578 2644 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
12:17:49.0578 2644 MHNDRV - ok
12:17:49.0625 2644 mmc_2K (c032e945b949921f4e85d9c255dd99a7) C:\WINDOWS\system32\drivers\mmc_2K.sys
12:17:49.0656 2644 mmc_2K - ok
12:17:49.0703 2644 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:17:49.0703 2644 mnmdd - ok
12:17:49.0734 2644 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
12:17:49.0750 2644 mnmsrvc - ok
12:17:49.0765 2644 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:17:49.0765 2644 Modem - ok
12:17:49.0781 2644 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
12:17:49.0781 2644 MODEMCSA - ok
12:17:49.0796 2644 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:17:49.0796 2644 Mouclass - ok
12:17:49.0812 2644 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:17:49.0828 2644 mouhid - ok
12:17:49.0859 2644 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:17:49.0859 2644 MountMgr - ok
12:17:49.0906 2644 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:17:49.0968 2644 MozillaMaintenance - ok
12:17:49.0984 2644 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:17:49.0984 2644 mraid35x - ok
12:17:50.0015 2644 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:17:50.0015 2644 MRxDAV - ok
12:17:50.0078 2644 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:17:50.0093 2644 MRxSmb - ok
12:17:50.0125 2644 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
12:17:50.0156 2644 MSDTC - ok
12:17:50.0171 2644 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:17:50.0171 2644 Msfs - ok
12:17:50.0187 2644 MSIServer - ok
12:17:50.0187 2644 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:17:50.0187 2644 MSKSSRV - ok
12:17:50.0218 2644 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:17:50.0218 2644 MSPCLOCK - ok
12:17:50.0234 2644 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:17:50.0234 2644 MSPQM - ok
12:17:50.0265 2644 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:17:50.0265 2644 mssmbios - ok
12:17:50.0296 2644 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:17:50.0296 2644 MSTEE - ok
12:17:50.0312 2644 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:17:50.0312 2644 Mup - ok
12:17:50.0406 2644 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
12:17:50.0406 2644 N360 - ok
12:17:50.0421 2644 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:17:50.0437 2644 NABTSFEC - ok
12:17:50.0484 2644 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
12:17:50.0531 2644 napagent - ok
12:17:50.0750 2644 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120801.037\NAVENG.SYS
12:17:50.0796 2644 NAVENG - ok
12:17:50.0906 2644 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120801.037\NAVEX15.SYS
12:17:51.0015 2644 NAVEX15 - ok
12:17:51.0171 2644 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:17:51.0171 2644 NDIS - ok
12:17:51.0203 2644 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:17:51.0203 2644 NdisIP - ok
12:17:51.0234 2644 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:17:51.0250 2644 NdisTapi - ok
12:17:51.0265 2644 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:17:51.0265 2644 Ndisuio - ok
12:17:51.0296 2644 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:17:51.0296 2644 NdisWan - ok
12:17:51.0328 2644 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:17:51.0343 2644 NDProxy - ok
12:17:51.0375 2644 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:17:51.0375 2644 NetBIOS - ok
12:17:51.0406 2644 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:17:51.0421 2644 NetBT - ok
12:17:51.0468 2644 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:17:51.0500 2644 NetDDE - ok
12:17:51.0500 2644 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
12:17:51.0515 2644 NetDDEdsdm - ok
12:17:51.0531 2644 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:17:51.0531 2644 Netlogon - ok
12:17:51.0562 2644 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
12:17:51.0578 2644 Netman - ok
12:17:51.0703 2644 NetSvc (9da26b773bd04b867a8e9f427cd048fc) C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
12:17:51.0750 2644 NetSvc - ok
12:17:51.0890 2644 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:17:51.0890 2644 NetTcpPortSharing - ok
12:17:51.0937 2644 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
12:17:51.0953 2644 Nla - ok
12:17:52.0000 2644 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:17:52.0000 2644 Npfs - ok
12:17:52.0078 2644 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:17:52.0109 2644 Ntfs - ok
12:17:52.0140 2644 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:17:52.0140 2644 NtLmSsp - ok
12:17:52.0203 2644 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
12:17:52.0312 2644 NtmsSvc - ok
12:17:52.0328 2644 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:17:52.0328 2644 Null - ok
12:17:52.0531 2644 nv (55310bbf289cdc07d1a8bdbe3432abbf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:17:52.0671 2644 nv - ok
12:17:52.0750 2644 NVSvc (5705d065b450f03ec0743e601941ddfa) C:\WINDOWS\system32\nvsvc32.exe
12:17:52.0765 2644 NVSvc - ok
12:17:52.0796 2644 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:17:52.0796 2644 NwlnkFlt - ok
12:17:52.0796 2644 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:17:52.0812 2644 NwlnkFwd - ok
12:17:52.0859 2644 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:17:52.0906 2644 ose - ok
12:17:52.0937 2644 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
12:17:52.0953 2644 Parport - ok
12:17:52.0968 2644 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:17:52.0968 2644 PartMgr - ok
12:17:53.0000 2644 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:17:53.0000 2644 ParVdm - ok
12:17:53.0015 2644 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:17:53.0015 2644 PCI - ok
12:17:53.0015 2644 PCIDump - ok
12:17:53.0031 2644 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:17:53.0031 2644 PCIIde - ok
12:17:53.0046 2644 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:17:53.0078 2644 Pcmcia - ok
12:17:53.0078 2644 PDCOMP - ok
12:17:53.0078 2644 PDFRAME - ok
12:17:53.0093 2644 PDRELI - ok
12:17:53.0093 2644 PDRFRAME - ok
12:17:53.0109 2644 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:17:53.0125 2644 perc2 - ok
12:17:53.0140 2644 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:17:53.0140 2644 perc2hib - ok
12:17:53.0171 2644 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
12:17:53.0171 2644 PlugPlay - ok
12:17:53.0218 2644 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:17:53.0218 2644 PolicyAgent - ok
12:17:53.0234 2644 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:17:53.0250 2644 PptpMiniport - ok
12:17:53.0250 2644 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:17:53.0250 2644 ProtectedStorage - ok
12:17:53.0281 2644 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:17:53.0281 2644 PSched - ok
12:17:53.0296 2644 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:17:53.0296 2644 Ptilink - ok
12:17:53.0328 2644 pwd_2k (1729bcde0e2fdd3f2eb8474e6e83913a) C:\WINDOWS\system32\drivers\pwd_2k.sys
12:17:53.0328 2644 pwd_2k - ok
12:17:53.0359 2644 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:17:53.0359 2644 PxHelp20 - ok
12:17:53.0390 2644 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:17:53.0406 2644 ql1080 - ok
12:17:53.0421 2644 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:17:53.0421 2644 Ql10wnt - ok
12:17:53.0468 2644 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:17:53.0468 2644 ql12160 - ok
12:17:53.0484 2644 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:17:53.0484 2644 ql1240 - ok
12:17:53.0500 2644 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:17:53.0500 2644 ql1280 - ok
12:17:53.0531 2644 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:17:53.0531 2644 RasAcd - ok
12:17:53.0562 2644 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
12:17:53.0625 2644 RasAuto - ok
12:17:53.0640 2644 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:17:53.0640 2644 Rasl2tp - ok
12:17:53.0718 2644 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
12:17:53.0718 2644 RasMan - ok
12:17:53.0750 2644 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:17:53.0750 2644 RasPppoe - ok
12:17:53.0765 2644 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:17:53.0765 2644 Raspti - ok
12:17:53.0796 2644 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:17:53.0812 2644 Rdbss - ok
12:17:53.0828 2644 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:17:53.0828 2644 RDPCDD - ok
12:17:53.0859 2644 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:17:53.0890 2644 rdpdr - ok
12:17:53.0953 2644 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
12:17:54.0000 2644 RDPWD - ok
12:17:54.0125 2644 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
12:17:54.0156 2644 RDSessMgr - ok
12:17:54.0171 2644 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:17:54.0187 2644 redbook - ok
12:17:54.0218 2644 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
12:17:54.0250 2644 RemoteAccess - ok
12:17:54.0296 2644 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
12:17:54.0312 2644 RemoteRegistry - ok
12:17:54.0359 2644 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
12:17:54.0375 2644 RpcLocator - ok
12:17:54.0437 2644 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
12:17:54.0437 2644 RpcSs - ok
12:17:54.0484 2644 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
12:17:54.0531 2644 RSVP - ok
12:17:54.0578 2644 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
12:17:54.0578 2644 SamSs - ok
12:17:54.0609 2644 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
12:17:54.0656 2644 SCardSvr - ok
12:17:54.0671 2644 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
12:17:54.0687 2644 Schedule - ok
12:17:54.0718 2644 SDDMI2 (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
12:17:54.0734 2644 SDDMI2 - ok
12:17:54.0765 2644 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:17:54.0765 2644 Secdrv - ok
12:17:54.0796 2644 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
12:17:54.0796 2644 seclogon - ok
12:17:54.0828 2644 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
12:17:54.0828 2644 SENS - ok
12:17:54.0875 2644 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:17:54.0875 2644 serenum - ok
12:17:54.0890 2644 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
12:17:54.0890 2644 Serial - ok
12:17:54.0937 2644 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:17:54.0937 2644 Sfloppy - ok
12:17:54.0984 2644 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:17:54.0984 2644 ShellHWDetection - ok
12:17:55.0000 2644 Simbad - ok
12:17:55.0031 2644 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:17:55.0046 2644 sisagp - ok
12:17:55.0062 2644 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:17:55.0078 2644 SLIP - ok
12:17:55.0109 2644 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
12:17:55.0140 2644 sonypvs1 - ok
12:17:55.0156 2644 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:17:55.0171 2644 Sparrow - ok
12:17:55.0187 2644 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:17:55.0187 2644 splitter - ok
12:17:55.0234 2644 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
12:17:55.0234 2644 Spooler - ok
12:17:55.0359 2644 sprtsvc_dellsupportcenter - ok
12:17:55.0390 2644 spupdsvc (5329079d8726de34a58c2ef0bd2ac8b9) C:\WINDOWS\system32\spupdsvc.exe
12:17:55.0406 2644 spupdsvc - ok
12:17:55.0437 2644 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:17:55.0453 2644 sr - ok
12:17:55.0500 2644 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
12:17:55.0500 2644 srservice - ok
12:17:55.0593 2644 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0404000.00C\SRTSP.SYS
12:17:55.0625 2644 SRTSP - ok
12:17:55.0640 2644 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0404000.00C\SRTSPX.SYS
12:17:55.0656 2644 SRTSPX - ok
12:17:55.0703 2644 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:17:55.0718 2644 Srv - ok
12:17:55.0750 2644 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
12:17:55.0750 2644 sscdbhk5 - ok
12:17:55.0765 2644 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
12:17:55.0781 2644 SSDPSRV - ok
12:17:55.0781 2644 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
12:17:55.0781 2644 ssrtln - ok
12:17:55.0828 2644 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys
12:17:55.0875 2644 STHDA - ok
12:17:55.0921 2644 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
12:17:55.0953 2644 stisvc - ok
12:17:55.0968 2644 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:17:55.0968 2644 streamip - ok
12:17:56.0015 2644 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:17:56.0015 2644 swenum - ok
12:17:56.0031 2644 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:17:56.0031 2644 swmidi - ok
12:17:56.0046 2644 SwPrv - ok
12:17:56.0078 2644 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:17:56.0078 2644 symc810 - ok
12:17:56.0093 2644 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:17:56.0093 2644 symc8xx - ok
12:17:56.0140 2644 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMDS.SYS
12:17:56.0187 2644 SymDS - ok
12:17:56.0234 2644 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\WINDOWS\system32\drivers\N360\0404000.00C\SYMEFA.SYS
12:17:56.0265 2644 SymEFA - ok
12:17:56.0359 2644 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
12:17:56.0390 2644 SymEvent - ok
12:17:56.0421 2644 SymIM (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:17:56.0437 2644 SymIM - ok
12:17:56.0453 2644 SymIMMP (fcde811209f6e05720676effa36e9a38) C:\WINDOWS\system32\DRIVERS\SymIM.sys
12:17:56.0453 2644 SymIMMP - ok
12:17:56.0468 2644 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0404000.00C\Ironx86.SYS
12:17:56.0484 2644 SymIRON - ok
12:17:56.0515 2644 SYMTDI (be6de8fbf2df9f13a90b8b6e943871b7) C:\WINDOWS\System32\Drivers\N360\0404000.00C\SYMTDI.SYS
12:17:56.0531 2644 SYMTDI - ok
12:17:56.0546 2644 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:17:56.0546 2644 sym_hi - ok
12:17:56.0562 2644 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:17:56.0562 2644 sym_u3 - ok
12:17:56.0593 2644 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:17:56.0609 2644 sysaudio - ok
12:17:56.0656 2644 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
12:17:56.0687 2644 SysmonLog - ok
12:17:56.0734 2644 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
12:17:56.0750 2644 TapiSrv - ok
12:17:56.0796 2644 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:17:56.0812 2644 Tcpip - ok
12:17:56.0843 2644 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:17:56.0843 2644 TDPIPE - ok
12:17:56.0875 2644 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:17:56.0906 2644 TDTCP - ok
12:17:56.0921 2644 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:17:56.0937 2644 TermDD - ok
12:17:56.0984 2644 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
12:17:57.0000 2644 TermService - ok
12:17:57.0062 2644 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
12:17:57.0062 2644 tfsnboio - ok
12:17:57.0078 2644 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
12:17:57.0078 2644 tfsncofs - ok
12:17:57.0078 2644 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
12:17:57.0078 2644 tfsndrct - ok
12:17:57.0125 2644 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
12:17:57.0125 2644 tfsndres - ok
12:17:57.0140 2644 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
12:17:57.0156 2644 tfsnifs - ok
12:17:57.0156 2644 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
12:17:57.0156 2644 tfsnopio - ok
12:17:57.0156 2644 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
12:17:57.0156 2644 tfsnpool - ok
12:17:57.0171 2644 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
12:17:57.0171 2644 tfsnudf - ok
12:17:57.0187 2644 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
12:17:57.0187 2644 tfsnudfa - ok
12:17:57.0203 2644 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
12:17:57.0203 2644 Themes - ok
12:17:57.0218 2644 Time - ok
12:17:57.0281 2644 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
12:17:57.0296 2644 TlntSvr - ok
12:17:57.0312 2644 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:17:57.0312 2644 TosIde - ok
12:17:57.0375 2644 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
12:17:57.0390 2644 TrkWks - ok
12:17:57.0437 2644 UDFReadr (14826dbde814e4c4ebd2a0e826596f54) C:\WINDOWS\system32\drivers\UDFReadr.sys
12:17:57.0453 2644 UDFReadr - ok
12:17:57.0468 2644 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:17:57.0468 2644 Udfs - ok
12:17:57.0500 2644 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:17:57.0515 2644 ultra - ok
12:17:57.0562 2644 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:17:57.0578 2644 Update - ok
12:17:57.0625 2644 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
12:17:57.0640 2644 upnphost - ok
12:17:57.0671 2644 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
12:17:57.0687 2644 UPS - ok
12:17:57.0718 2644 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:17:57.0718 2644 usbaudio - ok
12:17:57.0750 2644 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:17:57.0750 2644 usbccgp - ok
12:17:57.0781 2644 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:17:57.0781 2644 usbehci - ok
12:17:57.0812 2644 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:17:57.0812 2644 usbhub - ok
12:17:57.0828 2644 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:17:57.0828 2644 USBSTOR - ok
12:17:57.0843 2644 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:17:57.0843 2644 usbuhci - ok
12:17:57.0890 2644 Ventrilo - ok
12:17:57.0906 2644 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:17:57.0906 2644 VgaSave - ok
12:17:57.0921 2644 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:17:57.0937 2644 viaagp - ok
12:17:57.0968 2644 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:17:57.0968 2644 ViaIde - ok
12:17:58.0015 2644 Viewpoint Manager Service (d622530829e35d75526a814375eebcfd) C:\Program Files\Viewpoint\Common\ViewpointService.exe
12:17:58.0031 2644 Viewpoint Manager Service - ok
12:17:58.0046 2644 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:17:58.0046 2644 VolSnap - ok
12:17:58.0093 2644 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
12:17:58.0125 2644 VSS - ok
12:17:58.0156 2644 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
12:17:58.0171 2644 w32time - ok
12:17:58.0203 2644 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:17:58.0218 2644 Wanarp - ok
12:17:58.0218 2644 wanatw - ok
12:17:58.0218 2644 WDICA - ok
12:17:58.0250 2644 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:17:58.0250 2644 wdmaud - ok
12:17:58.0296 2644 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
12:17:58.0296 2644 WebClient - ok
12:17:58.0375 2644 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
12:17:58.0421 2644 winachsf - ok
12:17:58.0515 2644 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
12:17:58.0515 2644 winmgmt - ok
12:17:58.0562 2644 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
12:17:58.0578 2644 WmdmPmSN - ok
12:17:58.0656 2644 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
12:17:58.0703 2644 Wmi - ok
12:17:58.0750 2644 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
12:17:58.0781 2644 WmiApSrv - ok
12:17:58.0921 2644 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
12:17:58.0984 2644 WMPNetworkSvc - ok
12:17:59.0156 2644 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:17:59.0203 2644 WPFFontCache_v0400 - ok
12:17:59.0312 2644 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:17:59.0312 2644 WS2IFSL - ok
12:17:59.0328 2644 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:17:59.0343 2644 WSTCODEC - ok
12:17:59.0375 2644 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
12:17:59.0390 2644 wuauserv - ok
12:17:59.0421 2644 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:17:59.0421 2644 WudfPf - ok
12:17:59.0453 2644 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:17:59.0453 2644 WudfRd - ok
12:17:59.0468 2644 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
12:17:59.0500 2644 WudfSvc - ok
12:17:59.0562 2644 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
12:17:59.0609 2644 WZCSVC - ok
12:17:59.0625 2644 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
12:17:59.0671 2644 xmlprov - ok
12:17:59.0703 2644 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
12:17:59.0734 2644 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:17:59.0734 2644 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:17:59.0781 2644 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
12:17:59.0781 2644 \Device\Harddisk0\DR0 - detected TDSS File System (1)
12:17:59.0812 2644 Boot (0x1200) (01b2928406090d5bb4408a576dcb94c8) \Device\Harddisk0\DR0\Partition0
12:17:59.0812 2644 \Device\Harddisk0\DR0\Partition0 - ok
12:17:59.0812 2644 ============================================================
12:17:59.0812 2644 Scan finished
12:17:59.0812 2644 ============================================================
12:17:59.0812 2276 Detected object count: 2
12:17:59.0812 2276 Actual detected object count: 2
12:19:41.0312 2276 \Device\Harddisk0\DR0\# - copied to quarantine
12:19:41.0328 2276 \Device\Harddisk0\DR0 - copied to quarantine
12:19:41.0375 2276 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:19:41.0390 2276 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:19:41.0406 2276 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:19:41.0421 2276 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
12:19:42.0171 2276 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
12:19:42.0203 2276 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:19:43.0234 2276 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:19:43.0265 2276 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:19:43.0281 2276 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:19:43.0296 2276 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:19:43.0296 2276 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:19:43.0328 2276 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:19:43.0359 2276 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:19:43.0375 2276 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:19:43.0390 2276 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:19:43.0421 2276 \Device\Harddisk0\DR0 - ok
12:19:44.0562 2276 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:19:44.0578 2276 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
12:19:44.0578 2276 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
12:20:04.0515 3932 Deinitialize success

#15 Craig210

Craig210
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 02 August 2012 - 04:20 PM

ComboFix 12-07-31.03 - Dad 08/02/2012 12:46:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1348 [GMT -4:00]
Running from: c:\documents and settings\Dad\My Documents\Downloads\ComboFix.exe
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\Dad\My Documents\~WRL0003.tmp
c:\documents and settings\Dad\My Documents\~WRL0005.tmp
c:\documents and settings\NetworkService\0.6055080457316839.exe
c:\program files\MyWaySA
c:\program files\vsadd-in
c:\windows\system32\bccdd.bak1
c:\windows\system32\bccdd.bak2
c:\windows\system32\bccdd.ini
c:\windows\system32\dhlseonl.ini
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\vuyfuanl.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 16:19 . 2012-08-02 16:19 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 14:50 . 2012-08-01 14:54 -------- d-----w- c:\documents and settings\Dad\Application Data\Uvwamos
2012-08-01 14:50 . 2012-08-01 14:51 -------- d-----w- c:\documents and settings\Dad\Application Data\Xeeq
2012-08-01 12:53 . 2012-08-01 12:53 -------- d-s---w- c:\documents and settings\LocalService\UserData
2012-07-27 14:58 . 2012-07-27 14:58 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-07-04 18:47 . 2012-07-17 21:03 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Thunderbird
2012-07-04 18:47 . 2012-07-04 18:47 -------- d-----w- c:\documents and settings\Dad\Application Data\Thunderbird
2012-07-04 18:46 . 2012-07-19 02:20 -------- d-----w- c:\program files\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 15:25 . 2012-04-06 22:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 15:25 . 2012-04-06 22:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:19 . 2004-08-19 20:49 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-30 01:06 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-19 20:49 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-19 20:49 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2007-05-30 21:31 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2007-05-30 21:31 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2004-08-19 21:04 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2004-08-19 21:04 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2004-08-19 21:04 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2007-05-30 21:31 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2005-05-26 09:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2004-08-19 21:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2004-08-19 21:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2004-08-19 20:49 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2007-05-30 21:31 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2004-08-19 21:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2004-08-19 21:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-07-12 10:12 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-07-12 10:12 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-07-12 10:12 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-19 20:49 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 07:58 . 2004-08-19 20:49 667136 ----a-w- c:\windows\system32\wininet.dll
2008-07-02 19:34 . 2008-07-02 19:35 774144 ----a-w- c:\program files\RngInterstitial.dll
2012-07-19 02:21 . 2012-06-17 13:02 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"nwiz"="nwiz.exe" [2005-08-02 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-12-22 180269]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
koubl.exe [2012-8-1 169472]
.
c:\documents and settings\Craig\Start Menu\Programs\Startup\
funem.exe [2012-8-1 169472]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-10-24 24576]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
ubydt.exe [2012-8-1 169472]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0stera
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Time]
@="Service"
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0404000.00C\symds.sys [4/5/2012 11:18 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0404000.00C\symefa.sys [4/5/2012 11:18 AM 173176]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [7/12/2012 6:50 AM 821920]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0404000.00C\cchpx86.sys [4/5/2012 11:18 AM 485512]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0404000.00C\ironx86.sys [4/5/2012 11:18 AM 116784]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.4.0.12\ccsvchst.exe [4/5/2012 11:18 AM 126400]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/4/2008 11:09 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/30/2012 10:49 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120801.001\IDSXpx86.sys [8/1/2012 8:53 PM 369632]
S2 Time;Time Service;c:\windows\system32\mlsdf8hvnfxpnfx.exe --> c:\windows\system32\mlsdf8hvnfxpnfx.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/6/2012 6:05 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:00 AM 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.dell4me.com/myway
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\8db84yxv.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{6F4D6AD9-2080-42A7-B6B4-CEC3AD83D032} - c:\windows\system32\ddccb.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 12:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
Completion time: 2012-08-02 12:55:47
ComboFix-quarantined-files.txt 2012-08-02 16:55
.
Pre-Run: 72,038,572,032 bytes free
Post-Run: 72,810,500,096 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 6FD0FB072FDD6EFB5CC6E40B975E2B57




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users