Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer has a virus DDS log


  • This topic is locked This topic is locked
24 replies to this topic

#1 crazyisgood

crazyisgood

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 02 August 2012 - 01:41 AM

Have C:\Windows\System32\services.exe is infected with Dropper.Generic_c.MMI

my DDS log

Attached Files

  • Attached File  DDS.txt   24.24KB   1 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 AM

Posted 04 August 2012 - 12:38 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 crazyisgood

crazyisgood
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 04 August 2012 - 05:09 AM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 6 Update 20
Java™ 7 Update 4
Java version out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



combofix got stuck on deleting a folder for a few hours so restarted it. what do I do now?

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 AM

Posted 04 August 2012 - 02:06 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 crazyisgood

crazyisgood
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 04 August 2012 - 07:59 PM

It seems to be working better. No longer is it redirecting me when using google and click on a link. Still want to be sure nothing else is wrong though.

ComboFix 12-08-04.02 - Swindle 08/04/2012 17:37:47.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.2574 [GMT -7:00]
Running from: c:\users\Swindle\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Swindle\voruvuhypyfc.exe
.
---- Previous Run -------
.
C:\install.exe
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\{FBBC4667-2521-4E78-B1BD-8706F774549B}
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.dat
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exe
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.lnk
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.msi
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.par
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.res
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\instance.dat
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\mia.lib
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\{373A11D3-0B96-4E16-9184-7D0FBE86932F}
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\15DD5D7A\Best Buy pc app.application
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\ApexNew-BoldItalic.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\ApexNew-Book.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\ApexNew-BookItalic.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\ApexNew-Medium.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\ApexNew-MediumItalic.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-66FullFlyweight.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-67FullBantamwt.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-68FullFeatherwt.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-69FullLiteweight.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-70FullWelterwt.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-90UltmtWelterwt.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-91UltmtMiddlewt.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-92UltmtCruiserwt.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-93UltmtHeviwt.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\26B14264\Knockout-94UltmtSumo.ttf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\7197D142\Translations.xml.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\arrow_left.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\arrow_right.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\availableAgents.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\BBSI_Logo_Final.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\btn_connectNow.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\busy.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\card-CID-A.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\card-CID-B.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\Cart-BtnSm.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\checkMark_12x12.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\CID_40x18.jpg.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\Click_button5.wav.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\ESRB_Graphic.JPG.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\geek_squad_support_2.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\HelveticaLTStd-Bold.otf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\HelveticaLTStd-Roman.otf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\Icon_error.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\icon_good.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\MajorUpdateBG.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\OfficeActivationImage.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\offline.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\OfflineBG.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\online.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\OutsideUS-BG.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\QuickUpdateBG.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\remoteSupportHeader.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\StarEmpty.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\StarFull.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\Verisign_69x33.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\VeriSignLogo_76x36.jpg.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\B90698A3\WelcomeBG.png.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\AppIcon.ico.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\AppMeasurement_DotNET_Strong.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Best Buy pc app.exe.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Best Buy pc app.exe.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Best Buy pc app.exe.manifest
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\BestBuySoftwareInstaller.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Common.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Common.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\CommunicationNet.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Controls.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\FluidKit.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Interop.IWshRuntimeLibrary.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Ionic.Zip.Reduced.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Localization.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.Composite.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.Composite.Presentation.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.Composite.UnityExtensions.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.EnterpriseLibrary.Common.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.EnterpriseLibrary.Logging.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.ObjectBuilder2.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.ServiceLocation.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.Unity.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Microsoft.Practices.Unity.Interception.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\pc app Installer.exe.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\pc app Installer.exe.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.Default.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.Default.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.GeekSquad.Common.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.GeekSquad.Common.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.GeekSquad.Controller.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.GeekSquad.ViewModels.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.GeekSquad.ViewModels.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.GeekSquad.Views.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.GeekSquad.Views.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.Home.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.Home.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.Omniture.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.Omniture.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.Update.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImage.Modules.Update.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImageInfrastructure.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\PCImageInfrastructure.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\Restarter.exe.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\SecureDownloadAPI.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\SecureDownloadAPI64.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\SecureDownloadAPIHelper.exe.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\SharpBITS.Base.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\ViewModels.dll.config.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\ViewModels.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BB25199\WCFCompression.dll.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\Cart.ico.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\Check.ico.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\Clock.ico.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\Home.ico.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\icon_ESRB_AdultsOnly.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\icon_ESRB_EarlyChildhood.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\icon_ESRB_Everyone.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\icon_ESRB_Everyone10plus.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\icon_ESRB_Mature.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\icon_ESRB_Pending.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\icon_ESRB_Teen.gif.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\BFD442CB\Installed.ico.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\E507E05\tempCategories.xml.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\E507E05\TranslationSchema.xsd.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\F131BEEE\About.rtf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\217807D8\F131BEEE\WelcomeScreen.rtf.deploy
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\224E16D\373872A7\BestBuyPcAppDetector.ocx
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\4C9F5FE\373872A7\Best Buy pc app Launcher.exe
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\8E070D3B\373872A7\npBestBuyPcAppDetector.dll
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\E5D03152\373872A7\ClickOnceSetup.exe
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\E8AF95C2\373872A7\ClickOnceUninstaller.exe
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\mDown.dll\mDownExec.dll
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\mWinRun.dll\mWinRunExec.dll
c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\OFFLINE\mXML.dll\mXMLRun.dll
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\install.rdf
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\extensions\crossriderapp2258@crossrider.com\skin\update.css
c:\users\Swindle\Documents\~WRL0005.tmp
c:\users\Swindle\voruvuhypyfc.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\@
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\L\00000004.@
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\L\201d3dde
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\U\00000004.@
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\U\00000008.@
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\U\000000cb.@
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\U\80000000.@
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\U\80000032.@
c:\windows\Installer\{c0f1c756-10b5-020d-e719-e98f583c42b3}\U\80000064.@
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 00:43 . 2012-08-05 00:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 06:18 . 2012-08-04 06:18 -------- d-----w- c:\users\Swindle\AppData\Roaming\Tific
2012-08-02 05:02 . 2012-08-02 05:02 -------- d-----w- c:\users\Swindle\AppData\Local\visi_coupon
2012-08-02 04:55 . 2012-08-02 04:55 -------- d-----w- c:\program files (x86)\AVG
2012-08-02 04:34 . 2012-08-05 00:29 -------- d-----w- c:\programdata\MFAData
2012-08-02 04:34 . 2012-08-02 04:34 -------- d--h--w- c:\programdata\Common Files
2012-08-02 03:28 . 2012-08-02 03:28 -------- d-----w- c:\users\Swindle\AppData\Roaming\SUPERAntiSpyware.com
2012-08-02 03:27 . 2012-08-02 03:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-02 03:27 . 2012-08-02 03:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-02 01:50 . 2012-08-02 01:50 -------- d-----w- c:\users\Swindle\AppData\Roaming\Malwarebytes
2012-08-02 01:50 . 2012-08-02 01:50 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 01:50 . 2012-08-02 01:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-02 01:50 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 18:30 . 2012-07-30 18:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 07:33 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F49F0120-9D83-4CA2-9155-E84DA49AB944}\mpengine.dll
2012-07-12 08:17 . 2012-06-02 12:03 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-07-11 10:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:19 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:19 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:19 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:19 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:19 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:19 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 07:19 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 07:19 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 07:19 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 07:02 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:02 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:02 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 07:02 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 07:02 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:02 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 07:00 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-07 09:03 . 2012-07-07 09:03 -------- d-----w- c:\users\Swindle\AppData\Local\Wajam
2012-07-07 09:03 . 2012-07-07 09:03 -------- d-----w- c:\program files (x86)\Yontoo
2012-07-07 09:03 . 2012-07-07 09:03 -------- d-----w- c:\program files (x86)\Wajam
2012-07-07 09:03 . 2012-07-07 09:03 -------- d-----w- c:\programdata\Tarma Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 07:24 . 2012-06-12 05:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 07:24 . 2012-06-12 05:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 10:01 . 2012-06-17 08:04 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-16 10:20 . 2012-06-16 10:20 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-16 10:20 . 2012-06-16 10:20 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-16 10:20 . 2012-06-16 10:20 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-16 10:20 . 2012-06-16 10:20 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-16 10:20 . 2012-06-16 10:20 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-16 10:20 . 2012-06-16 10:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-16 10:20 . 2012-06-16 10:20 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-16 10:20 . 2012-06-16 10:20 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-16 10:20 . 2012-06-16 10:20 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-16 10:20 . 2012-06-16 10:20 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-16 10:20 . 2012-06-16 10:20 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-16 10:20 . 2012-06-16 10:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-16 10:20 . 2012-06-16 10:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-16 10:20 . 2012-06-16 10:20 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-16 10:20 . 2012-06-16 10:20 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-16 10:20 . 2012-06-16 10:20 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-16 10:20 . 2012-06-16 10:20 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-16 10:20 . 2012-06-16 10:20 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-16 10:20 . 2012-06-16 10:20 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-16 10:20 . 2012-06-16 10:20 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-16 10:20 . 2012-06-16 10:20 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-16 10:20 . 2012-06-16 10:20 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-16 10:20 . 2012-06-16 10:20 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-16 10:20 . 2012-06-16 10:20 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-16 10:20 . 2012-06-16 10:20 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-16 10:20 . 2012-06-16 10:20 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-16 10:20 . 2012-06-16 10:20 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-16 10:20 . 2012-06-16 10:20 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-16 10:20 . 2012-06-16 10:20 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-16 10:20 . 2012-06-16 10:20 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-16 10:20 . 2012-06-16 10:20 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-16 10:20 . 2012-06-16 10:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-16 10:20 . 2012-06-16 10:20 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-16 10:20 . 2012-06-16 10:20 448512 ----a-w- c:\windows\system32\html.iec
2012-06-16 10:20 . 2012-06-16 10:20 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-16 10:20 . 2012-06-16 10:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-16 10:20 . 2012-06-16 10:20 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-16 10:20 . 2012-06-16 10:20 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-16 10:20 . 2012-06-16 10:20 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-16 10:20 . 2012-06-16 10:20 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-16 10:20 . 2012-06-16 10:20 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-16 10:20 . 2012-06-16 10:20 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-16 10:20 . 2012-06-16 10:20 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-16 10:20 . 2012-06-16 10:20 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-16 10:20 . 2012-06-16 10:20 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-16 10:20 . 2012-06-16 10:20 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-16 10:20 . 2012-06-16 10:20 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-16 10:20 . 2012-06-16 10:20 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-16 10:20 . 2012-06-16 10:20 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-16 10:20 . 2012-06-16 10:20 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-16 10:20 . 2012-06-16 10:20 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-16 10:20 . 2012-06-16 10:20 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-11 21:24 . 2012-06-11 02:33 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-11 02:56 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-22 22:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 22:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 22:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 22:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 22:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 22:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 22:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 22:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 22:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-01 22:55 . 2012-06-17 18:15 34088 ----a-w- c:\windows\system32\SndTAudio.sys
2012-06-01 22:55 . 2012-06-17 18:15 34088 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2012-06-01 22:20 . 2012-06-17 18:15 260608 ----a-w- c:\windows\SysWow64\snmvtsvc.exe
2012-05-31 22:38 . 2012-06-17 18:15 252928 ----a-w- c:\windows\SysWow64\GSService.exe
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-11 39408]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
R1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120715.001\IDSvia64.sys [2012-06-14 509088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 204288]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-04-24 109064]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-21 9256960]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 300544]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-11 138912]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-05-31 252928]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2012-06-01 260608]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2012-06-01 34088]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-15 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 07:24]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 02:35]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 02:35]
.
2012-08-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5791ec23-824e-4316-a3fc-c943882d7548.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ca026ce7-e9e8-4a54-af77-8ef2f6c14df4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF14042.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"combofix"="c:\combofix\CF14042.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b026db5b000000000000e89a8f882bb6
FF - user.js: extensions.BabylonToolbar_i.hardId - b026db5b000000000000e89a8f882bb6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15502
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 142f2a2c-2c42-4ef4-a4d3-a7bb70232597
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-voruvuhypyfc - c:\users\Swindle\voruvuhypyfc.exe
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-Best Buy pc app - c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{373A11D3-0B96-4E16-9184-7D0FBE86932F}\Best Buy pc app Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-04 17:51:51 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-05 00:51
.
Pre-Run: 3,141,001,216 bytes free
Post-Run: 2,825,216,000 bytes free
.
- - End Of File - - 77429FFF39DAD88FDEE68F5DECE3B40F

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 AM

Posted 04 August 2012 - 09:02 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 crazyisgood

crazyisgood
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 05 August 2012 - 11:57 PM

21:28:30.0701 3316 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:28:31.0669 3316 ============================================================
21:28:31.0669 3316 Current date / time: 2012/08/05 21:28:31.0669
21:28:31.0669 3316 SystemInfo:
21:28:31.0669 3316
21:28:31.0669 3316 OS Version: 6.1.7601 ServicePack: 1.0
21:28:31.0669 3316 Product type: Workstation
21:28:31.0669 3316 ComputerName: SWINDLE-PC
21:28:31.0669 3316 UserName: Swindle
21:28:31.0669 3316 Windows directory: C:\windows
21:28:31.0669 3316 System windows directory: C:\windows
21:28:31.0669 3316 Running under WOW64
21:28:31.0669 3316 Processor architecture: Intel x64
21:28:31.0669 3316 Number of processors: 4
21:28:31.0669 3316 Page size: 0x1000
21:28:31.0669 3316 Boot type: Normal boot
21:28:31.0669 3316 ============================================================
21:28:33.0135 3316 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:28:33.0151 3316 ============================================================
21:28:33.0151 3316 \Device\Harddisk0\DR0:
21:28:33.0151 3316 MBR partitions:
21:28:33.0151 3316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2364B800
21:28:33.0151 3316 ============================================================
21:28:33.0166 3316 C: <-> \Device\Harddisk0\DR0\Partition0
21:28:33.0166 3316 ============================================================
21:28:33.0166 3316 Initialize success
21:28:33.0166 3316 ============================================================
21:28:36.0021 3232 ============================================================
21:28:36.0021 3232 Scan started
21:28:36.0021 3232 Mode: Manual;
21:28:36.0021 3232 ============================================================
21:28:37.0160 3232 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:28:37.0160 3232 !SASCORE - ok
21:28:37.0347 3232 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:28:37.0363 3232 1394ohci - ok
21:28:37.0409 3232 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:28:37.0409 3232 ACPI - ok
21:28:37.0425 3232 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:28:37.0425 3232 AcpiPmi - ok
21:28:37.0503 3232 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:28:37.0503 3232 AdobeARMservice - ok
21:28:37.0628 3232 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:28:37.0643 3232 AdobeFlashPlayerUpdateSvc - ok
21:28:37.0721 3232 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:28:37.0721 3232 adp94xx - ok
21:28:37.0753 3232 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:28:37.0768 3232 adpahci - ok
21:28:37.0768 3232 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:28:37.0784 3232 adpu320 - ok
21:28:37.0799 3232 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:28:37.0799 3232 AeLookupSvc - ok
21:28:37.0862 3232 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:28:37.0877 3232 AFD - ok
21:28:37.0924 3232 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:28:37.0924 3232 agp440 - ok
21:28:37.0971 3232 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:28:37.0971 3232 ALG - ok
21:28:38.0002 3232 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:28:38.0002 3232 aliide - ok
21:28:38.0049 3232 AMD External Events Utility (e9f172f8067830ab6418fcf13b7c82f1) C:\windows\system32\atiesrxx.exe
21:28:38.0049 3232 AMD External Events Utility - ok
21:28:38.0080 3232 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:28:38.0080 3232 amdide - ok
21:28:38.0189 3232 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:28:38.0189 3232 AmdK8 - ok
21:28:39.0094 3232 amdkmdag (3ea481540bf571ce2ac422249c4e18a9) C:\windows\system32\DRIVERS\atikmdag.sys
21:28:39.0157 3232 amdkmdag - ok
21:28:39.0297 3232 amdkmdap (c5228c5fd5ca78002255089c4e74dc0e) C:\windows\system32\DRIVERS\atikmpag.sys
21:28:39.0297 3232 amdkmdap - ok
21:28:39.0344 3232 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:28:39.0344 3232 AmdPPM - ok
21:28:39.0375 3232 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:28:39.0375 3232 amdsata - ok
21:28:39.0406 3232 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:28:39.0406 3232 amdsbs - ok
21:28:39.0422 3232 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:28:39.0422 3232 amdxata - ok
21:28:39.0453 3232 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:28:39.0469 3232 AppID - ok
21:28:39.0484 3232 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:28:39.0484 3232 AppIDSvc - ok
21:28:39.0500 3232 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:28:39.0500 3232 Appinfo - ok
21:28:39.0547 3232 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:28:39.0547 3232 arc - ok
21:28:39.0547 3232 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:28:39.0547 3232 arcsas - ok
21:28:39.0687 3232 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:28:39.0687 3232 aspnet_state - ok
21:28:39.0734 3232 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:28:39.0734 3232 AsyncMac - ok
21:28:39.0749 3232 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:28:39.0749 3232 atapi - ok
21:28:39.0827 3232 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
21:28:39.0843 3232 athr - ok
21:28:39.0983 3232 AtiHDAudioService (e02b26650acc2f4901342d4a66774ad7) C:\windows\system32\drivers\AtihdW76.sys
21:28:39.0999 3232 AtiHDAudioService - ok
21:28:40.0061 3232 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:28:40.0077 3232 AudioEndpointBuilder - ok
21:28:40.0077 3232 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:28:40.0077 3232 AudioSrv - ok
21:28:40.0108 3232 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:28:40.0108 3232 AxInstSV - ok
21:28:40.0155 3232 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:28:40.0155 3232 b06bdrv - ok
21:28:40.0202 3232 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:28:40.0202 3232 b57nd60a - ok
21:28:40.0264 3232 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:28:40.0264 3232 BDESVC - ok
21:28:40.0280 3232 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:28:40.0280 3232 Beep - ok
21:28:40.0342 3232 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:28:40.0358 3232 BFE - ok
21:28:40.0623 3232 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
21:28:40.0639 3232 BHDrvx64 - ok
21:28:40.0748 3232 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:28:40.0763 3232 blbdrive - ok
21:28:40.0795 3232 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:28:40.0795 3232 bowser - ok
21:28:40.0810 3232 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:28:40.0826 3232 BrFiltLo - ok
21:28:40.0841 3232 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:28:40.0841 3232 BrFiltUp - ok
21:28:40.0873 3232 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
21:28:40.0873 3232 BridgeMP - ok
21:28:40.0919 3232 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:28:40.0919 3232 Browser - ok
21:28:40.0951 3232 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:28:40.0966 3232 Brserid - ok
21:28:40.0982 3232 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:28:40.0982 3232 BrSerWdm - ok
21:28:41.0029 3232 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:28:41.0029 3232 BrUsbMdm - ok
21:28:41.0060 3232 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:28:41.0060 3232 BrUsbSer - ok
21:28:41.0091 3232 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:28:41.0091 3232 BTHMODEM - ok
21:28:41.0122 3232 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:28:41.0122 3232 bthserv - ok
21:28:41.0138 3232 catchme - ok
21:28:41.0169 3232 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:28:41.0169 3232 cdfs - ok
21:28:41.0216 3232 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:28:41.0216 3232 cdrom - ok
21:28:41.0263 3232 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:28:41.0263 3232 CertPropSvc - ok
21:28:41.0278 3232 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:28:41.0278 3232 circlass - ok
21:28:41.0309 3232 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:28:41.0309 3232 CLFS - ok
21:28:41.0372 3232 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:28:41.0372 3232 clr_optimization_v2.0.50727_32 - ok
21:28:41.0434 3232 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:28:41.0434 3232 clr_optimization_v2.0.50727_64 - ok
21:28:41.0559 3232 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:28:41.0559 3232 clr_optimization_v4.0.30319_32 - ok
21:28:41.0590 3232 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:28:41.0590 3232 clr_optimization_v4.0.30319_64 - ok
21:28:41.0621 3232 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:28:41.0621 3232 CmBatt - ok
21:28:41.0653 3232 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:28:41.0653 3232 cmdide - ok
21:28:41.0731 3232 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
21:28:41.0731 3232 CNG - ok
21:28:41.0855 3232 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys
21:28:41.0871 3232 CnxtHdAudService - ok
21:28:41.0965 3232 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:28:41.0965 3232 Compbatt - ok
21:28:41.0996 3232 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
21:28:41.0996 3232 CompositeBus - ok
21:28:42.0027 3232 COMSysApp - ok
21:28:42.0043 3232 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:28:42.0058 3232 crcdisk - ok
21:28:42.0136 3232 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
21:28:42.0136 3232 CryptSvc - ok
21:28:42.0277 3232 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:28:42.0292 3232 cvhsvc - ok
21:28:42.0339 3232 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:28:42.0355 3232 DcomLaunch - ok
21:28:42.0401 3232 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:28:42.0401 3232 defragsvc - ok
21:28:42.0448 3232 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:28:42.0448 3232 DfsC - ok
21:28:42.0604 3232 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:28:42.0604 3232 Dhcp - ok
21:28:42.0620 3232 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:28:42.0620 3232 discache - ok
21:28:42.0667 3232 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:28:42.0667 3232 Disk - ok
21:28:42.0698 3232 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:28:42.0713 3232 Dnscache - ok
21:28:42.0745 3232 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:28:42.0745 3232 dot3svc - ok
21:28:42.0760 3232 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:28:42.0776 3232 DPS - ok
21:28:42.0807 3232 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:28:42.0807 3232 drmkaud - ok
21:28:42.0869 3232 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:28:42.0885 3232 DXGKrnl - ok
21:28:42.0916 3232 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:28:42.0916 3232 EapHost - ok
21:28:43.0072 3232 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:28:43.0088 3232 ebdrv - ok
21:28:43.0197 3232 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
21:28:43.0213 3232 eeCtrl - ok
21:28:43.0337 3232 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:28:43.0337 3232 EFS - ok
21:28:43.0415 3232 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:28:43.0415 3232 ehRecvr - ok
21:28:43.0431 3232 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:28:43.0431 3232 ehSched - ok
21:28:43.0525 3232 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:28:43.0525 3232 elxstor - ok
21:28:43.0649 3232 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
21:28:43.0649 3232 EraserUtilRebootDrv - ok
21:28:43.0665 3232 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:28:43.0681 3232 ErrDev - ok
21:28:43.0759 3232 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:28:43.0759 3232 EventSystem - ok
21:28:43.0805 3232 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:28:43.0821 3232 exfat - ok
21:28:43.0852 3232 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:28:43.0852 3232 fastfat - ok
21:28:43.0946 3232 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:28:43.0946 3232 Fax - ok
21:28:43.0977 3232 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:28:43.0977 3232 fdc - ok
21:28:43.0993 3232 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:28:44.0008 3232 fdPHost - ok
21:28:44.0008 3232 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:28:44.0024 3232 FDResPub - ok
21:28:44.0039 3232 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:28:44.0039 3232 FileInfo - ok
21:28:44.0055 3232 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:28:44.0055 3232 Filetrace - ok
21:28:44.0086 3232 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:28:44.0086 3232 flpydisk - ok
21:28:44.0102 3232 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:28:44.0117 3232 FltMgr - ok
21:28:44.0180 3232 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:28:44.0195 3232 FontCache - ok
21:28:44.0258 3232 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:28:44.0258 3232 FontCache3.0.0.0 - ok
21:28:44.0320 3232 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:28:44.0320 3232 FsDepends - ok
21:28:44.0351 3232 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:28:44.0351 3232 Fs_Rec - ok
21:28:44.0398 3232 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:28:44.0398 3232 fvevol - ok
21:28:44.0461 3232 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:28:44.0461 3232 gagp30kx - ok
21:28:44.0554 3232 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:28:44.0570 3232 gpsvc - ok
21:28:44.0679 3232 GSService (a423e4e2187b5e8dea8a6b31950acc18) C:\windows\SysWOW64\GSService.exe
21:28:44.0695 3232 GSService - ok
21:28:44.0788 3232 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:28:44.0788 3232 gupdate - ok
21:28:44.0804 3232 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:28:44.0804 3232 gupdatem - ok
21:28:44.0851 3232 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:28:44.0851 3232 gusvc - ok
21:28:44.0944 3232 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:28:44.0944 3232 hcw85cir - ok
21:28:45.0007 3232 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:28:45.0022 3232 HdAudAddService - ok
21:28:45.0053 3232 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
21:28:45.0053 3232 HDAudBus - ok
21:28:45.0085 3232 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:28:45.0085 3232 HidBatt - ok
21:28:45.0116 3232 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:28:45.0116 3232 HidBth - ok
21:28:45.0147 3232 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:28:45.0147 3232 HidIr - ok
21:28:45.0163 3232 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
21:28:45.0163 3232 hidserv - ok
21:28:45.0225 3232 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
21:28:45.0225 3232 HidUsb - ok
21:28:45.0256 3232 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:28:45.0256 3232 hkmsvc - ok
21:28:45.0272 3232 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:28:45.0287 3232 HomeGroupListener - ok
21:28:45.0319 3232 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:28:45.0319 3232 HomeGroupProvider - ok
21:28:45.0365 3232 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:28:45.0365 3232 HpSAMD - ok
21:28:45.0428 3232 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:28:45.0443 3232 HTTP - ok
21:28:45.0459 3232 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:28:45.0459 3232 hwpolicy - ok
21:28:45.0521 3232 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
21:28:45.0521 3232 i8042prt - ok
21:28:45.0584 3232 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:28:45.0584 3232 iaStorV - ok
21:28:45.0693 3232 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:28:45.0693 3232 IDriverT - ok
21:28:45.0802 3232 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:28:45.0818 3232 idsvc - ok
21:28:46.0005 3232 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120715.001\IDSvia64.sys
21:28:46.0005 3232 IDSVia64 - ok
21:28:46.0099 3232 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:28:46.0099 3232 iirsp - ok
21:28:46.0177 3232 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:28:46.0192 3232 IKEEXT - ok
21:28:46.0192 3232 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:28:46.0192 3232 intelide - ok
21:28:46.0223 3232 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
21:28:46.0223 3232 intelppm - ok
21:28:46.0239 3232 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:28:46.0239 3232 IPBusEnum - ok
21:28:46.0255 3232 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:28:46.0255 3232 IpFilterDriver - ok
21:28:46.0317 3232 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:28:46.0333 3232 iphlpsvc - ok
21:28:46.0348 3232 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:28:46.0348 3232 IPMIDRV - ok
21:28:46.0379 3232 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:28:46.0395 3232 IPNAT - ok
21:28:46.0411 3232 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:28:46.0426 3232 IRENUM - ok
21:28:46.0457 3232 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:28:46.0457 3232 isapnp - ok
21:28:46.0535 3232 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:28:46.0535 3232 iScsiPrt - ok
21:28:46.0567 3232 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:28:46.0567 3232 kbdclass - ok
21:28:46.0598 3232 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:28:46.0598 3232 kbdhid - ok
21:28:46.0676 3232 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:28:46.0676 3232 KeyIso - ok
21:28:46.0738 3232 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
21:28:46.0738 3232 KSecDD - ok
21:28:46.0754 3232 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
21:28:46.0754 3232 KSecPkg - ok
21:28:46.0785 3232 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:28:46.0785 3232 ksthunk - ok
21:28:46.0832 3232 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:28:46.0832 3232 KtmRm - ok
21:28:46.0894 3232 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
21:28:46.0894 3232 L1C - ok
21:28:46.0925 3232 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
21:28:46.0941 3232 LanmanServer - ok
21:28:46.0988 3232 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:28:46.0988 3232 LanmanWorkstation - ok
21:28:47.0035 3232 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:28:47.0035 3232 lltdio - ok
21:28:47.0097 3232 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:28:47.0097 3232 lltdsvc - ok
21:28:47.0113 3232 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:28:47.0113 3232 lmhosts - ok
21:28:47.0159 3232 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:28:47.0159 3232 LSI_FC - ok
21:28:47.0206 3232 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:28:47.0206 3232 LSI_SAS - ok
21:28:47.0222 3232 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:28:47.0222 3232 LSI_SAS2 - ok
21:28:47.0237 3232 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:28:47.0237 3232 LSI_SCSI - ok
21:28:47.0269 3232 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:28:47.0269 3232 luafv - ok
21:28:47.0347 3232 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys
21:28:47.0347 3232 MBAMProtector - ok
21:28:47.0425 3232 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:28:47.0440 3232 MBAMService - ok
21:28:47.0471 3232 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:28:47.0471 3232 Mcx2Svc - ok
21:28:47.0487 3232 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:28:47.0487 3232 megasas - ok
21:28:47.0549 3232 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:28:47.0549 3232 MegaSR - ok
21:28:47.0565 3232 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:28:47.0565 3232 MMCSS - ok
21:28:47.0581 3232 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:28:47.0581 3232 Modem - ok
21:28:47.0612 3232 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:28:47.0612 3232 monitor - ok
21:28:47.0643 3232 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:28:47.0643 3232 mouclass - ok
21:28:47.0674 3232 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
21:28:47.0674 3232 mouhid - ok
21:28:47.0721 3232 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:28:47.0721 3232 mountmgr - ok
21:28:47.0799 3232 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:28:47.0799 3232 MozillaMaintenance - ok
21:28:47.0877 3232 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:28:47.0893 3232 mpio - ok
21:28:47.0908 3232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:28:47.0908 3232 mpsdrv - ok
21:28:47.0939 3232 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:28:47.0955 3232 MRxDAV - ok
21:28:47.0986 3232 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:28:47.0986 3232 mrxsmb - ok
21:28:48.0049 3232 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:28:48.0064 3232 mrxsmb10 - ok
21:28:48.0080 3232 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:28:48.0080 3232 mrxsmb20 - ok
21:28:48.0111 3232 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
21:28:48.0111 3232 msahci - ok
21:28:48.0127 3232 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:28:48.0127 3232 msdsm - ok
21:28:48.0158 3232 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:28:48.0173 3232 MSDTC - ok
21:28:48.0205 3232 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:28:48.0205 3232 Msfs - ok
21:28:48.0220 3232 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:28:48.0220 3232 mshidkmdf - ok
21:28:48.0236 3232 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:28:48.0236 3232 msisadrv - ok
21:28:48.0283 3232 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:28:48.0298 3232 MSiSCSI - ok
21:28:48.0298 3232 msiserver - ok
21:28:48.0329 3232 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:28:48.0329 3232 MSKSSRV - ok
21:28:48.0345 3232 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:28:48.0345 3232 MSPCLOCK - ok
21:28:48.0361 3232 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:28:48.0361 3232 MSPQM - ok
21:28:48.0392 3232 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:28:48.0392 3232 MsRPC - ok
21:28:48.0407 3232 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
21:28:48.0407 3232 mssmbios - ok
21:28:48.0454 3232 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:28:48.0454 3232 MSTEE - ok
21:28:48.0470 3232 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:28:48.0470 3232 MTConfig - ok
21:28:48.0485 3232 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:28:48.0485 3232 Mup - ok
21:28:48.0579 3232 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:28:48.0595 3232 napagent - ok
21:28:48.0641 3232 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:28:48.0641 3232 NativeWifiP - ok
21:28:48.0813 3232 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120716.002\ENG64.SYS
21:28:48.0813 3232 NAVENG - ok
21:28:48.0938 3232 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120716.002\EX64.SYS
21:28:48.0953 3232 NAVEX15 - ok
21:28:49.0125 3232 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:28:49.0141 3232 NDIS - ok
21:28:49.0172 3232 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:28:49.0172 3232 NdisCap - ok
21:28:49.0203 3232 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:28:49.0203 3232 NdisTapi - ok
21:28:49.0234 3232 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:28:49.0234 3232 Ndisuio - ok
21:28:49.0265 3232 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:28:49.0265 3232 NdisWan - ok
21:28:49.0297 3232 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:28:49.0297 3232 NDProxy - ok
21:28:49.0328 3232 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:28:49.0328 3232 NetBIOS - ok
21:28:49.0359 3232 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:28:49.0359 3232 NetBT - ok
21:28:49.0421 3232 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:28:49.0437 3232 Netlogon - ok
21:28:49.0484 3232 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:28:49.0484 3232 Netman - ok
21:28:49.0640 3232 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:49.0640 3232 NetMsmqActivator - ok
21:28:49.0640 3232 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:49.0640 3232 NetPipeActivator - ok
21:28:49.0702 3232 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:28:49.0702 3232 netprofm - ok
21:28:49.0718 3232 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:49.0733 3232 NetTcpActivator - ok
21:28:49.0733 3232 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:28:49.0733 3232 NetTcpPortSharing - ok
21:28:49.0796 3232 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:28:49.0796 3232 nfrd960 - ok
21:28:49.0952 3232 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe
21:28:49.0952 3232 NIS - ok
21:28:49.0999 3232 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:28:50.0014 3232 NlaSvc - ok
21:28:50.0045 3232 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:28:50.0045 3232 Npfs - ok
21:28:50.0061 3232 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:28:50.0061 3232 nsi - ok
21:28:50.0077 3232 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:28:50.0077 3232 nsiproxy - ok
21:28:50.0217 3232 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:28:50.0217 3232 Ntfs - ok
21:28:50.0311 3232 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:28:50.0311 3232 Null - ok
21:28:50.0357 3232 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:28:50.0373 3232 nvraid - ok
21:28:50.0389 3232 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:28:50.0389 3232 nvstor - ok
21:28:50.0451 3232 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:28:50.0451 3232 nv_agp - ok
21:28:50.0467 3232 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:28:50.0467 3232 ohci1394 - ok
21:28:50.0607 3232 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:28:50.0623 3232 ose - ok
21:28:50.0981 3232 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:28:51.0013 3232 osppsvc - ok
21:28:51.0106 3232 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:28:51.0122 3232 p2pimsvc - ok
21:28:51.0153 3232 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:28:51.0153 3232 p2psvc - ok
21:28:51.0215 3232 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:28:51.0215 3232 Parport - ok
21:28:51.0247 3232 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
21:28:51.0247 3232 partmgr - ok
21:28:51.0278 3232 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:28:51.0293 3232 PcaSvc - ok
21:28:51.0309 3232 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:28:51.0325 3232 pci - ok
21:28:51.0340 3232 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
21:28:51.0340 3232 pciide - ok
21:28:51.0356 3232 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:28:51.0371 3232 pcmcia - ok
21:28:51.0387 3232 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:28:51.0387 3232 pcw - ok
21:28:51.0418 3232 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:28:51.0434 3232 PEAUTH - ok
21:28:51.0512 3232 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:28:51.0512 3232 PerfHost - ok
21:28:51.0543 3232 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
21:28:51.0543 3232 PGEffect - ok
21:28:51.0621 3232 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:28:51.0637 3232 pla - ok
21:28:51.0730 3232 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:28:51.0730 3232 PlugPlay - ok
21:28:51.0761 3232 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:28:51.0761 3232 PNRPAutoReg - ok
21:28:51.0793 3232 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:28:51.0793 3232 PNRPsvc - ok
21:28:51.0824 3232 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:28:51.0824 3232 PolicyAgent - ok
21:28:51.0855 3232 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:28:51.0855 3232 Power - ok
21:28:51.0917 3232 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:28:51.0917 3232 PptpMiniport - ok
21:28:51.0949 3232 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:28:51.0949 3232 Processor - ok
21:28:51.0995 3232 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
21:28:51.0995 3232 ProfSvc - ok
21:28:52.0042 3232 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:28:52.0058 3232 ProtectedStorage - ok
21:28:52.0089 3232 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:28:52.0089 3232 Psched - ok
21:28:52.0120 3232 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
21:28:52.0120 3232 QIOMem - ok
21:28:52.0214 3232 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:28:52.0229 3232 ql2300 - ok
21:28:52.0339 3232 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:28:52.0339 3232 ql40xx - ok
21:28:52.0370 3232 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:28:52.0385 3232 QWAVE - ok
21:28:52.0385 3232 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:28:52.0385 3232 QWAVEdrv - ok
21:28:52.0417 3232 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:28:52.0417 3232 RasAcd - ok
21:28:52.0463 3232 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:28:52.0463 3232 RasAgileVpn - ok
21:28:52.0495 3232 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:28:52.0495 3232 RasAuto - ok
21:28:52.0526 3232 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:28:52.0541 3232 Rasl2tp - ok
21:28:52.0588 3232 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:28:52.0588 3232 RasMan - ok
21:28:52.0635 3232 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:28:52.0635 3232 RasPppoe - ok
21:28:52.0651 3232 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:28:52.0651 3232 RasSstp - ok
21:28:52.0682 3232 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:28:52.0682 3232 rdbss - ok
21:28:52.0697 3232 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:28:52.0697 3232 rdpbus - ok
21:28:52.0729 3232 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:28:52.0729 3232 RDPCDD - ok
21:28:52.0729 3232 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:28:52.0729 3232 RDPENCDD - ok
21:28:52.0760 3232 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:28:52.0760 3232 RDPREFMP - ok
21:28:52.0807 3232 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
21:28:52.0807 3232 RDPWD - ok
21:28:52.0838 3232 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:28:52.0838 3232 rdyboost - ok
21:28:52.0885 3232 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:28:52.0885 3232 RemoteAccess - ok
21:28:52.0916 3232 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:28:52.0916 3232 RemoteRegistry - ok
21:28:52.0931 3232 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:28:52.0931 3232 RpcEptMapper - ok
21:28:52.0963 3232 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:28:52.0963 3232 RpcLocator - ok
21:28:53.0009 3232 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:28:53.0009 3232 RpcSs - ok
21:28:53.0056 3232 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:28:53.0056 3232 rspndr - ok
21:28:53.0119 3232 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys
21:28:53.0119 3232 RSUSBSTOR - ok
21:28:53.0150 3232 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys
21:28:53.0150 3232 RSUSBVSTOR - ok
21:28:53.0228 3232 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
21:28:53.0243 3232 RTL8192Ce - ok
21:28:53.0290 3232 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:28:53.0290 3232 SamSs - ok
21:28:53.0399 3232 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:28:53.0399 3232 SASDIFSV - ok
21:28:53.0415 3232 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:28:53.0415 3232 SASKUTIL - ok
21:28:53.0462 3232 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:28:53.0462 3232 sbp2port - ok
21:28:53.0509 3232 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:28:53.0509 3232 SCardSvr - ok
21:28:53.0524 3232 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:28:53.0524 3232 scfilter - ok
21:28:53.0602 3232 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:28:53.0618 3232 Schedule - ok
21:28:53.0649 3232 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:28:53.0649 3232 SCPolicySvc - ok
21:28:53.0680 3232 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:28:53.0680 3232 SDRSVC - ok
21:28:53.0743 3232 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:28:53.0743 3232 secdrv - ok
21:28:53.0774 3232 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:28:53.0774 3232 seclogon - ok
21:28:53.0805 3232 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
21:28:53.0821 3232 SENS - ok
21:28:53.0821 3232 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:28:53.0836 3232 SensrSvc - ok
21:28:53.0836 3232 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:28:53.0836 3232 Serenum - ok
21:28:53.0883 3232 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:28:53.0883 3232 Serial - ok
21:28:53.0899 3232 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:28:53.0899 3232 sermouse - ok
21:28:53.0930 3232 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:28:53.0930 3232 SessionEnv - ok
21:28:53.0945 3232 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:28:53.0945 3232 sffdisk - ok
21:28:53.0961 3232 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:28:53.0961 3232 sffp_mmc - ok
21:28:53.0977 3232 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:28:53.0977 3232 sffp_sd - ok
21:28:53.0992 3232 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:28:53.0992 3232 sfloppy - ok
21:28:54.0039 3232 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:28:54.0055 3232 Sftfs - ok
21:28:54.0164 3232 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:28:54.0179 3232 sftlist - ok
21:28:54.0211 3232 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:28:54.0211 3232 Sftplay - ok
21:28:54.0226 3232 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:28:54.0226 3232 Sftredir - ok
21:28:54.0257 3232 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:28:54.0257 3232 Sftvol - ok
21:28:54.0273 3232 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:28:54.0273 3232 sftvsa - ok
21:28:54.0335 3232 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:28:54.0335 3232 SharedAccess - ok
21:28:54.0382 3232 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:28:54.0382 3232 ShellHWDetection - ok
21:28:54.0429 3232 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:28:54.0429 3232 SiSRaid2 - ok
21:28:54.0491 3232 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:28:54.0507 3232 SiSRaid4 - ok
21:28:54.0585 3232 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:28:54.0585 3232 SkypeUpdate - ok
21:28:54.0616 3232 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:28:54.0616 3232 Smb - ok
21:28:54.0741 3232 SMServer (6a06c60c6cae39a87603b03ea7dd404c) C:\windows\SysWOW64\snmvtsvc.exe
21:28:54.0741 3232 SMServer - ok
21:28:54.0803 3232 SndTAudio (a6988a93f23694a2dd7bd2a6ee23a06f) C:\windows\system32\drivers\SndTAudio.sys
21:28:54.0803 3232 SndTAudio - ok
21:28:54.0835 3232 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:28:54.0850 3232 SNMPTRAP - ok
21:28:54.0881 3232 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:28:54.0881 3232 spldr - ok
21:28:54.0913 3232 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:28:54.0928 3232 Spooler - ok
21:28:55.0084 3232 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:28:55.0115 3232 sppsvc - ok
21:28:55.0209 3232 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:28:55.0225 3232 sppuinotify - ok
21:28:55.0365 3232 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS
21:28:55.0381 3232 SRTSP - ok
21:28:55.0412 3232 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS
21:28:55.0412 3232 SRTSPX - ok
21:28:55.0474 3232 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:28:55.0474 3232 srv - ok
21:28:55.0505 3232 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:28:55.0505 3232 srv2 - ok
21:28:55.0568 3232 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
21:28:55.0583 3232 SrvHsfHDA - ok
21:28:55.0661 3232 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
21:28:55.0677 3232 SrvHsfV92 - ok
21:28:55.0817 3232 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
21:28:55.0833 3232 SrvHsfWinac - ok
21:28:55.0880 3232 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:28:55.0880 3232 srvnet - ok
21:28:55.0927 3232 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:28:55.0927 3232 SSDPSRV - ok
21:28:55.0958 3232 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:28:55.0973 3232 SstpSvc - ok
21:28:56.0020 3232 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:28:56.0020 3232 stexstor - ok
21:28:56.0098 3232 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:28:56.0098 3232 stisvc - ok
21:28:56.0129 3232 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
21:28:56.0129 3232 swenum - ok
21:28:56.0161 3232 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:28:56.0176 3232 swprv - ok
21:28:56.0301 3232 SymDS (6160145c7a87fc7672e8e3b886888176) C:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS
21:28:56.0301 3232 SymDS - ok
21:28:56.0348 3232 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS
21:28:56.0363 3232 SymEFA - ok
21:28:56.0395 3232 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
21:28:56.0395 3232 SymEvent - ok
21:28:56.0410 3232 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS
21:28:56.0410 3232 SymIRON - ok
21:28:56.0473 3232 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS
21:28:56.0473 3232 SymNetS - ok
21:28:56.0629 3232 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
21:28:56.0660 3232 SynTP - ok
21:28:56.0816 3232 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:28:56.0847 3232 SysMain - ok
21:28:56.0941 3232 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:28:56.0941 3232 TabletInputService - ok
21:28:56.0972 3232 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:28:56.0972 3232 TapiSrv - ok
21:28:56.0987 3232 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:28:56.0987 3232 TBS - ok
21:28:57.0159 3232 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
21:28:57.0175 3232 Tcpip - ok
21:28:57.0409 3232 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
21:28:57.0409 3232 TCPIP6 - ok
21:28:57.0518 3232 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:28:57.0518 3232 tcpipreg - ok
21:28:57.0565 3232 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:28:57.0565 3232 tdcmdpst - ok
21:28:57.0565 3232 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:28:57.0565 3232 TDPIPE - ok
21:28:57.0596 3232 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:28:57.0596 3232 TDTCP - ok
21:28:57.0611 3232 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:28:57.0611 3232 tdx - ok
21:28:57.0658 3232 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
21:28:57.0658 3232 TermDD - ok
21:28:57.0705 3232 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:28:57.0721 3232 TermService - ok
21:28:57.0736 3232 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:28:57.0736 3232 Themes - ok
21:28:57.0767 3232 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:28:57.0767 3232 THREADORDER - ok
21:28:57.0877 3232 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:28:57.0877 3232 TMachInfo - ok
21:28:57.0908 3232 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe
21:28:57.0908 3232 TODDSrv - ok
21:28:58.0001 3232 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
21:28:58.0017 3232 TosCoSrv - ok
21:28:58.0079 3232 TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:28:58.0079 3232 TOSHIBA eco Utility Service - ok
21:28:58.0142 3232 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:28:58.0142 3232 TOSHIBA HDD SSD Alert Service - ok
21:28:58.0220 3232 TPCHSrv (9f8410ccc72b3470c96da415be0cf423) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:28:58.0235 3232 TPCHSrv - ok
21:28:58.0329 3232 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:28:58.0345 3232 TrkWks - ok
21:28:58.0376 3232 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:28:58.0376 3232 TrustedInstaller - ok
21:28:58.0438 3232 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:28:58.0438 3232 tssecsrv - ok
21:28:58.0485 3232 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:28:58.0485 3232 TsUsbFlt - ok
21:28:58.0516 3232 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:28:58.0516 3232 TsUsbGD - ok
21:28:58.0563 3232 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:28:58.0563 3232 tunnel - ok
21:28:58.0610 3232 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:28:58.0610 3232 TVALZ - ok
21:28:58.0657 3232 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:28:58.0657 3232 TVALZFL - ok
21:28:58.0688 3232 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:28:58.0688 3232 uagp35 - ok
21:28:58.0735 3232 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:28:58.0735 3232 udfs - ok
21:28:58.0781 3232 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:28:58.0781 3232 UI0Detect - ok
21:28:58.0813 3232 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:28:58.0813 3232 uliagpkx - ok
21:28:58.0844 3232 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:28:58.0844 3232 umbus - ok
21:28:58.0875 3232 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:28:58.0875 3232 UmPass - ok
21:28:58.0922 3232 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:28:58.0937 3232 upnphost - ok
21:28:58.0969 3232 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:28:58.0984 3232 usbccgp - ok
21:28:59.0015 3232 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:28:59.0015 3232 usbcir - ok
21:28:59.0047 3232 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
21:28:59.0047 3232 usbehci - ok
21:28:59.0093 3232 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:28:59.0093 3232 usbhub - ok
21:28:59.0125 3232 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
21:28:59.0125 3232 usbohci - ok
21:28:59.0156 3232 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
21:28:59.0156 3232 usbprint - ok
21:28:59.0187 3232 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:28:59.0203 3232 USBSTOR - ok
21:28:59.0234 3232 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:28:59.0234 3232 usbuhci - ok
21:28:59.0281 3232 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:28:59.0281 3232 usbvideo - ok
21:28:59.0312 3232 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:28:59.0327 3232 UxSms - ok
21:28:59.0390 3232 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:28:59.0390 3232 VaultSvc - ok
21:28:59.0437 3232 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:28:59.0437 3232 vdrvroot - ok
21:28:59.0483 3232 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:28:59.0499 3232 vds - ok
21:28:59.0530 3232 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:28:59.0530 3232 vga - ok
21:28:59.0546 3232 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:28:59.0546 3232 VgaSave - ok
21:28:59.0577 3232 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:28:59.0577 3232 vhdmp - ok
21:28:59.0608 3232 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:28:59.0608 3232 viaide - ok
21:28:59.0639 3232 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:28:59.0639 3232 volmgr - ok
21:28:59.0671 3232 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:28:59.0671 3232 volmgrx - ok
21:28:59.0686 3232 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
21:28:59.0686 3232 volsnap - ok
21:28:59.0733 3232 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:28:59.0733 3232 vsmraid - ok
21:28:59.0827 3232 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:28:59.0842 3232 VSS - ok
21:28:59.0951 3232 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:28:59.0951 3232 vwifibus - ok
21:28:59.0967 3232 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:28:59.0967 3232 vwififlt - ok
21:29:00.0029 3232 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:29:00.0029 3232 W32Time - ok
21:29:00.0061 3232 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:29:00.0061 3232 WacomPen - ok
21:29:00.0154 3232 WajamUpdater (4aa2cc5979aff984227364f2c23b04f3) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
21:29:00.0170 3232 WajamUpdater - ok
21:29:00.0217 3232 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:29:00.0217 3232 WANARP - ok
21:29:00.0217 3232 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:29:00.0217 3232 Wanarpv6 - ok
21:29:00.0310 3232 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:29:00.0326 3232 WatAdminSvc - ok
21:29:00.0419 3232 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:29:00.0435 3232 wbengine - ok
21:29:00.0544 3232 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:29:00.0560 3232 WbioSrvc - ok
21:29:00.0591 3232 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:29:00.0607 3232 wcncsvc - ok
21:29:00.0622 3232 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:29:00.0622 3232 WcsPlugInService - ok
21:29:00.0685 3232 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:29:00.0685 3232 Wd - ok
21:29:00.0716 3232 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:29:00.0731 3232 Wdf01000 - ok
21:29:00.0763 3232 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:29:00.0763 3232 WdiServiceHost - ok
21:29:00.0763 3232 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:29:00.0763 3232 WdiSystemHost - ok
21:29:00.0794 3232 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:29:00.0809 3232 WebClient - ok
21:29:00.0825 3232 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:29:00.0841 3232 Wecsvc - ok
21:29:00.0856 3232 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:29:00.0872 3232 wercplsupport - ok
21:29:00.0919 3232 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:29:00.0919 3232 WerSvc - ok
21:29:00.0997 3232 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:29:00.0997 3232 WfpLwf - ok
21:29:01.0012 3232 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:29:01.0012 3232 WIMMount - ok
21:29:01.0075 3232 WinDefend - ok
21:29:01.0090 3232 WinHttpAutoProxySvc - ok
21:29:01.0184 3232 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:29:01.0184 3232 Winmgmt - ok
21:29:01.0309 3232 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:29:01.0324 3232 WinRM - ok
21:29:01.0465 3232 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:29:01.0480 3232 Wlansvc - ok
21:29:01.0543 3232 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:29:01.0558 3232 wlcrasvc - ok
21:29:01.0714 3232 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:29:01.0730 3232 wlidsvc - ok
21:29:01.0839 3232 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
21:29:01.0839 3232 WmiAcpi - ok
21:29:01.0917 3232 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:29:01.0917 3232 wmiApSrv - ok
21:29:01.0964 3232 WMPNetworkSvc - ok
21:29:01.0995 3232 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:29:02.0011 3232 WPCSvc - ok
21:29:02.0026 3232 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:29:02.0026 3232 WPDBusEnum - ok
21:29:02.0042 3232 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:29:02.0042 3232 ws2ifsl - ok
21:29:02.0073 3232 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
21:29:02.0073 3232 wscsvc - ok
21:29:02.0089 3232 WSearch - ok
21:29:02.0245 3232 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
21:29:02.0260 3232 wuauserv - ok
21:29:02.0369 3232 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:29:02.0369 3232 WudfPf - ok
21:29:02.0416 3232 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:29:02.0416 3232 WUDFRd - ok
21:29:02.0447 3232 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:29:02.0447 3232 wudfsvc - ok
21:29:02.0494 3232 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:29:02.0494 3232 WwanSvc - ok
21:29:02.0666 3232 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
21:29:02.0666 3232 YahooAUService - ok
21:29:02.0713 3232 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:29:02.0915 3232 \Device\Harddisk0\DR0 - ok
21:29:02.0931 3232 Boot (0x1200) (2c2072530f846acdab17b2913b6043f8) \Device\Harddisk0\DR0\Partition0
21:29:02.0931 3232 \Device\Harddisk0\DR0\Partition0 - ok
21:29:02.0931 3232 ============================================================
21:29:02.0931 3232 Scan finished
21:29:02.0931 3232 ============================================================
21:29:02.0947 0604 Detected object count: 0
21:29:02.0947 0604 Actual detected object count: 0





_________________________________________________________________________






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-05 21:29:41
-----------------------------
21:29:41.518 OS Version: Windows x64 6.1.7601 Service Pack 1
21:29:41.518 Number of processors: 4 586 0x100
21:29:41.534 ComputerName: SWINDLE-PC UserName: Swindle
21:29:42.610 Initialize success
21:40:15.997 AVAST engine defs: 12080501
21:41:00.628 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:41:00.628 Disk 0 Vendor: TOSHIBA_MK3275GSX GT001M Size: 305245MB BusType: 11
21:41:00.660 Disk 0 MBR read successfully
21:41:00.660 Disk 0 MBR scan
21:41:00.675 Disk 0 Windows VISTA default MBR code
21:41:00.691 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:41:00.706 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289943 MB offset 3074048
21:41:00.753 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 13801 MB offset 596877312
21:41:00.784 Disk 0 scanning C:\windows\system32\drivers
21:41:11.205 Service scanning
21:41:48.708 Modules scanning
21:41:48.770 Disk 0 trace - called modules:
21:41:48.801 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
21:41:48.817 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004764790]
21:41:48.832 3 CLASSPNP.SYS[fffff88001b8143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800415e060]
21:41:49.534 AVAST engine scan C:\windows
21:41:52.280 AVAST engine scan C:\windows\system32
21:44:46.485 AVAST engine scan C:\windows\system32\drivers
21:45:02.039 AVAST engine scan C:\Users\Swindle
21:53:54.639 AVAST engine scan C:\ProgramData
21:54:47.258 Scan finished successfully
21:55:23.996 Disk 0 MBR has been saved successfully to "C:\Users\Swindle\Desktop\MBR.dat"
21:55:24.012 The log file has been saved successfully to "C:\Users\Swindle\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 AM

Posted 06 August 2012 - 01:13 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Folder::
c:\users\Swindle\AppData\Local\Wajam
c:\program files (x86)\Yontoo
c:\program files (x86)\Wajam
c:\programdata\Tarma Installer
c:\program files (x86)\BitTorrentBar

FireFox::
FF - ProfilePath - c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - b026db5b000000000000e89a8f882bb6
FF - user.js: extensions.BabylonToolbar_i.hardId - b026db5b000000000000e89a8f882bb6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15502
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:42
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 142f2a2c-2c42-4ef4-a4d3-a7bb70232597
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 crazyisgood

crazyisgood
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 08 August 2012 - 10:12 PM

ComboFix 12-08-04.02 - Swindle 08/08/2012 0:07.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.2386 [GMT -7:00]
Running from: c:\users\Swindle\Desktop\ComboFix.exe
Command switches used :: c:\users\Swindle\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 07:17 . 2012-08-08 07:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 06:18 . 2012-08-04 06:18 -------- d-----w- c:\users\Swindle\AppData\Roaming\Tific
2012-08-02 05:02 . 2012-08-02 05:02 -------- d-----w- c:\users\Swindle\AppData\Local\visi_coupon
2012-08-02 04:55 . 2012-08-02 04:55 -------- d-----w- c:\program files (x86)\AVG
2012-08-02 04:34 . 2012-08-05 00:29 -------- d-----w- c:\programdata\MFAData
2012-08-02 04:34 . 2012-08-02 04:34 -------- d--h--w- c:\programdata\Common Files
2012-08-02 03:28 . 2012-08-02 03:28 -------- d-----w- c:\users\Swindle\AppData\Roaming\SUPERAntiSpyware.com
2012-08-02 03:27 . 2012-08-02 03:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-02 03:27 . 2012-08-02 03:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-02 01:50 . 2012-08-02 01:50 -------- d-----w- c:\users\Swindle\AppData\Roaming\Malwarebytes
2012-08-02 01:50 . 2012-08-02 01:50 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 01:50 . 2012-08-02 01:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-02 01:50 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-30 18:30 . 2012-07-30 18:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 07:33 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F49F0120-9D83-4CA2-9155-E84DA49AB944}\mpengine.dll
2012-07-12 08:17 . 2012-06-02 12:03 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-07-11 10:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:19 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:19 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:19 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:19 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:19 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:19 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 07:19 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 07:19 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 07:19 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-11 07:02 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:02 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:02 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 07:02 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 07:02 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:02 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 07:00 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 07:24 . 2012-06-12 05:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 07:24 . 2012-06-12 05:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-11 10:01 . 2012-06-17 08:04 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-16 10:20 . 2012-06-16 10:20 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-16 10:20 . 2012-06-16 10:20 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-16 10:20 . 2012-06-16 10:20 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-16 10:20 . 2012-06-16 10:20 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-16 10:20 . 2012-06-16 10:20 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-16 10:20 . 2012-06-16 10:20 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-16 10:20 . 2012-06-16 10:20 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-16 10:20 . 2012-06-16 10:20 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-16 10:20 . 2012-06-16 10:20 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-16 10:20 . 2012-06-16 10:20 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-16 10:20 . 2012-06-16 10:20 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-16 10:20 . 2012-06-16 10:20 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-16 10:20 . 2012-06-16 10:20 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-16 10:20 . 2012-06-16 10:20 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-16 10:20 . 2012-06-16 10:20 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-16 10:20 . 2012-06-16 10:20 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-16 10:20 . 2012-06-16 10:20 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-16 10:20 . 2012-06-16 10:20 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-16 10:20 . 2012-06-16 10:20 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-16 10:20 . 2012-06-16 10:20 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-16 10:20 . 2012-06-16 10:20 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-16 10:20 . 2012-06-16 10:20 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-16 10:20 . 2012-06-16 10:20 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-16 10:20 . 2012-06-16 10:20 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-16 10:20 . 2012-06-16 10:20 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-16 10:20 . 2012-06-16 10:20 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-16 10:20 . 2012-06-16 10:20 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-16 10:20 . 2012-06-16 10:20 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-16 10:20 . 2012-06-16 10:20 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-16 10:20 . 2012-06-16 10:20 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-16 10:20 . 2012-06-16 10:20 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-16 10:20 . 2012-06-16 10:20 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-16 10:20 . 2012-06-16 10:20 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-16 10:20 . 2012-06-16 10:20 448512 ----a-w- c:\windows\system32\html.iec
2012-06-16 10:20 . 2012-06-16 10:20 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-16 10:20 . 2012-06-16 10:20 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-16 10:20 . 2012-06-16 10:20 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-16 10:20 . 2012-06-16 10:20 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-16 10:20 . 2012-06-16 10:20 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-16 10:20 . 2012-06-16 10:20 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-16 10:20 . 2012-06-16 10:20 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-16 10:20 . 2012-06-16 10:20 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-16 10:20 . 2012-06-16 10:20 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-16 10:20 . 2012-06-16 10:20 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-16 10:20 . 2012-06-16 10:20 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-16 10:20 . 2012-06-16 10:20 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-16 10:20 . 2012-06-16 10:20 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-16 10:20 . 2012-06-16 10:20 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-16 10:20 . 2012-06-16 10:20 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-16 10:20 . 2012-06-16 10:20 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-16 10:20 . 2012-06-16 10:20 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-16 10:20 . 2012-06-16 10:20 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-11 21:24 . 2012-06-11 02:33 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-11 02:56 . 2010-06-24 18:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-22 22:25 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 22:25 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 22:25 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 22:25 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 22:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-22 22:25 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 22:25 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 22:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-22 22:25 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-01 22:55 . 2012-06-17 18:15 34088 ----a-w- c:\windows\system32\SndTAudio.sys
2012-06-01 22:55 . 2012-06-17 18:15 34088 ----a-w- c:\windows\system32\drivers\SndTAudio.sys
2012-06-01 22:20 . 2012-06-17 18:15 260608 ----a-w- c:\windows\SysWow64\snmvtsvc.exe
2012-05-31 22:38 . 2012-06-17 18:15 252928 ----a-w- c:\windows\SysWow64\GSService.exe
2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_00.45.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-08 04:33 47410 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-08 04:33 39424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-11 08:08 . 2012-08-08 04:33 11822 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3634668433-1100717550-1851469280-1000_UserData.bin
- 2012-06-11 02:45 . 2012-08-03 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-11 02:45 . 2012-08-08 05:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-11 02:45 . 2012-08-08 05:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-06-11 02:45 . 2012-08-03 07:24 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-08 05:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 07:24 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-05 00:44 . 2012-08-05 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 07:18 . 2012-08-08 07:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 07:18 . 2012-08-08 07:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-05 00:44 . 2012-08-05 00:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-02 19:57 . 2012-08-06 04:19 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-02 19:57 . 2012-08-04 09:51 131072 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-12 08:02 . 2012-08-07 08:13 222276 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-04 05:52 660762 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-07 09:55 660762 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-04 05:52 121400 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-07 09:55 121400 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-05 00:34 277180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-08 07:17 277180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-08-04 09:51 2686976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-06 04:19 2686976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-11 01:59 . 2012-08-08 07:17 1689312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-06-11 01:59 . 2012-08-05 00:34 1689312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-06-17 08:07 . 2012-08-07 02:12 3515808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3634668433-1100717550-1851469280-1000-4096.dat
- 2012-06-17 08:07 . 2012-08-04 19:27 3515808 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3634668433-1100717550-1851469280-1000-4096.dat
- 2009-07-14 04:54 . 2012-08-04 09:51 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-06 04:19 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-06-11 08:04 . 2012-08-08 07:17 34270448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3634668433-1100717550-1851469280-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
c:\program files (x86)\BitTorrentBar\prxtbBitT.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-06-11 39408]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 GSService;GSService;c:\windows\SysWOW64\GSService.exe [2012-05-31 252928]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]
R3 SMServer;SMServer;c:\windows\SysWOW64\snmvtsvc.exe [2012-06-01 260608]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-15 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [2011-01-27 450680]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [2011-03-15 912504]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120715.001\IDSvia64.sys [2012-06-14 509088]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [2011-01-27 171128]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [2011-04-21 386168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 204288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [2011-04-17 130008]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-21 9256960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 300544]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-11 138912]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2012-06-01 34088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 07:24]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 02:35]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-11 02:35]
.
2012-08-06 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5791ec23-824e-4316-a3fc-c943882d7548.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2012-08-07 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task ca026ce7-e9e8-4a54-af77-8ef2f6c14df4.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/g/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\Swindle\AppData\Roaming\Mozilla\Firefox\Profiles\2omtemlr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-08-08 00:47:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 07:46
ComboFix2.txt 2012-08-07 02:44
ComboFix3.txt 2012-08-05 00:51
.
Pre-Run: 3,208,024,064 bytes free
Post-Run: 3,136,729,088 bytes free
.
- - End Of File - - 1252F28D83DDE7A0DA006DD19EEDA673




It runs a program called Winzipupdater as an illegal opreration

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 AM

Posted 08 August 2012 - 10:31 PM

Hello

restart the computer to remove that error

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 crazyisgood

crazyisgood
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 10 August 2012 - 01:42 AM

1Step DVD Copy 3.3.8
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AMD VISION Engine Control Center
Any Video Converter 3.3.9
AnyMedia Player 3.3.8
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Babylon toolbar on IE
BabylonObjectInstaller
Best Buy pc app
BitTorrent
BitTorrentBar Toolbar
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Disk Burner 3.3.8
DVDFab 8.1.8.5 (24/05/2012) Qt
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java™ 6 Update 20
Java™ 7 Update 4
JavaFX 2.1.0
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MiniTool Power Data Recovery
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NavNet
Norton Internet Security
OpenOffice.org 3.4
PlayReady PC Runtime x86
RadioGet 3.3.8
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
RipTiger 3.3.8
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.10
SoundTaxi 4.3.8
SoundTaxi Media Suite 4.3.8
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
TuneGet 3.3.8
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.2
Wajam
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.2
WinZip Driver Updater
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 AM

Posted 10 August 2012 - 02:13 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Babylon toolbar on IE
BabylonObjectInstaller
BitTorrent
BitTorrentBar Toolbar
Java™ 6 Update 20
Java™ 7 Update 4
JavaFX 2.1.0
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 AM

Posted 14 August 2012 - 12:21 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 crazyisgood

crazyisgood
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:00 AM

Posted 15 August 2012 - 02:56 AM

I have not had the time to get on my computer and try to finish up the fixing of it just wanting this to stay open so hopefully Friday I can take care of things.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:00 AM

Posted 15 August 2012 - 09:11 AM

no problem and see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users