Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan.zeroaccess, trojan.zeroaccess!inf


  • This topic is locked This topic is locked
19 replies to this topic

#1 jafilson

jafilson

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 28 July 2012 - 05:50 PM

Running Windows 7 home premium, 32 bit. Norton 360. Firefox is browser of choice but IE is installed also (don't know if that has anything to do with anything).
Had issues about 3 weeks ago with trojan.zeroaccess, actually had to pay Norton to take remote access of my computer to remove it. Seemed fine. 1 weeks warranty. All seemed to start with a update for Adobe Flash. Have not tried updating that again.

Now trojan.zeroaccess!inf is popping up in my Norton 360 and says I need to manually remove. Downloaded the removal tool, it runs, then restarts my computer (that is expected). However, my computer won't restart. I have to power off and then power on and run the Restart Repair and then I'm back to square one. I've tried that 3 times and exact same sequence happens. Tried WPE but comes up with some error message about incomplete internet access. I'm stumped! I've done all the recommended steps before posting. Thanks in advance!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Jessica at 17:44:55 on 2012-07-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1662 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
C:\windows\system32\lxeacoms.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jessica\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
mRun: [<NO NAME>]
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264646763155
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{D4BF2564-8E07-4895-8C77-67704095D256} : DhcpNameServer = 192.168.1.1 71.252.0.12
TCP: Interfaces\{D4BF2564-8E07-4895-8C77-67704095D256}\35B697E65647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D4BF2564-8E07-4895-8C77-67704095D256}\6496C637F6E6 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{D4BF2564-8E07-4895-8C77-67704095D256}\A5978554C4F5431493 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\ojfhc0nr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\drivers\ifp300.sys [2011-4-24 14531]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\symds.sys [2012-5-18 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\symefa.sys [2012-5-18 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccsetx86.sys [2012-5-18 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.1.2.10\definitions\ipsdefs\20120727.001_358\IDSvix86.sys [2012-7-27 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\ironx86.sys [2012-5-18 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0602010.005\symnets.sys [2012-5-18 318584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2010-2-13 193192]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-8 654408]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccsvchst.exe [2012-5-18 138232]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-7-9 131512]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-12-13 7680]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-8 22344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-13 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-2 106656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 113120]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-13 171520]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-12-13 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
S3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-13 176128]
.
=============== Created Last 30 ================
.
2012-07-11 13:15:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 12:23:40 -------- d-----w- c:\users\jessica\appdata\roaming\FixZeroAccess
2012-07-09 11:52:13 -------- d-----w- c:\users\jessica\appdata\local\LogMeIn Rescue Applet
2012-07-09 11:00:59 -------- d-----w- c:\users\jessica\appdata\local\Chromium
2012-07-09 11:00:02 -------- d-----w- c:\program files\Norton PC Checkup 3.0
2012-07-09 10:59:42 -------- d-----w- c:\users\jessica\appdata\roaming\PCCUStubInstaller
2012-07-09 05:14:30 -------- d-----w- c:\windows\system32\N360_BACKUP
2012-07-09 03:13:23 -------- d-----w- c:\users\jessica\appdata\roaming\Malwarebytes
2012-07-09 03:13:08 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 03:13:07 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-09 03:13:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-08 17:07:47 -------- d-----w- c:\program files\PC Tools
2012-07-08 17:05:24 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-08 17:05:24 -------- d-----w- c:\program files\common files\PC Tools
2012-07-08 17:04:38 -------- d-----w- c:\programdata\PC Tools
2012-07-08 17:04:37 -------- d-----w- c:\users\jessica\appdata\roaming\TestApp
2012-07-08 17:03:57 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-07-08 16:45:49 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-07-08 16:45:49 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-07-08 15:45:23 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-08 15:35:40 -------- d-----w- c:\users\jessica\appdata\local\NPE
.
==================== Find3M ====================
.
2012-07-08 15:33:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-08 15:33:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
.
============= FINISH: 17:46:54.64 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 29 July 2012 - 02:21 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 jafilson

jafilson
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 July 2012 - 07:58 AM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of Date!
Adobe Flash Player 11.3.300.262
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (Firefox,. Firefox out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````




WHile running Combofix, I KNOW I disabled my Norton 360. However a text box popped up that said
ComboFix has detected the following real time scanner(s) to be active:
antivirus: Norton 360
antispyware: Norton 360
Please disable these scanners before clicking OK.

Should I go ahead and click OK?

Computer is running fine, Norton gave me another notice at 6:30 last night that it found trojan.zeroaccess!inf and I should manually remove it. I have not done anything about that. I have also not attempted to restart my computer to test if it still freezes and requires a StartUp repair.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 29 July 2012 - 12:58 PM

yes go ahead and run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 jafilson

jafilson
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 July 2012 - 04:22 PM

ComboFix 12-07-29.02 - Jessica 07/29/2012 16:27:30.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1863 [GMT -4:00]
Running from: c:\users\Jessica\Downloads\ComboFix.exe
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jessica\WINDOWS
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 20:53 . 2012-07-29 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 13:15 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 12:23 . 2012-07-29 03:18 -------- d-----w- c:\users\Jessica\AppData\Roaming\FixZeroAccess
2012-07-09 11:52 . 2012-07-11 13:23 -------- d-----w- c:\users\Jessica\AppData\Local\LogMeIn Rescue Applet
2012-07-09 11:00 . 2012-07-09 11:00 -------- d-----w- c:\users\Jessica\AppData\Local\Chromium
2012-07-09 11:00 . 2012-07-09 11:00 -------- d-----w- c:\program files\Norton PC Checkup 3.0
2012-07-09 10:59 . 2012-07-09 10:59 -------- d-----w- c:\users\Jessica\AppData\Roaming\PCCUStubInstaller
2012-07-09 05:14 . 2012-07-09 05:14 -------- d-----w- c:\windows\system32\N360_BACKUP
2012-07-09 03:13 . 2012-07-09 03:13 -------- d-----w- c:\users\Jessica\AppData\Roaming\Malwarebytes
2012-07-09 03:13 . 2012-07-09 03:13 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 03:13 . 2012-07-09 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-09 03:13 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 17:07 . 2012-07-09 10:12 -------- d-----w- c:\program files\PC Tools
2012-07-08 17:05 . 2012-07-09 10:12 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-08 17:05 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-08 17:04 . 2012-07-09 05:11 -------- d-----w- c:\programdata\PC Tools
2012-07-08 17:04 . 2012-07-08 17:04 -------- d-----w- c:\users\Jessica\AppData\Roaming\TestApp
2012-07-08 17:03 . 2012-07-09 05:09 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-08 16:45 . 2012-07-08 16:45 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-08 16:45 . 2012-07-08 16:45 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-08 15:45 . 2012-07-08 15:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-08 15:35 . 2012-07-28 21:09 -------- d-----w- c:\users\Jessica\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 15:33 . 2012-04-13 01:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-08 15:33 . 2011-06-28 03:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-24 02:57 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 02:57 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 02:57 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 02:57 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 02:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 02:57 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 02:57 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-24 02:56 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-24 02:56 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 03:03 . 2012-06-13 13:44 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44 . 2012-06-13 13:43 164352 ----a-w- c:\windows\system32\profsvc.dll
2010-03-31 14:09 . 2010-03-31 14:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 16:36 . 2010-04-08 16:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-07-08 16:45 . 2011-05-04 01:18 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-01-18 17:27 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]
2010-05-05 14:18 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magellan CmTray]
2011-03-04 17:10 458752 ----a-w- c:\program files\Content Manager\CmTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-29 05:12 7625248 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 06:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-08-12 00:09 1324384 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-14 17:08 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-09-17 20:37 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]
2009-08-07 01:05 611672 ----a-w- c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-21 17:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\DRIVERS\ifp300.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0602010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [x]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:51]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:51]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\ojfhc0nr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\lxeaserv.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-29 17:00:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-29 21:00
.
Pre-Run: 241,470,545,920 bytes free
Post-Run: 241,402,810,368 bytes free
.
- - End Of File - - C354E777F8B178D4464CC160F7E597DE



Combofix restarted computer on it's own and it restarted normally. Then I got messages on everything I clicked "Illegal operation attempted on a registry key that has been marked for delection" so I restarted the computer manually and it restarted normally again (thank goodness). No more "illegal operation" mesages. Opened Firefox and got a message "firefox is not your customary browser, would you like to switch" I clicked no. Then I got some message about scripts on my homepage (yahoo) stopped running. I clicked stop script. I have no idea if those last two items have anything to do with anything but the more info, the better I figure.

So far everything is back to normal.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 29 July 2012 - 04:27 PM

Greetings

That is good news but lets get some deeper scans to be sure

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 jafilson

jafilson
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 July 2012 - 05:19 PM

TDSS report


18:15:14.0222 0360 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:15:14.0518 0360 ============================================================
18:15:14.0518 0360 Current date / time: 2012/07/29 18:15:14.0518
18:15:14.0518 0360 SystemInfo:
18:15:14.0518 0360
18:15:14.0518 0360 OS Version: 6.1.7601 ServicePack: 1.0
18:15:14.0518 0360 Product type: Workstation
18:15:14.0518 0360 ComputerName: JESSICA-PC
18:15:14.0518 0360 UserName: Jessica
18:15:14.0518 0360 Windows directory: C:\windows
18:15:14.0518 0360 System windows directory: C:\windows
18:15:14.0518 0360 Processor architecture: Intel x86
18:15:14.0518 0360 Number of processors: 2
18:15:14.0518 0360 Page size: 0x1000
18:15:14.0518 0360 Boot type: Normal boot
18:15:14.0518 0360 ============================================================
18:15:16.0453 0360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:15:16.0468 0360 ============================================================
18:15:16.0468 0360 \Device\Harddisk0\DR0:
18:15:16.0468 0360 MBR partitions:
18:15:16.0468 0360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2416A000
18:15:16.0468 0360 ============================================================
18:15:16.0515 0360 C: <-> \Device\Harddisk0\DR0\Partition0
18:15:16.0515 0360 ============================================================
18:15:16.0515 0360 Initialize success
18:15:16.0515 0360 ============================================================
18:15:25.0376 3368 ============================================================
18:15:25.0376 3368 Scan started
18:15:25.0376 3368 Mode: Manual;
18:15:25.0376 3368 ============================================================
18:15:28.0013 3368 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
18:15:28.0028 3368 1394ohci - ok
18:15:28.0091 3368 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
18:15:28.0106 3368 ACPI - ok
18:15:28.0169 3368 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
18:15:28.0169 3368 AcpiPmi - ok
18:15:28.0278 3368 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
18:15:28.0278 3368 adp94xx - ok
18:15:28.0325 3368 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
18:15:28.0340 3368 adpahci - ok
18:15:28.0371 3368 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
18:15:28.0371 3368 adpu320 - ok
18:15:28.0418 3368 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
18:15:28.0418 3368 AeLookupSvc - ok
18:15:28.0527 3368 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
18:15:28.0527 3368 AFD - ok
18:15:28.0699 3368 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
18:15:28.0715 3368 AgereSoftModem - ok
18:15:28.0777 3368 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
18:15:28.0777 3368 agp440 - ok
18:15:28.0808 3368 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
18:15:28.0808 3368 aic78xx - ok
18:15:28.0855 3368 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
18:15:28.0871 3368 ALG - ok
18:15:28.0917 3368 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
18:15:28.0917 3368 aliide - ok
18:15:28.0995 3368 AMD External Events Utility (0bc6704f6fb4c63cdcb85401e8263a1b) C:\windows\system32\atiesrxx.exe
18:15:28.0995 3368 AMD External Events Utility - ok
18:15:29.0027 3368 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
18:15:29.0027 3368 amdagp - ok
18:15:29.0058 3368 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
18:15:29.0058 3368 amdide - ok
18:15:29.0105 3368 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
18:15:29.0105 3368 AmdK8 - ok
18:15:29.0136 3368 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
18:15:29.0136 3368 AmdPPM - ok
18:15:29.0198 3368 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
18:15:29.0214 3368 amdsata - ok
18:15:29.0245 3368 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
18:15:29.0261 3368 amdsbs - ok
18:15:29.0276 3368 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
18:15:29.0276 3368 amdxata - ok
18:15:29.0323 3368 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
18:15:29.0323 3368 AppID - ok
18:15:29.0354 3368 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
18:15:29.0354 3368 AppIDSvc - ok
18:15:29.0417 3368 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
18:15:29.0417 3368 Appinfo - ok
18:15:29.0479 3368 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
18:15:29.0479 3368 arc - ok
18:15:29.0510 3368 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
18:15:29.0526 3368 arcsas - ok
18:15:29.0557 3368 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
18:15:29.0557 3368 AsyncMac - ok
18:15:29.0588 3368 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
18:15:29.0588 3368 atapi - ok
18:15:29.0744 3368 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys
18:15:29.0760 3368 athr - ok
18:15:30.0399 3368 atikmdag (c97be8350fbcb1960b22fad2e6c2b514) C:\windows\system32\DRIVERS\atikmdag.sys
18:15:30.0477 3368 atikmdag - ok
18:15:30.0665 3368 AtiPcie (b73c832088dd54b55e04ff6f9646ad8c) C:\windows\system32\DRIVERS\AtiPcie.sys
18:15:30.0665 3368 AtiPcie - ok
18:15:30.0789 3368 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
18:15:30.0805 3368 AudioEndpointBuilder - ok
18:15:30.0821 3368 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
18:15:30.0821 3368 Audiosrv - ok
18:15:30.0883 3368 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
18:15:30.0883 3368 AxInstSV - ok
18:15:30.0977 3368 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
18:15:30.0992 3368 b06bdrv - ok
18:15:31.0055 3368 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
18:15:31.0055 3368 b57nd60x - ok
18:15:31.0101 3368 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
18:15:31.0101 3368 BDESVC - ok
18:15:31.0148 3368 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
18:15:31.0148 3368 Beep - ok
18:15:31.0289 3368 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
18:15:31.0289 3368 BFE - ok
18:15:31.0569 3368 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys
18:15:31.0585 3368 BHDrvx86 - ok
18:15:31.0663 3368 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
18:15:31.0679 3368 BITS - ok
18:15:31.0772 3368 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
18:15:31.0772 3368 blbdrive - ok
18:15:31.0803 3368 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
18:15:31.0803 3368 bowser - ok
18:15:31.0835 3368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
18:15:31.0835 3368 BrFiltLo - ok
18:15:31.0850 3368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
18:15:31.0850 3368 BrFiltUp - ok
18:15:31.0897 3368 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
18:15:31.0913 3368 BridgeMP - ok
18:15:31.0959 3368 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
18:15:31.0959 3368 Browser - ok
18:15:32.0006 3368 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
18:15:32.0006 3368 Brserid - ok
18:15:32.0037 3368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
18:15:32.0037 3368 BrSerWdm - ok
18:15:32.0053 3368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
18:15:32.0053 3368 BrUsbMdm - ok
18:15:32.0084 3368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
18:15:32.0084 3368 BrUsbSer - ok
18:15:32.0100 3368 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
18:15:32.0115 3368 BTHMODEM - ok
18:15:32.0162 3368 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
18:15:32.0162 3368 bthserv - ok
18:15:32.0225 3368 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\windows\system32\drivers\BVRPMPR5.SYS
18:15:32.0225 3368 BVRPMPR5 - ok
18:15:32.0412 3368 catchme - ok
18:15:32.0537 3368 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys
18:15:32.0537 3368 ccSet_N360 - ok
18:15:32.0583 3368 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
18:15:32.0583 3368 cdfs - ok
18:15:32.0646 3368 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
18:15:32.0646 3368 cdrom - ok
18:15:32.0708 3368 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
18:15:32.0708 3368 CertPropSvc - ok
18:15:32.0864 3368 cfWiMAXService (1f8a319d29394f9ce1b7ae020df2ebbf) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
18:15:32.0864 3368 cfWiMAXService - ok
18:15:32.0911 3368 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
18:15:32.0911 3368 circlass - ok
18:15:32.0973 3368 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
18:15:32.0973 3368 CLFS - ok
18:15:33.0083 3368 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:15:33.0083 3368 clr_optimization_v2.0.50727_32 - ok
18:15:33.0176 3368 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:15:33.0176 3368 clr_optimization_v4.0.30319_32 - ok
18:15:33.0207 3368 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
18:15:33.0207 3368 CmBatt - ok
18:15:33.0239 3368 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
18:15:33.0239 3368 cmdide - ok
18:15:33.0317 3368 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys
18:15:33.0317 3368 CNG - ok
18:15:33.0410 3368 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
18:15:33.0410 3368 Compbatt - ok
18:15:33.0457 3368 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
18:15:33.0457 3368 CompositeBus - ok
18:15:33.0488 3368 COMSysApp - ok
18:15:33.0582 3368 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:15:33.0597 3368 ConfigFree Service - ok
18:15:33.0613 3368 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
18:15:33.0613 3368 crcdisk - ok
18:15:33.0691 3368 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
18:15:33.0691 3368 CryptSvc - ok
18:15:33.0816 3368 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
18:15:33.0816 3368 DcomLaunch - ok
18:15:33.0863 3368 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
18:15:33.0878 3368 defragsvc - ok
18:15:33.0925 3368 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
18:15:33.0925 3368 DfsC - ok
18:15:34.0003 3368 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
18:15:34.0003 3368 Dhcp - ok
18:15:34.0019 3368 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
18:15:34.0019 3368 discache - ok
18:15:34.0065 3368 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
18:15:34.0065 3368 Disk - ok
18:15:34.0112 3368 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
18:15:34.0128 3368 Dnscache - ok
18:15:34.0175 3368 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
18:15:34.0190 3368 dot3svc - ok
18:15:34.0237 3368 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
18:15:34.0253 3368 DPS - ok
18:15:34.0284 3368 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
18:15:34.0284 3368 drmkaud - ok
18:15:34.0424 3368 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
18:15:34.0424 3368 DXGKrnl - ok
18:15:34.0471 3368 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
18:15:34.0471 3368 EapHost - ok
18:15:34.0939 3368 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
18:15:34.0986 3368 ebdrv - ok
18:15:35.0173 3368 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:15:35.0173 3368 eeCtrl - ok
18:15:35.0298 3368 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
18:15:35.0298 3368 EFS - ok
18:15:35.0438 3368 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
18:15:35.0454 3368 ehRecvr - ok
18:15:35.0501 3368 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
18:15:35.0501 3368 ehSched - ok
18:15:35.0641 3368 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
18:15:35.0641 3368 elxstor - ok
18:15:35.0828 3368 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:15:35.0828 3368 EraserUtilRebootDrv - ok
18:15:35.0859 3368 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
18:15:35.0859 3368 ErrDev - ok
18:15:35.0937 3368 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
18:15:35.0953 3368 EventSystem - ok
18:15:36.0000 3368 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
18:15:36.0000 3368 exfat - ok
18:15:36.0047 3368 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
18:15:36.0047 3368 fastfat - ok
18:15:36.0156 3368 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
18:15:36.0171 3368 Fax - ok
18:15:36.0187 3368 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
18:15:36.0187 3368 fdc - ok
18:15:36.0218 3368 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
18:15:36.0218 3368 fdPHost - ok
18:15:36.0249 3368 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
18:15:36.0249 3368 FDResPub - ok
18:15:36.0265 3368 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
18:15:36.0281 3368 FileInfo - ok
18:15:36.0281 3368 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
18:15:36.0281 3368 Filetrace - ok
18:15:36.0437 3368 FlipShare Service (0b9167adfe8e42b6b4c5e929bfbc7080) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
18:15:36.0437 3368 FlipShare Service - ok
18:15:36.0468 3368 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
18:15:36.0468 3368 flpydisk - ok
18:15:36.0530 3368 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
18:15:36.0530 3368 FltMgr - ok
18:15:36.0671 3368 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
18:15:36.0686 3368 FontCache - ok
18:15:36.0780 3368 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:15:36.0780 3368 FontCache3.0.0.0 - ok
18:15:36.0827 3368 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
18:15:36.0827 3368 FsDepends - ok
18:15:36.0858 3368 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
18:15:36.0858 3368 Fs_Rec - ok
18:15:36.0920 3368 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
18:15:36.0936 3368 fvevol - ok
18:15:36.0967 3368 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
18:15:36.0967 3368 FwLnk - ok
18:15:37.0029 3368 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
18:15:37.0029 3368 gagp30kx - ok
18:15:37.0170 3368 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
18:15:37.0170 3368 GameConsoleService - ok
18:15:37.0248 3368 getPlusHelper (0879dc7444a201df84e69c5dd5083d61) C:\Program Files\NOS\bin\getPlus_Helper.dll
18:15:37.0248 3368 getPlusHelper - ok
18:15:37.0357 3368 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
18:15:37.0373 3368 gpsvc - ok
18:15:37.0497 3368 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:15:37.0497 3368 gupdate - ok
18:15:37.0544 3368 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:15:37.0544 3368 gupdatem - ok
18:15:37.0575 3368 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
18:15:37.0575 3368 hcw85cir - ok
18:15:37.0669 3368 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
18:15:37.0669 3368 HdAudAddService - ok
18:15:37.0700 3368 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
18:15:37.0716 3368 HDAudBus - ok
18:15:37.0778 3368 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
18:15:37.0778 3368 HidBatt - ok
18:15:37.0794 3368 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
18:15:37.0794 3368 HidBth - ok
18:15:37.0841 3368 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
18:15:37.0841 3368 HidIr - ok
18:15:37.0872 3368 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
18:15:37.0872 3368 hidserv - ok
18:15:37.0903 3368 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
18:15:37.0903 3368 HidUsb - ok
18:15:37.0950 3368 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
18:15:37.0950 3368 hkmsvc - ok
18:15:38.0012 3368 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
18:15:38.0012 3368 HomeGroupListener - ok
18:15:38.0075 3368 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
18:15:38.0075 3368 HomeGroupProvider - ok
18:15:38.0121 3368 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
18:15:38.0121 3368 HpSAMD - ok
18:15:38.0309 3368 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
18:15:38.0324 3368 HPSLPSVC - ok
18:15:38.0418 3368 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
18:15:38.0433 3368 HTTP - ok
18:15:38.0465 3368 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
18:15:38.0465 3368 hwpolicy - ok
18:15:38.0543 3368 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
18:15:38.0543 3368 i8042prt - ok
18:15:38.0636 3368 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
18:15:38.0636 3368 iaStorV - ok
18:15:38.0839 3368 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:15:38.0855 3368 idsvc - ok
18:15:39.0135 3368 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys
18:15:39.0135 3368 IDSVix86 - ok
18:15:39.0307 3368 IFP300 (7d19431e613a70262e5586fa76bb29f0) C:\windows\system32\DRIVERS\ifp300.sys
18:15:39.0307 3368 IFP300 - ok
18:15:39.0369 3368 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
18:15:39.0369 3368 iirsp - ok
18:15:39.0494 3368 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
18:15:39.0510 3368 IKEEXT - ok
18:15:39.0915 3368 IntcAzAudAddService (e4a2e810cb2607c9c159c0dfb0bd4c88) C:\windows\system32\drivers\RTKVHDA.sys
18:15:39.0962 3368 IntcAzAudAddService - ok
18:15:40.0134 3368 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
18:15:40.0134 3368 intelide - ok
18:15:40.0181 3368 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
18:15:40.0181 3368 intelppm - ok
18:15:40.0227 3368 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
18:15:40.0227 3368 IPBusEnum - ok
18:15:40.0259 3368 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
18:15:40.0259 3368 IpFilterDriver - ok
18:15:40.0383 3368 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
18:15:40.0399 3368 iphlpsvc - ok
18:15:40.0446 3368 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
18:15:40.0446 3368 IPMIDRV - ok
18:15:40.0493 3368 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
18:15:40.0493 3368 IPNAT - ok
18:15:40.0524 3368 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
18:15:40.0524 3368 IRENUM - ok
18:15:40.0571 3368 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
18:15:40.0571 3368 isapnp - ok
18:15:40.0617 3368 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
18:15:40.0617 3368 iScsiPrt - ok
18:15:40.0680 3368 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
18:15:40.0680 3368 kbdclass - ok
18:15:40.0727 3368 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
18:15:40.0727 3368 kbdhid - ok
18:15:40.0789 3368 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:15:40.0789 3368 KeyIso - ok
18:15:40.0820 3368 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys
18:15:40.0836 3368 KSecDD - ok
18:15:40.0883 3368 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys
18:15:40.0883 3368 KSecPkg - ok
18:15:40.0961 3368 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
18:15:40.0961 3368 KtmRm - ok
18:15:41.0023 3368 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
18:15:41.0023 3368 LanmanServer - ok
18:15:41.0070 3368 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
18:15:41.0085 3368 LanmanWorkstation - ok
18:15:41.0163 3368 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
18:15:41.0163 3368 lltdio - ok
18:15:41.0335 3368 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
18:15:41.0351 3368 lltdsvc - ok
18:15:41.0366 3368 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
18:15:41.0366 3368 lmhosts - ok
18:15:41.0413 3368 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
18:15:41.0413 3368 LSI_FC - ok
18:15:41.0444 3368 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
18:15:41.0444 3368 LSI_SAS - ok
18:15:41.0475 3368 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
18:15:41.0475 3368 LSI_SAS2 - ok
18:15:41.0507 3368 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
18:15:41.0507 3368 LSI_SCSI - ok
18:15:41.0538 3368 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
18:15:41.0538 3368 luafv - ok
18:15:41.0647 3368 lxeaCATSCustConnectService (2349335a8033fd9834d1c401eae1c9bf) C:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
18:15:41.0647 3368 lxeaCATSCustConnectService - ok
18:15:41.0694 3368 lxea_device - ok
18:15:41.0725 3368 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
18:15:41.0741 3368 MBAMProtector - ok
18:15:41.0928 3368 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:15:41.0928 3368 MBAMService - ok
18:15:41.0990 3368 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
18:15:41.0990 3368 Mcx2Svc - ok
18:15:42.0037 3368 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
18:15:42.0037 3368 megasas - ok
18:15:42.0115 3368 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
18:15:42.0115 3368 MegaSR - ok
18:15:42.0146 3368 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
18:15:42.0146 3368 MMCSS - ok
18:15:42.0177 3368 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
18:15:42.0177 3368 Modem - ok
18:15:42.0224 3368 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
18:15:42.0224 3368 monitor - ok
18:15:42.0271 3368 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
18:15:42.0271 3368 mouclass - ok
18:15:42.0302 3368 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
18:15:42.0302 3368 mouhid - ok
18:15:42.0349 3368 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
18:15:42.0365 3368 mountmgr - ok
18:15:42.0489 3368 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:15:42.0583 3368 MozillaMaintenance - ok
18:15:42.0614 3368 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
18:15:42.0614 3368 mpio - ok
18:15:42.0645 3368 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
18:15:42.0645 3368 mpsdrv - ok
18:15:42.0755 3368 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
18:15:42.0770 3368 MpsSvc - ok
18:15:42.0833 3368 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
18:15:42.0833 3368 MRxDAV - ok
18:15:42.0895 3368 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
18:15:42.0895 3368 mrxsmb - ok
18:15:42.0957 3368 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
18:15:42.0957 3368 mrxsmb10 - ok
18:15:42.0989 3368 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
18:15:43.0004 3368 mrxsmb20 - ok
18:15:43.0035 3368 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
18:15:43.0035 3368 msahci - ok
18:15:43.0082 3368 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
18:15:43.0082 3368 msdsm - ok
18:15:43.0129 3368 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
18:15:43.0145 3368 MSDTC - ok
18:15:43.0176 3368 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
18:15:43.0191 3368 Msfs - ok
18:15:43.0207 3368 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
18:15:43.0207 3368 mshidkmdf - ok
18:15:43.0223 3368 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
18:15:43.0223 3368 msisadrv - ok
18:15:43.0285 3368 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
18:15:43.0285 3368 MSiSCSI - ok
18:15:43.0301 3368 msiserver - ok
18:15:43.0332 3368 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
18:15:43.0347 3368 MSKSSRV - ok
18:15:43.0379 3368 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
18:15:43.0379 3368 MSPCLOCK - ok
18:15:43.0394 3368 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
18:15:43.0394 3368 MSPQM - ok
18:15:43.0457 3368 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
18:15:43.0457 3368 MsRPC - ok
18:15:43.0488 3368 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
18:15:43.0488 3368 mssmbios - ok
18:15:43.0519 3368 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
18:15:43.0519 3368 MSTEE - ok
18:15:43.0535 3368 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
18:15:43.0535 3368 MTConfig - ok
18:15:43.0550 3368 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
18:15:43.0566 3368 Mup - ok
18:15:43.0722 3368 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
18:15:43.0722 3368 N360 - ok
18:15:43.0800 3368 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
18:15:43.0815 3368 napagent - ok
18:15:43.0878 3368 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
18:15:43.0893 3368 NativeWifiP - ok
18:15:44.0112 3368 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVENG.SYS
18:15:44.0112 3368 NAVENG - ok
18:15:44.0346 3368 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\VirusDefs\20120728.009\NAVEX15.SYS
18:15:44.0377 3368 NAVEX15 - ok
18:15:44.0673 3368 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
18:15:44.0689 3368 NDIS - ok
18:15:44.0736 3368 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
18:15:44.0736 3368 NdisCap - ok
18:15:44.0783 3368 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
18:15:44.0783 3368 NdisTapi - ok
18:15:44.0829 3368 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
18:15:44.0829 3368 Ndisuio - ok
18:15:44.0892 3368 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
18:15:44.0892 3368 NdisWan - ok
18:15:44.0939 3368 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
18:15:44.0954 3368 NDProxy - ok
18:15:45.0001 3368 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll
18:15:45.0001 3368 Net Driver HPZ12 - ok
18:15:45.0048 3368 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
18:15:45.0048 3368 NetBIOS - ok
18:15:45.0126 3368 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
18:15:45.0126 3368 NetBT - ok
18:15:45.0157 3368 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:15:45.0157 3368 Netlogon - ok
18:15:45.0235 3368 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
18:15:45.0251 3368 Netman - ok
18:15:45.0313 3368 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
18:15:45.0313 3368 netprofm - ok
18:15:45.0407 3368 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:15:45.0407 3368 NetTcpPortSharing - ok
18:15:45.0500 3368 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
18:15:45.0500 3368 nfrd960 - ok
18:15:45.0563 3368 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
18:15:45.0563 3368 NlaSvc - ok
18:15:45.0656 3368 Norton PC Checkup Application Launcher - ok
18:15:45.0687 3368 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
18:15:45.0687 3368 Npfs - ok
18:15:45.0719 3368 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
18:15:45.0734 3368 nsi - ok
18:15:45.0750 3368 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
18:15:45.0750 3368 nsiproxy - ok
18:15:45.0953 3368 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
18:15:45.0968 3368 Ntfs - ok
18:15:45.0984 3368 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
18:15:45.0984 3368 Null - ok
18:15:46.0031 3368 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
18:15:46.0046 3368 nvraid - ok
18:15:46.0109 3368 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
18:15:46.0109 3368 nvstor - ok
18:15:46.0155 3368 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
18:15:46.0155 3368 nv_agp - ok
18:15:46.0343 3368 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:15:46.0358 3368 odserv - ok
18:15:46.0421 3368 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
18:15:46.0421 3368 ohci1394 - ok
18:15:46.0467 3368 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:15:46.0483 3368 ose - ok
18:15:46.0561 3368 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
18:15:46.0561 3368 p2pimsvc - ok
18:15:46.0623 3368 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
18:15:46.0639 3368 p2psvc - ok
18:15:46.0670 3368 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
18:15:46.0670 3368 Parport - ok
18:15:46.0717 3368 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
18:15:46.0717 3368 partmgr - ok
18:15:46.0748 3368 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
18:15:46.0748 3368 Parvdm - ok
18:15:46.0795 3368 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
18:15:46.0811 3368 PcaSvc - ok
18:15:46.0857 3368 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
18:15:46.0857 3368 pci - ok
18:15:46.0889 3368 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
18:15:46.0904 3368 pciide - ok
18:15:47.0045 3368 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
18:15:47.0060 3368 pcmcia - ok
18:15:47.0294 3368 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
18:15:47.0294 3368 pcw - ok
18:15:47.0513 3368 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
18:15:47.0513 3368 PEAUTH - ok
18:15:47.0778 3368 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
18:15:47.0793 3368 pla - ok
18:15:47.0996 3368 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
18:15:47.0996 3368 PlugPlay - ok
18:15:48.0059 3368 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll
18:15:48.0074 3368 Pml Driver HPZ12 - ok
18:15:48.0105 3368 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
18:15:48.0105 3368 PNRPAutoReg - ok
18:15:48.0152 3368 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
18:15:48.0168 3368 PNRPsvc - ok
18:15:48.0230 3368 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
18:15:48.0246 3368 PolicyAgent - ok
18:15:48.0293 3368 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
18:15:48.0308 3368 Power - ok
18:15:48.0402 3368 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
18:15:48.0402 3368 PptpMiniport - ok
18:15:48.0417 3368 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
18:15:48.0433 3368 Processor - ok
18:15:48.0511 3368 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
18:15:48.0511 3368 ProfSvc - ok
18:15:48.0542 3368 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:15:48.0542 3368 ProtectedStorage - ok
18:15:48.0589 3368 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
18:15:48.0605 3368 Psched - ok
18:15:48.0792 3368 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
18:15:48.0823 3368 ql2300 - ok
18:15:48.0979 3368 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
18:15:48.0979 3368 ql40xx - ok
18:15:49.0041 3368 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
18:15:49.0041 3368 QWAVE - ok
18:15:49.0073 3368 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
18:15:49.0073 3368 QWAVEdrv - ok
18:15:49.0088 3368 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
18:15:49.0088 3368 RasAcd - ok
18:15:49.0135 3368 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
18:15:49.0135 3368 RasAgileVpn - ok
18:15:49.0166 3368 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
18:15:49.0166 3368 RasAuto - ok
18:15:49.0197 3368 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
18:15:49.0197 3368 Rasl2tp - ok
18:15:49.0275 3368 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
18:15:49.0291 3368 RasMan - ok
18:15:49.0322 3368 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
18:15:49.0322 3368 RasPppoe - ok
18:15:49.0353 3368 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
18:15:49.0353 3368 RasSstp - ok
18:15:49.0416 3368 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
18:15:49.0431 3368 rdbss - ok
18:15:49.0447 3368 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
18:15:49.0447 3368 rdpbus - ok
18:15:49.0478 3368 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
18:15:49.0478 3368 RDPCDD - ok
18:15:49.0525 3368 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
18:15:49.0525 3368 RDPENCDD - ok
18:15:49.0556 3368 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
18:15:49.0556 3368 RDPREFMP - ok
18:15:49.0619 3368 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
18:15:49.0619 3368 RDPWD - ok
18:15:49.0681 3368 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
18:15:49.0681 3368 rdyboost - ok
18:15:49.0728 3368 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
18:15:49.0728 3368 RemoteAccess - ok
18:15:49.0775 3368 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
18:15:49.0775 3368 RemoteRegistry - ok
18:15:49.0821 3368 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
18:15:49.0821 3368 RpcEptMapper - ok
18:15:49.0853 3368 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
18:15:49.0868 3368 RpcLocator - ok
18:15:49.0946 3368 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
18:15:49.0946 3368 RpcSs - ok
18:15:49.0993 3368 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
18:15:49.0993 3368 rspndr - ok
18:15:50.0055 3368 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys
18:15:50.0055 3368 RSUSBSTOR - ok
18:15:50.0133 3368 RTL8167 (6465166dd9b2f841dabad16abdadbe98) C:\windows\system32\DRIVERS\Rt86win7.sys
18:15:50.0133 3368 RTL8167 - ok
18:15:50.0211 3368 RTL8187Se (5bd298bdf62e6a8a0fc69f73a82a52bb) C:\windows\system32\DRIVERS\RTL8187Se.sys
18:15:50.0227 3368 RTL8187Se - ok
18:15:50.0227 3368 RtsUIR - ok
18:15:50.0274 3368 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:15:50.0274 3368 SamSs - ok
18:15:50.0336 3368 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
18:15:50.0336 3368 sbp2port - ok
18:15:50.0383 3368 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
18:15:50.0383 3368 SCardSvr - ok
18:15:50.0430 3368 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
18:15:50.0430 3368 scfilter - ok
18:15:50.0570 3368 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
18:15:50.0586 3368 Schedule - ok
18:15:50.0633 3368 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
18:15:50.0648 3368 SCPolicySvc - ok
18:15:50.0695 3368 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
18:15:50.0695 3368 SDRSVC - ok
18:15:50.0742 3368 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
18:15:50.0742 3368 secdrv - ok
18:15:50.0773 3368 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
18:15:50.0789 3368 seclogon - ok
18:15:50.0820 3368 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
18:15:50.0820 3368 SENS - ok
18:15:50.0851 3368 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
18:15:50.0851 3368 SensrSvc - ok
18:15:50.0867 3368 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
18:15:50.0867 3368 Serenum - ok
18:15:50.0929 3368 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
18:15:50.0929 3368 Serial - ok
18:15:50.0991 3368 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
18:15:50.0991 3368 sermouse - ok
18:15:51.0069 3368 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
18:15:51.0069 3368 SessionEnv - ok
18:15:51.0116 3368 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
18:15:51.0116 3368 sffdisk - ok
18:15:51.0132 3368 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
18:15:51.0132 3368 sffp_mmc - ok
18:15:51.0147 3368 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
18:15:51.0147 3368 sffp_sd - ok
18:15:51.0163 3368 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
18:15:51.0179 3368 sfloppy - ok
18:15:51.0257 3368 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
18:15:51.0257 3368 SharedAccess - ok
18:15:51.0335 3368 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
18:15:51.0350 3368 ShellHWDetection - ok
18:15:51.0397 3368 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
18:15:51.0397 3368 sisagp - ok
18:15:51.0444 3368 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
18:15:51.0444 3368 SiSRaid2 - ok
18:15:51.0475 3368 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
18:15:51.0475 3368 SiSRaid4 - ok
18:15:51.0506 3368 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
18:15:51.0506 3368 Smb - ok
18:15:51.0553 3368 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
18:15:51.0569 3368 SNMPTRAP - ok
18:15:51.0600 3368 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
18:15:51.0600 3368 spldr - ok
18:15:51.0678 3368 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
18:15:51.0693 3368 Spooler - ok
18:15:52.0115 3368 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
18:15:52.0177 3368 sppsvc - ok
18:15:52.0473 3368 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
18:15:52.0489 3368 sppuinotify - ok
18:15:52.0614 3368 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
18:15:52.0614 3368 sprtsvc_ddoctorv2 - ok
18:15:52.0785 3368 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\windows\System32\Drivers\N360\0602010.005\SRTSP.SYS
18:15:52.0801 3368 SRTSP - ok
18:15:52.0863 3368 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\windows\system32\drivers\N360\0602010.005\SRTSPX.SYS
18:15:52.0879 3368 SRTSPX - ok
18:15:52.0941 3368 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
18:15:52.0941 3368 srv - ok
18:15:53.0019 3368 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
18:15:53.0019 3368 srv2 - ok
18:15:53.0082 3368 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
18:15:53.0082 3368 srvnet - ok
18:15:53.0129 3368 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
18:15:53.0129 3368 SSDPSRV - ok
18:15:53.0160 3368 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
18:15:53.0160 3368 SstpSvc - ok
18:15:53.0191 3368 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
18:15:53.0191 3368 stexstor - ok
18:15:53.0238 3368 StillCam (edb05bd63148796f23ea78506404a538) C:\windows\system32\DRIVERS\serscan.sys
18:15:53.0238 3368 StillCam - ok
18:15:53.0347 3368 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
18:15:53.0347 3368 StiSvc - ok
18:15:53.0378 3368 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
18:15:53.0378 3368 swenum - ok
18:15:53.0441 3368 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
18:15:53.0441 3368 swprv - ok
18:15:53.0597 3368 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\windows\system32\drivers\N360\0602010.005\SYMDS.SYS
18:15:53.0612 3368 SymDS - ok
18:15:53.0753 3368 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\windows\system32\drivers\N360\0602010.005\SYMEFA.SYS
18:15:53.0768 3368 SymEFA - ok
18:15:53.0831 3368 SymEvent (74e2521e96176a4449570e50be91954d) C:\windows\system32\Drivers\SYMEVENT.SYS
18:15:53.0846 3368 SymEvent - ok
18:15:53.0909 3368 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\windows\system32\drivers\N360\0602010.005\Ironx86.SYS
18:15:53.0909 3368 SymIRON - ok
18:15:53.0955 3368 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\windows\System32\Drivers\N360\0602010.005\SYMNETS.SYS
18:15:53.0971 3368 SymNetS - ok
18:15:54.0065 3368 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
18:15:54.0065 3368 SynTP - ok
18:15:54.0252 3368 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
18:15:54.0267 3368 SysMain - ok
18:15:54.0330 3368 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
18:15:54.0330 3368 TabletInputService - ok
18:15:54.0408 3368 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
18:15:54.0408 3368 TapiSrv - ok
18:15:54.0455 3368 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
18:15:54.0455 3368 TBS - ok
18:15:54.0704 3368 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
18:15:54.0735 3368 Tcpip - ok
18:15:54.0782 3368 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
18:15:54.0798 3368 TCPIP6 - ok
18:15:54.0845 3368 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
18:15:54.0845 3368 tcpipreg - ok
18:15:54.0907 3368 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
18:15:54.0907 3368 tdcmdpst - ok
18:15:54.0954 3368 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
18:15:54.0954 3368 TDPIPE - ok
18:15:55.0001 3368 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
18:15:55.0016 3368 TDTCP - ok
18:15:55.0047 3368 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
18:15:55.0063 3368 tdx - ok
18:15:55.0094 3368 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
18:15:55.0094 3368 TermDD - ok
18:15:55.0188 3368 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
18:15:55.0203 3368 TermService - ok
18:15:55.0235 3368 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
18:15:55.0250 3368 Themes - ok
18:15:55.0281 3368 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
18:15:55.0281 3368 THREADORDER - ok
18:15:55.0391 3368 TMachInfo (32577b987ae5401038451bb392cb8d89) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:15:55.0391 3368 TMachInfo - ok
18:15:55.0453 3368 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
18:15:55.0453 3368 TODDSrv - ok
18:15:55.0578 3368 TosCoSrv (66c35016e01746715f8f606a9f081bf9) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:15:55.0578 3368 TosCoSrv - ok
18:15:55.0656 3368 TOSHIBA eco Utility Service (0b5fa26e0c8a8e07a6df3df4e5711da8) C:\Program Files\TOSHIBA\TECO\TecoService.exe
18:15:55.0656 3368 TOSHIBA eco Utility Service - ok
18:15:55.0718 3368 TOSHIBA HDD SSD Alert Service (67c1da40d78c92622081a3e780c926b2) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:15:55.0718 3368 TOSHIBA HDD SSD Alert Service - ok
18:15:55.0827 3368 tos_sps32 (969377943fe7284609babbab4e06b93c) C:\windows\system32\DRIVERS\tos_sps32.sys
18:15:55.0827 3368 tos_sps32 - ok
18:15:55.0968 3368 TPCHSrv (31d2881b0647f2b09b118b9b50c02888) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
18:15:55.0968 3368 TPCHSrv - ok
18:15:56.0015 3368 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
18:15:56.0030 3368 TrkWks - ok
18:15:56.0108 3368 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
18:15:56.0108 3368 TrustedInstaller - ok
18:15:56.0171 3368 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
18:15:56.0186 3368 tssecsrv - ok
18:15:56.0233 3368 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
18:15:56.0249 3368 TsUsbFlt - ok
18:15:56.0311 3368 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
18:15:56.0311 3368 tunnel - ok
18:15:56.0358 3368 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:15:56.0358 3368 TVALZ - ok
18:15:56.0389 3368 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
18:15:56.0389 3368 TVALZFL - ok
18:15:56.0436 3368 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
18:15:56.0436 3368 uagp35 - ok
18:15:56.0498 3368 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
18:15:56.0498 3368 udfs - ok
18:15:56.0529 3368 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
18:15:56.0545 3368 UI0Detect - ok
18:15:56.0576 3368 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
18:15:56.0576 3368 uliagpkx - ok
18:15:56.0623 3368 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\DRIVERS\umbus.sys
18:15:56.0623 3368 umbus - ok
18:15:56.0654 3368 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
18:15:56.0654 3368 UmPass - ok
18:15:56.0717 3368 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
18:15:56.0717 3368 upnphost - ok
18:15:56.0795 3368 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
18:15:56.0795 3368 usbaudio - ok
18:15:56.0857 3368 usbbus (9419faac6552a51542dbba02971c841c) C:\windows\system32\DRIVERS\lgusbbus.sys
18:15:56.0857 3368 usbbus - ok
18:15:56.0888 3368 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
18:15:56.0904 3368 usbccgp - ok
18:15:56.0904 3368 USBCCID - ok
18:15:56.0966 3368 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
18:15:56.0966 3368 usbcir - ok
18:15:56.0997 3368 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\windows\system32\DRIVERS\lgusbdiag.sys
18:15:56.0997 3368 UsbDiag - ok
18:15:57.0044 3368 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\DRIVERS\usbehci.sys
18:15:57.0044 3368 usbehci - ok
18:15:57.0122 3368 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
18:15:57.0122 3368 usbhub - ok
18:15:57.0153 3368 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\windows\system32\DRIVERS\lgusbmodem.sys
18:15:57.0153 3368 USBModem - ok
18:15:57.0185 3368 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\DRIVERS\usbohci.sys
18:15:57.0185 3368 usbohci - ok
18:15:57.0231 3368 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
18:15:57.0231 3368 usbprint - ok
18:15:57.0278 3368 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
18:15:57.0278 3368 usbscan - ok
18:15:57.0309 3368 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
18:15:57.0309 3368 USBSTOR - ok
18:15:57.0341 3368 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
18:15:57.0341 3368 usbuhci - ok
18:15:57.0419 3368 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
18:15:57.0419 3368 usbvideo - ok
18:15:57.0497 3368 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
18:15:57.0497 3368 UxSms - ok
18:15:57.0528 3368 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
18:15:57.0528 3368 VaultSvc - ok
18:15:57.0590 3368 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
18:15:57.0590 3368 vdrvroot - ok
18:15:57.0668 3368 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
18:15:57.0684 3368 vds - ok
18:15:57.0731 3368 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
18:15:57.0731 3368 vga - ok
18:15:57.0762 3368 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
18:15:57.0762 3368 VgaSave - ok
18:15:57.0809 3368 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
18:15:57.0824 3368 vhdmp - ok
18:15:57.0855 3368 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
18:15:57.0855 3368 viaagp - ok
18:15:57.0902 3368 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
18:15:57.0902 3368 ViaC7 - ok
18:15:57.0933 3368 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
18:15:57.0933 3368 viaide - ok
18:15:57.0965 3368 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
18:15:57.0980 3368 volmgr - ok
18:15:58.0027 3368 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
18:15:58.0027 3368 volmgrx - ok
18:15:58.0089 3368 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
18:15:58.0089 3368 volsnap - ok
18:15:58.0152 3368 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
18:15:58.0152 3368 vsmraid - ok
18:15:58.0339 3368 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
18:15:58.0355 3368 VSS - ok
18:15:58.0386 3368 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
18:15:58.0386 3368 vwifibus - ok
18:15:58.0417 3368 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
18:15:58.0417 3368 vwififlt - ok
18:15:58.0448 3368 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
18:15:58.0448 3368 vwifimp - ok
18:15:58.0526 3368 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
18:15:58.0542 3368 W32Time - ok
18:15:58.0573 3368 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
18:15:58.0573 3368 WacomPen - ok
18:15:58.0635 3368 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
18:15:58.0635 3368 WANARP - ok
18:15:58.0635 3368 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
18:15:58.0635 3368 Wanarpv6 - ok
18:15:58.0838 3368 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
18:15:58.0869 3368 WatAdminSvc - ok
18:15:59.0057 3368 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
18:15:59.0072 3368 wbengine - ok
18:15:59.0119 3368 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
18:15:59.0135 3368 WbioSrvc - ok
18:15:59.0197 3368 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
18:15:59.0213 3368 wcncsvc - ok
18:15:59.0228 3368 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
18:15:59.0244 3368 WcsPlugInService - ok
18:15:59.0322 3368 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
18:15:59.0322 3368 Wd - ok
18:15:59.0400 3368 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
18:15:59.0400 3368 Wdf01000 - ok
18:15:59.0431 3368 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
18:15:59.0447 3368 WdiServiceHost - ok
18:15:59.0447 3368 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
18:15:59.0462 3368 WdiSystemHost - ok
18:15:59.0525 3368 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
18:15:59.0540 3368 WebClient - ok
18:15:59.0571 3368 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
18:15:59.0587 3368 Wecsvc - ok
18:15:59.0618 3368 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
18:15:59.0618 3368 wercplsupport - ok
18:15:59.0681 3368 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
18:15:59.0681 3368 WerSvc - ok
18:15:59.0727 3368 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
18:15:59.0727 3368 WfpLwf - ok
18:15:59.0759 3368 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
18:15:59.0759 3368 WIMMount - ok
18:15:59.0961 3368 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:15:59.0977 3368 WinDefend - ok
18:15:59.0993 3368 WinHttpAutoProxySvc - ok
18:16:00.0071 3368 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
18:16:00.0086 3368 Winmgmt - ok
18:16:00.0273 3368 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
18:16:00.0289 3368 WinRM - ok
18:16:00.0398 3368 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
18:16:00.0414 3368 WinUsb - ok
18:16:00.0554 3368 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
18:16:00.0570 3368 Wlansvc - ok
18:16:00.0897 3368 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:16:00.0929 3368 wlidsvc - ok
18:16:01.0085 3368 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
18:16:01.0085 3368 WmiAcpi - ok
18:16:01.0163 3368 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
18:16:01.0178 3368 wmiApSrv - ok
18:16:01.0428 3368 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:16:01.0443 3368 WMPNetworkSvc - ok
18:16:01.0459 3368 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
18:16:01.0475 3368 WPCSvc - ok
18:16:01.0521 3368 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
18:16:01.0521 3368 WPDBusEnum - ok
18:16:01.0615 3368 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
18:16:01.0615 3368 ws2ifsl - ok
18:16:01.0662 3368 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
18:16:01.0677 3368 wscsvc - ok
18:16:01.0724 3368 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\windows\system32\DRIVERS\WSDPrint.sys
18:16:01.0724 3368 WSDPrintDevice - ok
18:16:01.0740 3368 WSearch - ok
18:16:02.0021 3368 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
18:16:02.0052 3368 wuauserv - ok
18:16:02.0239 3368 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
18:16:02.0239 3368 WudfPf - ok
18:16:02.0301 3368 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
18:16:02.0301 3368 WUDFRd - ok
18:16:02.0348 3368 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
18:16:02.0348 3368 wudfsvc - ok
18:16:02.0411 3368 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
18:16:02.0411 3368 WwanSvc - ok
18:16:02.0473 3368 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:16:02.0894 3368 \Device\Harddisk0\DR0 - ok
18:16:02.0910 3368 Boot (0x1200) (5d23c7fb3ae2f4e4543dcf7c11664442) \Device\Harddisk0\DR0\Partition0
18:16:02.0925 3368 \Device\Harddisk0\DR0\Partition0 - ok
18:16:02.0925 3368 ============================================================
18:16:02.0925 3368 Scan finished
18:16:02.0925 3368 ============================================================
18:16:02.0957 2128 Detected object count: 0
18:16:02.0957 2128 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 29 July 2012 - 05:20 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 jafilson

jafilson
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 July 2012 - 05:45 PM

aswMBR log. It found one infected file. going to run the CF script now.





aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 18:21:40
-----------------------------
18:21:40.120 OS Version: Windows 6.1.7601 Service Pack 1
18:21:40.121 Number of processors: 2 586 0x602
18:21:40.124 ComputerName: JESSICA-PC UserName: Jessica
18:21:42.412 Initialize success
18:23:11.300 AVAST engine defs: 12072901
18:24:00.682 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
18:24:00.690 Disk 0 Vendor: WDC_WD3200BEVT-26ZCT0 12.01A12 Size: 305245MB BusType: 11
18:24:00.747 Disk 0 MBR read successfully
18:24:00.755 Disk 0 MBR scan
18:24:00.770 Disk 0 Windows VISTA default MBR code
18:24:00.783 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
18:24:00.894 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 295636 MB offset 3074048
18:24:00.934 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8108 MB offset 608536576
18:24:00.955 Disk 0 scanning sectors +625141760
18:24:01.035 Disk 0 scanning C:\windows\system32\drivers
18:24:17.953 Service scanning
18:24:55.306 Modules scanning
18:25:08.828 Disk 0 trace - called modules:
18:25:08.879 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
18:25:08.897 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865b9318]
18:25:08.916 3 CLASSPNP.SYS[8b00459e] -> nt!IofCallDriver -> [0x864cd918]
18:25:08.932 5 ACPI.sys[83e1f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x865b9908]
18:25:10.697 AVAST engine scan C:\windows
18:25:16.064 AVAST engine scan C:\windows\system32
18:28:34.404 File: C:\windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:30:09.462 AVAST engine scan C:\windows\system32\drivers
18:30:32.488 AVAST engine scan C:\Users\Jessica
18:39:42.616 AVAST engine scan C:\ProgramData
18:43:17.220 Scan finished successfully
18:43:52.092 Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat"
18:43:52.129 The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR.txt"

#10 jafilson

jafilson
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 July 2012 - 06:32 PM

Ran combofix again. Computer didn't restart after combo fix (should it have?), also did not run into any "illegal operation" messages after combofix was done. Here is combofix log. Computer is running normally again but I have not restarted since first combofix run (although after that first run of combofix it did restart by itself AND manually without having to run the StartUp repair.) All programs seem to be running normally.

ComboFix 12-07-29.02 - Jessica 07/29/2012 18:51:35.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.1781 [GMT -4:00]
Running from: c:\users\Jessica\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 23:20 . 2012-07-29 23:20 -------- d-----w- c:\users\Jessica\AppData\Local\temp
2012-07-29 23:20 . 2012-07-29 23:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-11 13:15 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 12:23 . 2012-07-29 03:18 -------- d-----w- c:\users\Jessica\AppData\Roaming\FixZeroAccess
2012-07-09 11:52 . 2012-07-11 13:23 -------- d-----w- c:\users\Jessica\AppData\Local\LogMeIn Rescue Applet
2012-07-09 11:00 . 2012-07-09 11:00 -------- d-----w- c:\users\Jessica\AppData\Local\Chromium
2012-07-09 11:00 . 2012-07-09 11:00 -------- d-----w- c:\program files\Norton PC Checkup 3.0
2012-07-09 10:59 . 2012-07-09 10:59 -------- d-----w- c:\users\Jessica\AppData\Roaming\PCCUStubInstaller
2012-07-09 05:14 . 2012-07-09 05:14 -------- d-----w- c:\windows\system32\N360_BACKUP
2012-07-09 03:13 . 2012-07-09 03:13 -------- d-----w- c:\users\Jessica\AppData\Roaming\Malwarebytes
2012-07-09 03:13 . 2012-07-09 03:13 -------- d-----w- c:\programdata\Malwarebytes
2012-07-09 03:13 . 2012-07-09 03:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-09 03:13 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-08 17:07 . 2012-07-09 10:12 -------- d-----w- c:\program files\PC Tools
2012-07-08 17:05 . 2012-07-09 10:12 -------- d-----w- c:\program files\Common Files\PC Tools
2012-07-08 17:05 . 2012-05-11 15:14 203088 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-07-08 17:04 . 2012-07-09 05:11 -------- d-----w- c:\programdata\PC Tools
2012-07-08 17:04 . 2012-07-08 17:04 -------- d-----w- c:\users\Jessica\AppData\Roaming\TestApp
2012-07-08 17:03 . 2012-07-09 05:09 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-08 16:45 . 2012-07-08 16:45 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-08 16:45 . 2012-07-08 16:45 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-08 15:45 . 2012-07-08 15:45 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-08 15:35 . 2012-07-28 21:09 -------- d-----w- c:\users\Jessica\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-08 15:33 . 2012-04-13 01:41 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-08 15:33 . 2011-06-28 03:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-24 02:57 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 02:57 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 02:57 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 02:57 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-24 02:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-24 02:57 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-24 02:57 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-24 02:56 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-24 02:56 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 03:03 . 2012-06-13 13:44 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-01 04:44 . 2012-06-13 13:43 164352 ----a-w- c:\windows\system32\profsvc.dll
2010-03-31 14:09 . 2010-03-31 14:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 16:36 . 2010-04-08 16:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-07-29 22:14 . 2011-05-04 01:18 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-08-05 22:04 738616 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 18:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop Software]
2009-04-24 07:57 1025320 ----a-w- c:\program files\Common Files\SupportSoft\bin\bcont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
2010-01-18 17:27 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]
2010-05-05 14:18 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magellan CmTray]
2011-03-04 17:10 458752 ----a-w- c:\program files\Content Manager\CmTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 19:56 462408 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-07-29 05:12 7625248 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2009-07-28 22:00 460088 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-07-30 06:32 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-08-12 00:09 1324384 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-06-14 17:08 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-08-17 18:48 1294136 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-09-17 20:37 611672 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosWaitSrv]
2009-08-07 01:05 611672 ----a-w- c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-08-21 17:29 476512 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S0 IFP300;iriver Internet Audio Player IFP-300;c:\windows\system32\DRIVERS\ifp300.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\BASHDefs\20120711.002\BHDrvx86.sys [x]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.1.2.10\Definitions\IPSDefs\20120727.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0602010.005\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [x]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 78306335
*NewlyCreated* - 79462075
*NewlyCreated* - ASWMBR
*Deregistered* - 78306335
*Deregistered* - 79462075
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:51]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 22:51]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1 71.252.0.12
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\ojfhc0nr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.gopher - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-29 19:22:37
ComboFix-quarantined-files.txt 2012-07-29 23:22
ComboFix2.txt 2012-07-29 21:00
.
Pre-Run: 240,957,272,064 bytes free
Post-Run: 241,048,350,720 bytes free
.
- - End Of File - - A62088DE2F28B58C1C921396079B058A

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 29 July 2012 - 08:42 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 jafilson

jafilson
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 29 July 2012 - 10:07 PM

Adobe reader installed. java installed. CCleaner installed and run.
Malwarebytes' update required an automatic restart which went normally with no Startup repair required. Had to run Hijackthis as administrator but no problems with that. Computer seems to be running much faster and Norton 360 security report has no more occurences of trojan.zeroacces!inf since original posting yesterday.

below is Malwarebytes report and hijackthis report.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.30.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Jessica :: JESSICA-PC [administrator]

Protection: Enabled

7/29/2012 10:51:16 PM
mbam-log-2012-07-29 (22-51-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193315
Time elapsed: 6 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:01:34 PM, on 7/29/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\taskhost.exe
C:\Users\Jessica\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264646763155
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://l.yimg.com/jh/games/web_games/playtime/mahjongescape/PTGameLauncher.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: lxeaCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\W32X86\3\\lxeaserv.exe
O23 - Service: lxea_device - - C:\windows\system32\lxeacoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

--
End of file - 8952 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 29 July 2012 - 10:11 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 jafilson

jafilson
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 30 July 2012 - 06:00 AM

I removed the 3 entries. Ran esetscan (it took A LONG time) and here are the results:

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win32/Sirefef.FC trojan deleted - quarantined
C:\Users\Jessica\Documents\fun stuff\downloaded stuff\drug wars.exe Win32/Adware.Gator application cleaned by deleting - quarantined


computer seems to be running fine, I havn't had to do any restarts, no more occurences of trojan.zeroaccess in Norton 360. Computer also seems to be running faster than it has recently.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:27 PM

Posted 30 July 2012 - 12:35 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Jessica\Documents\fun stuff\downloaded stuff\drug wars.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users