Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.Zeroaccess & Antivirus software continually finds Maljava!gen23 files in Temp folder


  • This topic is locked This topic is locked
23 replies to this topic

#1 oyo07

oyo07

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 06 August 2012 - 01:53 AM

Hi,

My PC seems to be infected with Trojan.Zeroaccess.

Fist I removed the folders,
c:\windows\installer\{random numbers} and
%userprofile%\AppData\Local\{random numbers}
which contained the infected files first. Then I restored the system using the point before infection.

Next day my antivirus software detected the files generated in Temp folder infected with Zeroaccess and Maljava!gen23.

I screwed up and I ran combofix, expecting it to fix the problem.
(Sorry I should have not to do this without any supervision or knowledge.)

DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by fremont71 at 21:59:26 on 2012-08-05
Microsoft Windows 7 Professional 6.1.7601.1.932.81.1041.18.1911.953 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Panasonic\PNotif\PNotif.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\EtmService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Panasonic\PPlanEx\opdoffsv.exe
C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Panasonic\Selsussv\selsussv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Panasonic\NSelect2\nsvsvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMECMNT.EXE
C:\Program Files\Panasonic\PPlanEx\PPlanEx.exe
C:\Program Files\Panasonic\WSwitch\WSwitch.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Panasonic\PPlanEx\ChgBmode.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://panasonic.biz/pc/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
mRun: [PPlanEx] c:\program files\panasonic\pplanex\PPlanEx.exe
mRun: [WSwitch] c:\program files\panasonic\wswitch\WSwitch.exe
mRun: [PCinfo] c:\program files\panasonic\pcinfo\PcInfoUt.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IME14 JPN Setup] c:\progra~1\common~1\micros~1\ime14\shared\IMEKLMG.EXE /SetPreload /JPN /Log
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [Panasonic Hotkey Manager] c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{73BDB0F8-B97E-4888-B734-54D35FA8BFE6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E507F980-09BD-4304-BEF3-2E10999E6AEA}\45F677E65607C6163656F57457563747 : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
TCP: Interfaces\{E507F980-09BD-4304-BEF3-2E10999E6AEA}\64A41405 : DhcpNameServer = 216.98.98.4 216.98.98.20
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fremont71.fm\appdata\roaming\mozilla\firefox\profiles\7h1kq1yj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.jp/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13128.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\keyring\plugin\npkrplugin-1.1.0.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\fremont71.fm\appdata\roaming\mozilla\firefox\profiles\7h1kq1yj.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ETMService;Intel® Dynamic Power Performance Model Service Application;c:\windows\system32\EtmService.exe [2010-3-29 207384]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\common files\microsoft shared\ime14\shared\IMEDICTUPDATE.EXE [2010-10-20 59760]
R2 nsvsvc;Panasonic NetSelector2 Service;c:\program files\panasonic\nselect2\nsvsvc.exe [2010-3-29 146240]
R2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\panasonic\pplanex\opdoffsv.exe [2010-3-29 1389440]
R2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\panasonic\pcinfo\PcInfoPi.exe [2010-3-29 46912]
R2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\panasonic\pcinfo\PCInfoSV.exe [2010-3-29 243072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SELSUSSV;Panasonic USB Selective Suspend Manager;c:\program files\panasonic\selsussv\selsussv.exe [2010-3-29 76672]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-23 1831024]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2010-3-29 208552]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-5 106656]
R3 EtmDevDram;EtmDevDram;c:\windows\system32\drivers\EtmDevDram.sys [2010-3-29 56832]
R3 EtmDevGen;EtmDevGen;c:\windows\system32\drivers\EtmDevGen.sys [2010-3-29 46080]
R3 EtmDevMcp;EtmDevMcp;c:\windows\system32\drivers\EtmDevMcp.sys [2010-3-29 78336]
R3 EtmDevPch;EtmDevPch;c:\windows\system32\drivers\EtmDevPch.sys [2010-3-29 51200]
R3 EtmDrvMgr;EtmDrvMgr;c:\windows\system32\drivers\EtmDrvMgr.sys [2010-3-29 120320]
R3 EtmFan;EtmFan;c:\windows\system32\drivers\EtmDevFan.sys [2010-3-29 27136]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-3-29 132352]
R3 IntcDAud;Intel® Audio Display;c:\windows\system32\drivers\IntcDAud.sys [2010-3-29 232448]
R3 NETw5s32;Windows 7 32 bit Intel® Wireless WiFi Link adapter driver;c:\windows\system32\drivers\NETw5s32.sys [2010-3-29 6755840]
R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2010-3-29 53376]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\drivers\stdriver32.sys [2012-2-7 52312]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2012-6-29 245760]
S3 mircap;mircap;c:\windows\system32\drivers\mircap.sys [2009-9-16 3712]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]
S3 mtpaudio;Panasonic Projector Audio Device Driver;c:\windows\system32\drivers\mtpaudio.sys [2009-9-16 12672]
S3 mtvpbus;Panasonic Projector Virtual Bus Enumerator;c:\windows\system32\drivers\mtvpbus.sys [2009-9-16 12032]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-9-14 1124848]
S3 seccap;seccap;c:\windows\system32\drivers\seccap.sys [2009-9-16 4608]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-5-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-2 1343400]
S3 WSDPrintDevice;WSD printing support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2012-08-04 12:04:22 -------- d-----w- C:\FRST
2012-08-03 18:43:24 -------- d-----w- c:\users\fremont71.fm\appdata\local\Apps
2012-08-02 23:28:04 -------- d-----w- c:\users\fremont71.fm\appdata\roaming\SPE
2012-08-02 05:39:43 -------- d-sh--w- c:\users\fremont71.fm\appdata\local\{eafc3248-12d4-a3af-f193-d0ac3ba32f08}
2012-08-01 07:08:16 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-29 10:00:07 -------- d-----w- c:\users\fremont71.fm\appdata\local\temp
2012-07-28 11:56:52 -------- d-----w- c:\program files\CCleaner
2012-07-28 11:54:15 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-23 10:29:37 -------- d-----w- c:\users\fremont71.fm\appdata\roaming\FixZeroAccess
2012-07-15 22:51:23 -------- d-----w- c:\users\fremont71.fm\appdata\roaming\FXTS2
2012-07-15 22:51:17 -------- dc-h--w- c:\users\fremont71.fm\appdata\local\{39A97D54-103E-4F93-ABAD-1966847E2500}
2012-07-11 18:02:59 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:20:03 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:20:02 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:20:01 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:19:56 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:19:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:19:37 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:19:30 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:19:29 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:19:10 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 07:19:09 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 07:18:45 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2012-07-11 07:18:45 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2012-07-11 07:18:45 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2012-07-11 07:18:44 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
2012-07-11 07:18:43 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
.
==================== Find3M ====================
.
2012-08-04 05:58:02 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-28 11:53:45 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-21 17:56:57 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-21 17:49:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: Hitachi_ rev.PB2O -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x8383D000]<< >>UNKNOWN [0x89800000]<< >>UNKNOWN [0x89A00000]<< >>UNKNOWN [0x892B8000]<< >>UNKNOWN [0x83806000]<< >>UNKNOWN [0x89420000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8387455A] -> \Device\Harddisk0\DR0[0x8821D7C8]
\Driver\Disk[0x859D1180] -> IRP_MJ_CREATE -> 0x8980439F
3 [0x8980459E] -> ntkrnlpa!IofCallDriver[0x8387455A] -> [0x866A5F08]
\Driver\ACPI[0x859655A8] -> IRP_MJ_CREATE -> 0x892C14CC
5 [0x892C13D4] -> ntkrnlpa!IofCallDriver[0x8387455A] -> \Device\Ide\IAAStorageDevice-0[0x86730028]
\Driver\iaStor[0x866EBF38] -> IRP_MJ_CREATE -> 0x89446C54
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:00:31.52 ===============


I asked for help at another community and I have just used FRST to scan my PC, but no more help.

I would be most grateful if ANY HELP to REMOVE MALWARES would be given.

Now my PC seems to work correctly except that I can't change desktop icon configuration
and that the infected files are continually generated in Temp folder.

Thanks,

oyo07

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 08 August 2012 - 08:15 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 oyo07

oyo07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 08 August 2012 - 05:45 PM

Thank you, Gringo!

I had a trouble saving the security check program to the desktop first; the pop-up
said that you cannot access to the desktop, which is weird. I tried it again then no warning
and ComboFix could also be saved to the desktop without problem.

Meanwhile the infected files (.tmp files) have been generated in temp folder continuously
after I connected my PC to the internet to download the two program files.

I did security check and ran ComboFix, while the infected files have been being generated.
(I disconnect my PC from the internet and disabled Symantec Endpoint Protection before ComboFix)

After running ComboFix, the configuration of the icons on the desktop was restored.
The Firefox icon came back in the task bar which I removed after the infection.
I ran Firefox then another icon appeared in the task bar, which is an abnormal behavior and
the reason I removed it from the task bar before.

I reconnect my PC to the internet and enabled Symantec Endpoint Protection.
Then Endpoint Protection started detecting the infected files in temp folder again and
they have been generated continuously for a while. (Now it stopped)

Here is the security check log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Symantec Endpoint Protection
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.15 Flash Player out of Date!
Mozilla Firefox (14.0.1)
Mozilla Thunderbird (3.1.9) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


Here is the ComboFix log:

ComboFix 12-08-08.01 - fremont71 2012/08/08 12:23:32.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.932.81.1041.18.1911.768 [GMT -7:00]
Running from: c:\users\fremont71.FM\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-04 12:04 . 2012-08-04 12:04 -------- d-----w- C:\FRST
2012-08-03 18:43 . 2012-08-03 18:43 -------- d-----w- c:\users\fremont71.FM\AppData\Local\Apps
2012-08-02 23:28 . 2012-08-02 23:28 -------- d-----w- c:\users\fremont71.FM\AppData\Roaming\SPE
2012-08-01 17:30 . 2012-08-01 17:30 -------- d-----w- c:\users\Yutaka Terao\AppData\Local\Babylon
2012-08-01 17:30 . 2012-08-01 17:30 -------- d-----w- c:\users\Yutaka Terao\AppData\Roaming\Apple Computer
2012-08-01 17:30 . 2012-08-01 17:30 -------- d-----w- c:\users\Yutaka Terao\AppData\Local\Apple Computer
2012-07-29 10:00 . 2012-08-08 19:29 -------- d-----w- c:\users\fremont71.FM\AppData\Local\temp
2012-07-28 11:56 . 2012-07-28 11:56 -------- d-----w- c:\program files\CCleaner
2012-07-28 11:54 . 2012-07-28 11:54 -------- d-----w- c:\program files\Common Files\Java
2012-07-28 11:54 . 2012-07-28 11:53 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-11 18:02 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:20 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:20 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:20 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:19 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:19 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:19 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:19 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:19 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:19 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 07:19 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 07:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 07:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 07:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 07:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 07:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 20:03 . 2010-09-21 23:26 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-28 11:53 . 2010-11-02 23:44 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-21 17:56 . 2012-06-16 08:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-21 17:49 . 2012-06-20 07:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:19 . 2012-06-08 22:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-08 23:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 22:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 22:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 22:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 22:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 22:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 22:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-08 22:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-30 22:01 . 2012-05-30 22:01 509952 ----a-r- c:\users\fremont71.FM\AppData\Roaming\Microsoft\Installer\{961C4E1E-A1E3-404F-B5D4-56C3ED000200}\ico.exe
2012-07-18 17:37 . 2011-03-23 17:22 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPlanEx"="c:\program files\Panasonic\PPlanEx\PPlanEx.exe" [2010-03-18 590208]
"WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2010-02-09 1143680]
"PCinfo"="c:\program files\Panasonic\pcinfo\PcInfoUt.exe" [2009-07-02 99136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-17 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-17 168472]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2009-07-16 161088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"IME14 JPN Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232]
"Panasonic Hotkey Manager"="c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2009-08-10 1064768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-15 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp14.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 23:43 2621440 ----a-r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 17:26 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 23:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 21:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-15 19:36 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 mircap;mircap;c:\windows\system32\DRIVERS\mircap.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 mtpaudio;Panasonic Projector Audio Device Driver;c:\windows\system32\DRIVERS\mtpaudio.sys [x]
R3 mtvpbus;Panasonic Projector Virtual Bus Enumerator;c:\windows\system32\DRIVERS\mtvpbus.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 PJDrv;PJDrv;c:\program files\Panasonic\Wireless Manager ME5.5\PJDrv.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 seccap;seccap;c:\windows\system32\DRIVERS\seccap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD printing support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ETMService;Intel® Dynamic Power Performance Model Service Application;c:\windows\system32\EtmService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]
S2 nsvsvc;Panasonic NetSelector2 Service;c:\program files\Panasonic\NSelect2\nsvsvc.exe [x]
S2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\Panasonic\PPlanEx\opdoffsv.exe [x]
S2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [x]
S2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SELSUSSV;Panasonic USB Selective Suspend Manager;c:\program files\Panasonic\Selsussv\selsussv.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EtmDevDram;EtmDevDram;c:\windows\system32\DRIVERS\EtmDevDram.sys [x]
S3 EtmDevGen;EtmDevGen;c:\windows\system32\DRIVERS\EtmDevGen.sys [x]
S3 EtmDevMcp;EtmDevMcp;c:\windows\system32\DRIVERS\EtmDevMcp.sys [x]
S3 EtmDevPch;EtmDevPch;c:\windows\system32\DRIVERS\EtmDevPch.sys [x]
S3 EtmDrvMgr;EtmDrvMgr;c:\windows\system32\DRIVERS\EtmDrvMgr.sys [x]
S3 EtmFan;EtmFan;c:\windows\system32\DRIVERS\EtmDevFan.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® audio for display;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s32;Windows 7 32 bit Intel® Wireless WiFi Link adopter driver;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NewMisc;Panasonic Misc Driver;c:\windows\system32\DRIVERS\newmisc.sys [x]
S3 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://panasonic.biz/pc/
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: DhcpNameServer = 128.111.1.1 128.111.1.2
FF - ProfilePath - c:\users\fremont71.FM\AppData\Roaming\Mozilla\Firefox\Profiles\7h1kq1yj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.jp/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-{494367EC-82A9-4C0D-A788-74A967998E8C} - c:\users\fremont71.FM\AppData\Local\{39A97D54-103E-4F93-ABAD-1966847E2500}\TS2Install.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3544177900-3989621451-674115747-1322\Software\Microsoft\Office\14.0\Common\Open Find\Microsoft PowerPoint\Settings\ニ0・゙0~0_0o0ニ0・゙0 *ノ0ュ0・・・ネ0n0x裾b]
"ClientGUID"=hex:ea,86,dd,ce,de,d6,3e,4c,85,97,2d,db,b1,ec,d4,64
.
[HKEY_USERS\S-1-5-21-3544177900-3989621451-674115747-1322\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*「0・ヨ0・S*E*O*\OpenWithList]
@Class="Shell"
"a"="realplay.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3544177900-3989621451-674115747-1322\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*「0・ヨ0・S*E*O*\OpenWithProgids]
"アメブロSEO_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-3544177900-3989621451-674115747-1322_Classes\「0・ヨ0・S*E*O*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\program files\\real\\realplayer\\realplay.exe\" \"%1\""
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-08 12:32:56
ComboFix-quarantined-files.txt 2012-08-08 19:32
.
Pre-Run: 141,947,424,768 bites available
Post-Run: 141,770,846,208 bites available
.
- - End Of File - - 0146D8E4EA4DCDA17ABAA58F31CDB793

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 08 August 2012 - 05:52 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 oyo07

oyo07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 08 August 2012 - 08:26 PM

Thank you for quick response.

I ran TDSSkiller and it seems that there was nothing detected.

Here is the TDSSkiller log:

17:07:31.0931 1316 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:07:32.0508 1316 ============================================================
17:07:32.0508 1316 Current date / time: 2012/08/08 17:07:32.0508
17:07:32.0508 1316 SystemInfo:
17:07:32.0508 1316
17:07:32.0508 1316 OS Version: 6.1.7601 ServicePack: 1.0
17:07:32.0508 1316 Product type: Workstation
17:07:32.0508 1316 ComputerName: YUTAKATERAO
17:07:32.0508 1316 UserName: fremont71
17:07:32.0508 1316 Windows directory: C:\Windows
17:07:32.0508 1316 System windows directory: C:\Windows
17:07:32.0508 1316 Processor architecture: Intel x86
17:07:32.0508 1316 Number of processors: 4
17:07:32.0508 1316 Page size: 0x1000
17:07:32.0508 1316 Boot type: Normal boot
17:07:32.0508 1316 ============================================================
17:07:33.0475 1316 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:07:33.0491 1316 ============================================================
17:07:33.0491 1316 \Device\Harddisk0\DR0:
17:07:33.0491 1316 MBR partitions:
17:07:33.0491 1316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1806800, BlocksNum 0x1B9BE970
17:07:33.0491 1316 ============================================================
17:07:33.0506 1316 C: <-> \Device\Harddisk0\DR0\Partition0
17:07:33.0506 1316 ============================================================
17:07:33.0506 1316 Initialize success
17:07:33.0506 1316 ============================================================
17:08:17.0685 4148 ============================================================
17:08:17.0685 4148 Scan started
17:08:17.0685 4148 Mode: Manual;
17:08:17.0685 4148 ============================================================
17:08:20.0010 4148 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
17:08:20.0041 4148 1394ohci - ok
17:08:20.0166 4148 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
17:08:20.0181 4148 ACPI - ok
17:08:20.0291 4148 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
17:08:20.0322 4148 AcpiPmi - ok
17:08:20.0649 4148 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
17:08:20.0790 4148 adp94xx - ok
17:08:21.0071 4148 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
17:08:21.0211 4148 adpahci - ok
17:08:21.0289 4148 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
17:08:21.0429 4148 adpu320 - ok
17:08:21.0492 4148 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
17:08:21.0492 4148 AeLookupSvc - ok
17:08:21.0741 4148 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
17:08:21.0757 4148 AFD - ok
17:08:21.0804 4148 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
17:08:21.0929 4148 agp440 - ok
17:08:21.0991 4148 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
17:08:22.0069 4148 aic78xx - ok
17:08:22.0147 4148 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
17:08:22.0147 4148 ALG - ok
17:08:22.0209 4148 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
17:08:22.0256 4148 aliide - ok
17:08:22.0256 4148 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
17:08:22.0287 4148 amdagp - ok
17:08:22.0303 4148 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
17:08:22.0350 4148 amdide - ok
17:08:22.0365 4148 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
17:08:22.0381 4148 AmdK8 - ok
17:08:22.0381 4148 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
17:08:22.0397 4148 AmdPPM - ok
17:08:22.0428 4148 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
17:08:22.0490 4148 amdsata - ok
17:08:22.0537 4148 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
17:08:22.0615 4148 amdsbs - ok
17:08:22.0646 4148 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
17:08:22.0646 4148 amdxata - ok
17:08:22.0709 4148 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
17:08:22.0709 4148 AppID - ok
17:08:22.0740 4148 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
17:08:22.0740 4148 AppIDSvc - ok
17:08:22.0787 4148 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
17:08:22.0787 4148 Appinfo - ok
17:08:22.0927 4148 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:08:22.0943 4148 Apple Mobile Device - ok
17:08:23.0005 4148 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
17:08:23.0021 4148 AppMgmt - ok
17:08:23.0067 4148 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
17:08:23.0114 4148 arc - ok
17:08:23.0130 4148 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
17:08:23.0145 4148 arcsas - ok
17:08:23.0177 4148 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
17:08:23.0192 4148 AsyncMac - ok
17:08:23.0239 4148 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
17:08:23.0239 4148 atapi - ok
17:08:23.0317 4148 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:08:23.0333 4148 AudioEndpointBuilder - ok
17:08:23.0348 4148 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
17:08:23.0348 4148 Audiosrv - ok
17:08:23.0411 4148 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
17:08:23.0426 4148 AxInstSV - ok
17:08:23.0504 4148 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
17:08:23.0520 4148 b06bdrv - ok
17:08:23.0582 4148 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
17:08:23.0598 4148 b57nd60x - ok
17:08:23.0645 4148 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
17:08:23.0660 4148 BDESVC - ok
17:08:23.0691 4148 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
17:08:23.0691 4148 Beep - ok
17:08:23.0785 4148 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
17:08:23.0816 4148 BFE - ok
17:08:23.0910 4148 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
17:08:23.0941 4148 BITS - ok
17:08:23.0988 4148 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
17:08:23.0988 4148 blbdrive - ok
17:08:24.0159 4148 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
17:08:24.0159 4148 Bonjour Service - ok
17:08:24.0206 4148 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
17:08:24.0222 4148 bowser - ok
17:08:24.0237 4148 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:08:24.0269 4148 BrFiltLo - ok
17:08:24.0284 4148 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:08:24.0284 4148 BrFiltUp - ok
17:08:24.0362 4148 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
17:08:24.0378 4148 BridgeMP - ok
17:08:24.0425 4148 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
17:08:24.0440 4148 Browser - ok
17:08:24.0487 4148 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
17:08:24.0659 4148 Brserid - ok
17:08:24.0674 4148 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
17:08:24.0690 4148 BrSerWdm - ok
17:08:24.0721 4148 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:08:24.0737 4148 BrUsbMdm - ok
17:08:24.0737 4148 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
17:08:24.0752 4148 BrUsbSer - ok
17:08:24.0861 4148 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
17:08:24.0861 4148 BrYNSvc - ok
17:08:24.0908 4148 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
17:08:24.0924 4148 BTHMODEM - ok
17:08:24.0955 4148 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
17:08:24.0971 4148 bthserv - ok
17:08:25.0095 4148 catchme - ok
17:08:25.0205 4148 ccEvtMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:08:25.0205 4148 ccEvtMgr - ok
17:08:25.0205 4148 ccSetMgr (260a069f403da226d18c058ad14fd3a3) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
17:08:25.0205 4148 ccSetMgr - ok
17:08:25.0251 4148 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
17:08:25.0267 4148 cdfs - ok
17:08:25.0329 4148 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
17:08:25.0392 4148 cdrom - ok
17:08:25.0454 4148 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:08:25.0579 4148 CertPropSvc - ok
17:08:25.0610 4148 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
17:08:25.0626 4148 circlass - ok
17:08:25.0673 4148 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
17:08:25.0688 4148 CLFS - ok
17:08:25.0782 4148 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:08:25.0860 4148 clr_optimization_v2.0.50727_32 - ok
17:08:25.0953 4148 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:08:25.0969 4148 clr_optimization_v4.0.30319_32 - ok
17:08:26.0016 4148 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
17:08:26.0016 4148 CmBatt - ok
17:08:26.0047 4148 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
17:08:26.0047 4148 cmdide - ok
17:08:26.0125 4148 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
17:08:26.0125 4148 CNG - ok
17:08:26.0203 4148 CnxtHdAudService (dbfbcfdb894291029443cd4a9a5f9cb3) C:\Windows\system32\drivers\CHDRT32.sys
17:08:26.0203 4148 CnxtHdAudService - ok
17:08:26.0250 4148 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
17:08:26.0250 4148 Compbatt - ok
17:08:26.0281 4148 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
17:08:26.0281 4148 CompositeBus - ok
17:08:26.0297 4148 COMSysApp - ok
17:08:26.0343 4148 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
17:08:26.0375 4148 crcdisk - ok
17:08:26.0437 4148 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
17:08:26.0453 4148 CryptSvc - ok
17:08:26.0531 4148 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
17:08:26.0546 4148 CSC - ok
17:08:26.0609 4148 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
17:08:26.0609 4148 CscService - ok
17:08:26.0640 4148 dc3d (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys
17:08:26.0640 4148 dc3d - ok
17:08:26.0718 4148 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
17:08:26.0733 4148 DcomLaunch - ok
17:08:26.0765 4148 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
17:08:26.0780 4148 defragsvc - ok
17:08:26.0811 4148 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
17:08:26.0811 4148 DfsC - ok
17:08:26.0889 4148 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
17:08:26.0905 4148 Dhcp - ok
17:08:26.0936 4148 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
17:08:26.0936 4148 discache - ok
17:08:26.0983 4148 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
17:08:26.0983 4148 Disk - ok
17:08:27.0045 4148 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
17:08:27.0061 4148 Dnscache - ok
17:08:27.0108 4148 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
17:08:27.0123 4148 dot3svc - ok
17:08:27.0170 4148 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
17:08:27.0186 4148 DPS - ok
17:08:27.0217 4148 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
17:08:27.0389 4148 drmkaud - ok
17:08:27.0451 4148 dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
17:08:27.0451 4148 dsNcAdpt - ok
17:08:27.0638 4148 dsNcService (586855d6fd2bd978723b502306d6ec78) C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
17:08:27.0638 4148 dsNcService - ok
17:08:27.0732 4148 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
17:08:27.0747 4148 DXGKrnl - ok
17:08:27.0810 4148 e1kexpress (bfd58de8912eab4f9995a8add08bc51c) C:\Windows\system32\DRIVERS\e1k6232.sys
17:08:27.0810 4148 e1kexpress - ok
17:08:27.0857 4148 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
17:08:27.0872 4148 EapHost - ok
17:08:28.0122 4148 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
17:08:28.0184 4148 ebdrv - ok
17:08:28.0340 4148 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
17:08:28.0356 4148 eeCtrl - ok
17:08:28.0512 4148 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
17:08:28.0512 4148 EFS - ok
17:08:28.0621 4148 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
17:08:28.0621 4148 ehRecvr - ok
17:08:28.0668 4148 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
17:08:28.0668 4148 ehSched - ok
17:08:28.0777 4148 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
17:08:28.0808 4148 elxstor - ok
17:08:28.0949 4148 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
17:08:28.0949 4148 EraserUtilRebootDrv - ok
17:08:28.0995 4148 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
17:08:29.0011 4148 ErrDev - ok
17:08:29.0089 4148 EtmDevDram (e058aeb15338fab263cd9f4bb0bf397d) C:\Windows\system32\DRIVERS\EtmDevDram.sys
17:08:29.0089 4148 EtmDevDram - ok
17:08:29.0120 4148 EtmDevGen (616dcf92a65fa1066b06d502d012a99c) C:\Windows\system32\DRIVERS\EtmDevGen.sys
17:08:29.0120 4148 EtmDevGen - ok
17:08:29.0136 4148 EtmDevMcp (f5bb9f4001c36a73dbda21623ce1aa30) C:\Windows\system32\DRIVERS\EtmDevMcp.sys
17:08:29.0136 4148 EtmDevMcp - ok
17:08:29.0151 4148 EtmDevPch (a1e74ea9234b628579d2385bae01fadf) C:\Windows\system32\DRIVERS\EtmDevPch.sys
17:08:29.0151 4148 EtmDevPch - ok
17:08:29.0183 4148 EtmDrvMgr (01d93d8fcc5cc81db446a61b8ab0b771) C:\Windows\system32\DRIVERS\EtmDrvMgr.sys
17:08:29.0183 4148 EtmDrvMgr - ok
17:08:29.0214 4148 EtmFan (50a1f0f6555c099716188d2f3e6c3a60) C:\Windows\system32\DRIVERS\EtmDevFan.sys
17:08:29.0214 4148 EtmFan - ok
17:08:29.0245 4148 ETMService (4a142fbe9e3f951ae3fe2a6b0a16db75) C:\Windows\system32\EtmService.exe
17:08:29.0261 4148 ETMService - ok
17:08:29.0307 4148 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
17:08:29.0323 4148 EventSystem - ok
17:08:29.0463 4148 EvtEng (a839258e58cf58f05de1799ffc7f2634) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:08:29.0479 4148 EvtEng - ok
17:08:29.0541 4148 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
17:08:29.0557 4148 exfat - ok
17:08:29.0604 4148 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
17:08:29.0604 4148 fastfat - ok
17:08:29.0697 4148 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
17:08:29.0697 4148 Fax - ok
17:08:29.0760 4148 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
17:08:29.0775 4148 fdc - ok
17:08:29.0807 4148 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
17:08:29.0822 4148 fdPHost - ok
17:08:29.0853 4148 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
17:08:29.0853 4148 FDResPub - ok
17:08:29.0900 4148 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
17:08:29.0900 4148 FileInfo - ok
17:08:29.0916 4148 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
17:08:29.0931 4148 Filetrace - ok
17:08:29.0978 4148 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
17:08:30.0087 4148 flpydisk - ok
17:08:30.0150 4148 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
17:08:30.0150 4148 FltMgr - ok
17:08:30.0243 4148 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
17:08:30.0275 4148 FontCache - ok
17:08:30.0368 4148 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:08:30.0431 4148 FontCache3.0.0.0 - ok
17:08:30.0462 4148 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
17:08:30.0462 4148 FsDepends - ok
17:08:30.0509 4148 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
17:08:30.0509 4148 Fs_Rec - ok
17:08:30.0571 4148 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
17:08:30.0571 4148 fvevol - ok
17:08:30.0633 4148 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:08:30.0680 4148 gagp30kx - ok
17:08:30.0696 4148 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:08:30.0711 4148 GEARAspiWDM - ok
17:08:30.0805 4148 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
17:08:30.0805 4148 gpsvc - ok
17:08:30.0821 4148 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
17:08:30.0836 4148 hcw85cir - ok
17:08:30.0914 4148 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
17:08:30.0945 4148 HdAudAddService - ok
17:08:30.0977 4148 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
17:08:30.0977 4148 HDAudBus - ok
17:08:31.0039 4148 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
17:08:31.0133 4148 HECI - ok
17:08:31.0148 4148 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
17:08:31.0164 4148 HidBatt - ok
17:08:31.0164 4148 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
17:08:31.0179 4148 HidBth - ok
17:08:31.0211 4148 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
17:08:31.0211 4148 HidIr - ok
17:08:31.0257 4148 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
17:08:31.0257 4148 hidserv - ok
17:08:31.0304 4148 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
17:08:31.0304 4148 HidUsb - ok
17:08:31.0335 4148 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
17:08:31.0335 4148 hkmsvc - ok
17:08:31.0413 4148 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
17:08:31.0413 4148 HomeGroupListener - ok
17:08:31.0460 4148 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
17:08:31.0491 4148 HomeGroupProvider - ok
17:08:31.0538 4148 HOTKEY (6b4ab2e6911dcc1fc7813889c1377d77) C:\Windows\system32\DRIVERS\hotkey.sys
17:08:31.0538 4148 HOTKEY - ok
17:08:31.0585 4148 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
17:08:31.0585 4148 HpSAMD - ok
17:08:31.0710 4148 HsfXAudioService (210388fd8225b02bd83d77628aae64a9) C:\Windows\system32\XAudio32.dll
17:08:31.0741 4148 HsfXAudioService - ok
17:08:31.0866 4148 HSF_DPV (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
17:08:31.0881 4148 HSF_DPV - ok
17:08:31.0913 4148 HSXHWAZL (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
17:08:31.0913 4148 HSXHWAZL - ok
17:08:32.0006 4148 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
17:08:32.0006 4148 HTTP - ok
17:08:32.0053 4148 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
17:08:32.0053 4148 hwpolicy - ok
17:08:32.0115 4148 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
17:08:32.0131 4148 i8042prt - ok
17:08:32.0193 4148 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\Windows\system32\DRIVERS\iaStor.sys
17:08:32.0193 4148 iaStor - ok
17:08:32.0256 4148 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
17:08:32.0381 4148 iaStorV - ok
17:08:32.0552 4148 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:08:32.0661 4148 idsvc - ok
17:08:33.0270 4148 igfx (9ccb5e4766c1a13425fd10bcecc64a33) C:\Windows\system32\DRIVERS\igdkmd32.sys
17:08:33.0395 4148 igfx - ok
17:08:33.0582 4148 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
17:08:33.0629 4148 iirsp - ok
17:08:33.0722 4148 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
17:08:33.0738 4148 IKEEXT - ok
17:08:33.0863 4148 ImeDictUpdateService (91ab587f7ea44b0deb0522f71ad7b2dc) C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
17:08:33.0863 4148 ImeDictUpdateService - ok
17:08:33.0894 4148 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\Windows\system32\DRIVERS\Impcd.sys
17:08:33.0894 4148 Impcd - ok
17:08:33.0941 4148 IntcDAud (4ea6b57a3b71fd1a208af054e97fba37) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:08:33.0941 4148 IntcDAud - ok
17:08:34.0003 4148 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
17:08:34.0034 4148 intelide - ok
17:08:34.0097 4148 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
17:08:34.0097 4148 intelppm - ok
17:08:34.0143 4148 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
17:08:34.0206 4148 IPBusEnum - ok
17:08:34.0221 4148 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:08:34.0237 4148 IpFilterDriver - ok
17:08:34.0331 4148 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
17:08:34.0377 4148 iphlpsvc - ok
17:08:34.0409 4148 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
17:08:34.0409 4148 IPMIDRV - ok
17:08:34.0455 4148 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
17:08:34.0471 4148 IPNAT - ok
17:08:34.0643 4148 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
17:08:34.0658 4148 iPod Service - ok
17:08:34.0674 4148 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
17:08:34.0689 4148 IRENUM - ok
17:08:34.0721 4148 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
17:08:34.0736 4148 isapnp - ok
17:08:34.0783 4148 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
17:08:34.0861 4148 iScsiPrt - ok
17:08:34.0970 4148 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
17:08:34.0986 4148 IviRegMgr - ok
17:08:35.0033 4148 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
17:08:35.0033 4148 kbdclass - ok
17:08:35.0079 4148 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
17:08:35.0079 4148 kbdhid - ok
17:08:35.0126 4148 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:08:35.0126 4148 KeyIso - ok
17:08:35.0173 4148 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
17:08:35.0189 4148 KSecDD - ok
17:08:35.0235 4148 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
17:08:35.0235 4148 KSecPkg - ok
17:08:35.0282 4148 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
17:08:35.0313 4148 KtmRm - ok
17:08:35.0391 4148 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
17:08:35.0407 4148 LanmanServer - ok
17:08:35.0454 4148 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
17:08:35.0469 4148 LanmanWorkstation - ok
17:08:35.0797 4148 LiveUpdate (6105b28f5d03c4affa7197b228768849) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
17:08:35.0844 4148 LiveUpdate - ok
17:08:36.0015 4148 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
17:08:36.0015 4148 lltdio - ok
17:08:36.0078 4148 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
17:08:36.0093 4148 lltdsvc - ok
17:08:36.0109 4148 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
17:08:36.0125 4148 lmhosts - ok
17:08:36.0281 4148 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:08:36.0312 4148 LSI_FC - ok
17:08:36.0327 4148 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:08:36.0343 4148 LSI_SAS - ok
17:08:36.0359 4148 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:08:36.0374 4148 LSI_SAS2 - ok
17:08:36.0390 4148 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:08:36.0421 4148 LSI_SCSI - ok
17:08:36.0468 4148 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
17:08:36.0468 4148 luafv - ok
17:08:36.0515 4148 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
17:08:36.0530 4148 Mcx2Svc - ok
17:08:36.0546 4148 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
17:08:36.0546 4148 mdmxsdk - ok
17:08:36.0577 4148 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
17:08:36.0593 4148 megasas - ok
17:08:36.0671 4148 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
17:08:36.0717 4148 MegaSR - ok
17:08:36.0733 4148 mircap (66db8c672d59410f285f2bc735b54b97) C:\Windows\system32\DRIVERS\mircap.sys
17:08:36.0733 4148 mircap - ok
17:08:36.0764 4148 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:08:36.0764 4148 MMCSS - ok
17:08:36.0795 4148 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
17:08:36.0795 4148 Modem - ok
17:08:36.0827 4148 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
17:08:36.0827 4148 monitor - ok
17:08:36.0889 4148 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
17:08:36.0889 4148 mouclass - ok
17:08:36.0920 4148 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
17:08:36.0920 4148 mouhid - ok
17:08:36.0967 4148 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
17:08:36.0967 4148 mountmgr - ok
17:08:37.0123 4148 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:08:37.0123 4148 MozillaMaintenance - ok
17:08:37.0185 4148 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
17:08:37.0201 4148 mpio - ok
17:08:37.0248 4148 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
17:08:37.0248 4148 mpsdrv - ok
17:08:37.0326 4148 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
17:08:37.0341 4148 MpsSvc - ok
17:08:37.0388 4148 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
17:08:37.0404 4148 MRxDAV - ok
17:08:37.0451 4148 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:08:37.0451 4148 mrxsmb - ok
17:08:37.0497 4148 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:08:37.0513 4148 mrxsmb10 - ok
17:08:37.0529 4148 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:08:37.0529 4148 mrxsmb20 - ok
17:08:37.0575 4148 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
17:08:37.0591 4148 msahci - ok
17:08:37.0794 4148 MSCamSvc (b03e3f64b70f8031e65eb26da23de91a) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
17:08:37.0794 4148 MSCamSvc - ok
17:08:37.0841 4148 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
17:08:37.0856 4148 msdsm - ok
17:08:37.0903 4148 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
17:08:37.0950 4148 MSDTC - ok
17:08:37.0997 4148 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
17:08:37.0997 4148 Msfs - ok
17:08:37.0997 4148 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
17:08:37.0997 4148 mshidkmdf - ok
17:08:38.0059 4148 MSHUSBVideo (7a0f9cbdbdb135113b9a3c138e20c85d) C:\Windows\system32\Drivers\nx6000.sys
17:08:38.0090 4148 MSHUSBVideo - ok
17:08:38.0137 4148 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
17:08:38.0137 4148 msisadrv - ok
17:08:38.0184 4148 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
17:08:38.0199 4148 MSiSCSI - ok
17:08:38.0199 4148 msiserver - ok
17:08:38.0246 4148 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
17:08:38.0246 4148 MSKSSRV - ok
17:08:38.0262 4148 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
17:08:38.0277 4148 MSPCLOCK - ok
17:08:38.0277 4148 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
17:08:38.0277 4148 MSPQM - ok
17:08:38.0309 4148 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
17:08:38.0324 4148 MsRPC - ok
17:08:38.0355 4148 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
17:08:38.0355 4148 mssmbios - ok
17:08:38.0371 4148 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
17:08:38.0371 4148 MSTEE - ok
17:08:38.0465 4148 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
17:08:38.0480 4148 MTConfig - ok
17:08:38.0511 4148 mtpaudio (ab844b78fdef498d567fbe13df3efbe8) C:\Windows\system32\DRIVERS\mtpaudio.sys
17:08:38.0527 4148 mtpaudio - ok
17:08:38.0527 4148 mtvpbus (2c30b57bf81f687b8fce3b8d92bba67c) C:\Windows\system32\DRIVERS\mtvpbus.sys
17:08:38.0527 4148 mtvpbus - ok
17:08:38.0558 4148 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
17:08:38.0558 4148 Mup - ok
17:08:38.0621 4148 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
17:08:38.0636 4148 napagent - ok
17:08:38.0683 4148 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
17:08:38.0699 4148 NativeWifiP - ok
17:08:38.0839 4148 NAVENG (f11033730b38260b6892e837c457fb4b) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120808.004\NAVENG.SYS
17:08:38.0839 4148 NAVENG - ok
17:08:39.0026 4148 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120808.004\NAVEX15.SYS
17:08:39.0057 4148 NAVEX15 - ok
17:08:39.0276 4148 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
17:08:39.0291 4148 NDIS - ok
17:08:39.0338 4148 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
17:08:39.0354 4148 NdisCap - ok
17:08:39.0385 4148 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
17:08:39.0385 4148 NdisTapi - ok
17:08:39.0416 4148 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
17:08:39.0416 4148 Ndisuio - ok
17:08:39.0463 4148 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
17:08:39.0463 4148 NdisWan - ok
17:08:39.0510 4148 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
17:08:39.0510 4148 NDProxy - ok
17:08:39.0541 4148 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
17:08:39.0541 4148 NetBIOS - ok
17:08:39.0603 4148 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
17:08:39.0603 4148 NetBT - ok
17:08:39.0635 4148 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:08:39.0650 4148 Netlogon - ok
17:08:39.0713 4148 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
17:08:39.0728 4148 Netman - ok
17:08:39.0775 4148 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
17:08:39.0791 4148 netprofm - ok
17:08:39.0884 4148 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:08:39.0900 4148 NetTcpPortSharing - ok
17:08:40.0524 4148 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
17:08:40.0649 4148 NETw5s32 - ok
17:08:40.0851 4148 NewMisc (b952ab6a360d723c0f4c60f5ce014340) C:\Windows\system32\DRIVERS\newmisc.sys
17:08:40.0867 4148 NewMisc - ok
17:08:40.0898 4148 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
17:08:40.0914 4148 nfrd960 - ok
17:08:40.0976 4148 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
17:08:40.0992 4148 NlaSvc - ok
17:08:41.0039 4148 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
17:08:41.0039 4148 Npfs - ok
17:08:41.0070 4148 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
17:08:41.0070 4148 nsi - ok
17:08:41.0085 4148 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
17:08:41.0085 4148 nsiproxy - ok
17:08:41.0179 4148 nsvsvc (be6cef5cffae4cad0b65ce8efc5f0b4d) C:\Program Files\Panasonic\NSelect2\nsvsvc.exe
17:08:41.0179 4148 nsvsvc - ok
17:08:41.0319 4148 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
17:08:41.0351 4148 Ntfs - ok
17:08:41.0507 4148 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
17:08:41.0507 4148 Null - ok
17:08:41.0553 4148 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
17:08:41.0585 4148 nvraid - ok
17:08:41.0600 4148 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
17:08:41.0631 4148 nvstor - ok
17:08:41.0631 4148 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
17:08:41.0663 4148 nv_agp - ok
17:08:41.0709 4148 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
17:08:41.0709 4148 ohci1394 - ok
17:08:41.0881 4148 OPDOFFSV (8e9b01a3733c2c643228780f661826c6) C:\Program Files\Panasonic\PPlanEx\opdoffsv.exe
17:08:41.0897 4148 OPDOFFSV - ok
17:08:41.0975 4148 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:08:41.0975 4148 ose - ok
17:08:42.0411 4148 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:08:42.0427 4148 osppsvc - ok
17:08:42.0583 4148 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:08:42.0599 4148 p2pimsvc - ok
17:08:42.0645 4148 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
17:08:42.0661 4148 p2psvc - ok
17:08:42.0723 4148 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
17:08:42.0723 4148 Parport - ok
17:08:42.0755 4148 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
17:08:42.0755 4148 partmgr - ok
17:08:42.0786 4148 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
17:08:42.0801 4148 Parvdm - ok
17:08:42.0848 4148 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
17:08:42.0864 4148 PcaSvc - ok
17:08:42.0926 4148 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
17:08:42.0926 4148 pci - ok
17:08:42.0942 4148 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
17:08:42.0957 4148 pciide - ok
17:08:43.0035 4148 PcInfoPi (153e076b5340935ef068488014ff68da) C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe
17:08:43.0035 4148 PcInfoPi - ok
17:08:43.0082 4148 PcInfoSV (79f3122a0b2a72c0f1cc6b09b37ab452) C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe
17:08:43.0082 4148 PcInfoSV - ok
17:08:43.0113 4148 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
17:08:43.0129 4148 pcmcia - ok
17:08:43.0145 4148 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
17:08:43.0145 4148 pcw - ok
17:08:43.0223 4148 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
17:08:43.0223 4148 PEAUTH - ok
17:08:43.0332 4148 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
17:08:43.0363 4148 PeerDistSvc - ok
17:08:43.0425 4148 PJDrv - ok
17:08:43.0597 4148 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
17:08:43.0628 4148 pla - ok
17:08:43.0784 4148 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
17:08:43.0800 4148 PlugPlay - ok
17:08:43.0831 4148 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
17:08:43.0831 4148 PNRPAutoReg - ok
17:08:43.0862 4148 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
17:08:43.0862 4148 PNRPsvc - ok
17:08:43.0940 4148 Point32 (60a044879c4fa76314494f5fddc43b93) C:\Windows\system32\DRIVERS\point32.sys
17:08:43.0940 4148 Point32 - ok
17:08:44.0003 4148 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
17:08:44.0018 4148 PolicyAgent - ok
17:08:44.0065 4148 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
17:08:44.0081 4148 Power - ok
17:08:44.0127 4148 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
17:08:44.0127 4148 PptpMiniport - ok
17:08:44.0159 4148 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
17:08:44.0174 4148 Processor - ok
17:08:44.0252 4148 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
17:08:44.0268 4148 ProfSvc - ok
17:08:44.0315 4148 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:08:44.0315 4148 ProtectedStorage - ok
17:08:44.0361 4148 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
17:08:44.0361 4148 Psched - ok
17:08:44.0424 4148 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
17:08:44.0424 4148 PxHelp20 - ok
17:08:44.0564 4148 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
17:08:44.0627 4148 ql2300 - ok
17:08:44.0798 4148 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
17:08:44.0892 4148 ql40xx - ok
17:08:44.0939 4148 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
17:08:44.0954 4148 QWAVE - ok
17:08:44.0985 4148 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
17:08:44.0985 4148 QWAVEdrv - ok
17:08:45.0017 4148 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
17:08:45.0032 4148 RasAcd - ok
17:08:45.0079 4148 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:08:45.0079 4148 RasAgileVpn - ok
17:08:45.0126 4148 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
17:08:45.0126 4148 RasAuto - ok
17:08:45.0157 4148 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:08:45.0157 4148 Rasl2tp - ok
17:08:45.0219 4148 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
17:08:45.0251 4148 RasMan - ok
17:08:45.0297 4148 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
17:08:45.0297 4148 RasPppoe - ok
17:08:45.0329 4148 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
17:08:45.0344 4148 RasSstp - ok
17:08:45.0375 4148 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
17:08:45.0391 4148 rdbss - ok
17:08:45.0407 4148 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
17:08:45.0407 4148 rdpbus - ok
17:08:45.0438 4148 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:08:45.0438 4148 RDPCDD - ok
17:08:45.0485 4148 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
17:08:45.0500 4148 RDPDR - ok
17:08:45.0516 4148 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
17:08:45.0516 4148 RDPENCDD - ok
17:08:45.0547 4148 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
17:08:45.0547 4148 RDPREFMP - ok
17:08:45.0594 4148 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
17:08:45.0609 4148 RDPWD - ok
17:08:45.0672 4148 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
17:08:45.0672 4148 rdyboost - ok
17:08:45.0734 4148 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
17:08:45.0750 4148 regi - ok
17:08:45.0890 4148 RegSrvc (7382bc560c92710210352941f4086d44) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:08:45.0890 4148 RegSrvc - ok
17:08:45.0937 4148 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
17:08:45.0953 4148 RemoteAccess - ok
17:08:45.0984 4148 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
17:08:45.0984 4148 RemoteRegistry - ok
17:08:46.0155 4148 RoxMediaDB10 (45aafa0591c2565f6c893445ba73f0c7) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
17:08:46.0187 4148 RoxMediaDB10 - ok
17:08:46.0358 4148 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
17:08:46.0374 4148 RpcEptMapper - ok
17:08:46.0405 4148 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
17:08:46.0405 4148 RpcLocator - ok
17:08:46.0467 4148 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\System32\rpcss.dll
17:08:46.0467 4148 RpcSs - ok
17:08:46.0561 4148 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
17:08:46.0561 4148 rspndr - ok
17:08:46.0608 4148 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
17:08:46.0623 4148 s3cap - ok
17:08:46.0670 4148 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:08:46.0670 4148 SamSs - ok
17:08:46.0717 4148 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
17:08:46.0733 4148 sbp2port - ok
17:08:46.0795 4148 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
17:08:46.0795 4148 SCardSvr - ok
17:08:46.0826 4148 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
17:08:46.0826 4148 scfilter - ok
17:08:46.0935 4148 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
17:08:46.0951 4148 Schedule - ok
17:08:46.0998 4148 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
17:08:46.0998 4148 SCPolicySvc - ok
17:08:47.0060 4148 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
17:08:47.0060 4148 sdbus - ok
17:08:47.0107 4148 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
17:08:47.0107 4148 SDRSVC - ok
17:08:47.0169 4148 seccap (346abccf144888d181089bdaacb519fb) C:\Windows\system32\DRIVERS\seccap.sys
17:08:47.0216 4148 seccap - ok
17:08:47.0247 4148 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
17:08:47.0247 4148 secdrv - ok
17:08:47.0279 4148 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
17:08:47.0294 4148 seclogon - ok
17:08:47.0372 4148 SELSUSSV (0731a0dcbc215a8d65696de7577db265) C:\Program Files\Panasonic\Selsussv\selsussv.exe
17:08:47.0372 4148 SELSUSSV - ok
17:08:47.0403 4148 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
17:08:47.0403 4148 SENS - ok
17:08:47.0419 4148 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
17:08:47.0419 4148 SensrSvc - ok
17:08:47.0450 4148 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
17:08:47.0450 4148 Serenum - ok
17:08:47.0497 4148 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
17:08:47.0513 4148 Serial - ok
17:08:47.0559 4148 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
17:08:47.0575 4148 sermouse - ok
17:08:47.0637 4148 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
17:08:47.0653 4148 SessionEnv - ok
17:08:47.0684 4148 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
17:08:47.0700 4148 sffdisk - ok
17:08:47.0731 4148 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
17:08:47.0731 4148 sffp_mmc - ok
17:08:47.0747 4148 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:08:47.0762 4148 sffp_sd - ok
17:08:47.0762 4148 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
17:08:47.0778 4148 sfloppy - ok
17:08:47.0840 4148 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
17:08:47.0840 4148 SharedAccess - ok
17:08:47.0918 4148 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
17:08:47.0934 4148 ShellHWDetection - ok
17:08:47.0965 4148 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
17:08:47.0981 4148 sisagp - ok
17:08:48.0012 4148 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:08:48.0027 4148 SiSRaid2 - ok
17:08:48.0027 4148 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
17:08:48.0059 4148 SiSRaid4 - ok
17:08:48.0168 4148 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
17:08:48.0183 4148 SkypeUpdate - ok
17:08:48.0215 4148 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
17:08:48.0230 4148 Smb - ok
17:08:48.0449 4148 SmcService (0dc94380be7d36ae241029c72807692e) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
17:08:48.0480 4148 SmcService - ok
17:08:48.0542 4148 SNAC (65e1ebf379856b677979802c8d5bcd87) C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
17:08:48.0558 4148 SNAC - ok
17:08:48.0698 4148 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
17:08:48.0714 4148 SNMPTRAP - ok
17:08:48.0839 4148 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
17:08:48.0854 4148 SPBBCDrv - ok
17:08:48.0917 4148 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
17:08:48.0917 4148 spldr - ok
17:08:48.0979 4148 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
17:08:48.0979 4148 Spooler - ok
17:08:49.0291 4148 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
17:08:49.0338 4148 sppsvc - ok
17:08:49.0509 4148 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
17:08:49.0509 4148 sppuinotify - ok
17:08:49.0587 4148 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\Windows\system32\Drivers\SRTSP.SYS
17:08:49.0603 4148 SRTSP - ok
17:08:49.0650 4148 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\Windows\system32\Drivers\SRTSPL.SYS
17:08:49.0650 4148 SRTSPL - ok
17:08:49.0665 4148 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\Windows\system32\Drivers\SRTSPX.SYS
17:08:49.0665 4148 SRTSPX - ok
17:08:49.0743 4148 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
17:08:49.0743 4148 srv - ok
17:08:49.0790 4148 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
17:08:49.0790 4148 srv2 - ok
17:08:49.0821 4148 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
17:08:49.0821 4148 srvnet - ok
17:08:49.0853 4148 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
17:08:49.0868 4148 SSDPSRV - ok
17:08:49.0899 4148 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
17:08:49.0899 4148 SstpSvc - ok
17:08:49.0931 4148 stdriver - ok
17:08:49.0962 4148 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
17:08:49.0977 4148 stexstor - ok
17:08:50.0009 4148 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
17:08:50.0009 4148 StillCam - ok
17:08:50.0102 4148 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
17:08:50.0211 4148 StiSvc - ok
17:08:50.0289 4148 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
17:08:50.0289 4148 storflt - ok
17:08:50.0321 4148 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
17:08:50.0321 4148 StorSvc - ok
17:08:50.0367 4148 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
17:08:50.0399 4148 storvsc - ok
17:08:50.0430 4148 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
17:08:50.0430 4148 swenum - ok
17:08:50.0477 4148 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
17:08:50.0477 4148 swprv - ok
17:08:50.0726 4148 Symantec AntiVirus (f3a4ead0b3946e439f0397f7a4d09952) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
17:08:50.0742 4148 Symantec AntiVirus - ok
17:08:50.0945 4148 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\Windows\system32\Drivers\SYMEVENT.SYS
17:08:50.0976 4148 SymEvent - ok
17:08:51.0007 4148 SYMREDRV (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS
17:08:51.0007 4148 SYMREDRV - ok
17:08:51.0038 4148 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS
17:08:51.0038 4148 SYMTDI - ok
17:08:51.0101 4148 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\Windows\system32\DRIVERS\SynTP.sys
17:08:51.0116 4148 SynTP - ok
17:08:51.0241 4148 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
17:08:51.0272 4148 SysMain - ok
17:08:51.0350 4148 SysPlant (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\Windows\SYSTEM32\Drivers\SysPlant.sys
17:08:51.0397 4148 SysPlant - ok
17:08:51.0444 4148 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
17:08:51.0444 4148 TabletInputService - ok
17:08:51.0491 4148 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
17:08:51.0522 4148 TapiSrv - ok
17:08:51.0553 4148 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
17:08:51.0553 4148 TBS - ok
17:08:51.0693 4148 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
17:08:51.0709 4148 Tcpip - ok
17:08:51.0990 4148 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
17:08:52.0005 4148 TCPIP6 - ok
17:08:52.0177 4148 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
17:08:52.0177 4148 tcpipreg - ok
17:08:52.0224 4148 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
17:08:52.0239 4148 TDPIPE - ok
17:08:52.0271 4148 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
17:08:52.0271 4148 TDTCP - ok
17:08:52.0317 4148 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
17:08:52.0317 4148 tdx - ok
17:08:52.0380 4148 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\Windows\system32\DRIVERS\teefer2.sys
17:08:52.0380 4148 Teefer2 - ok
17:08:52.0411 4148 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
17:08:52.0411 4148 TermDD - ok
17:08:52.0489 4148 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
17:08:52.0520 4148 TermService - ok
17:08:52.0567 4148 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
17:08:52.0583 4148 Themes - ok
17:08:52.0629 4148 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
17:08:52.0629 4148 THREADORDER - ok
17:08:52.0645 4148 toshidpt (85b6ff02491b6db3572b4f93e56cab7c) C:\Windows\system32\drivers\Toshidpt.sys
17:08:52.0661 4148 toshidpt - ok
17:08:52.0661 4148 tosporte (90afa1a4451bbbee87c9f18a665d8121) C:\Windows\system32\DRIVERS\tosporte.sys
17:08:52.0692 4148 tosporte - ok
17:08:52.0739 4148 tosrfbd (51d7f024a66814f8bee33e4be394a03e) C:\Windows\system32\DRIVERS\tosrfbd.sys
17:08:52.0770 4148 tosrfbd - ok
17:08:52.0785 4148 Tosrfcom (1ad9eb1b5abd0aeee4084c8153476f1e) C:\Windows\system32\Drivers\tosrfcom.sys
17:08:52.0801 4148 Tosrfcom - ok
17:08:52.0832 4148 Tosrfhid (a72a3473180f378cc07d342803ffd580) C:\Windows\system32\DRIVERS\Tosrfhid.sys
17:08:52.0848 4148 Tosrfhid - ok
17:08:52.0863 4148 Tosrfusb (18dfbb06907c169bb54f6960b9f95367) C:\Windows\system32\DRIVERS\tosrfusb.sys
17:08:52.0879 4148 Tosrfusb - ok
17:08:52.0910 4148 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
17:08:52.0910 4148 TPM - ok
17:08:52.0957 4148 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
17:08:52.0957 4148 TrkWks - ok
17:08:53.0035 4148 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
17:08:53.0035 4148 TrustedInstaller - ok
17:08:53.0051 4148 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:08:53.0051 4148 tssecsrv - ok
17:08:53.0113 4148 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
17:08:53.0113 4148 TsUsbFlt - ok
17:08:53.0175 4148 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
17:08:53.0191 4148 tunnel - ok
17:08:53.0207 4148 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
17:08:53.0222 4148 uagp35 - ok
17:08:53.0285 4148 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
17:08:53.0300 4148 udfs - ok
17:08:53.0347 4148 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
17:08:53.0347 4148 UI0Detect - ok
17:08:53.0363 4148 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
17:08:53.0378 4148 uliagpkx - ok
17:08:53.0409 4148 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
17:08:53.0409 4148 umbus - ok
17:08:53.0441 4148 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
17:08:53.0456 4148 UmPass - ok
17:08:53.0503 4148 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
17:08:53.0519 4148 UmRdpService - ok
17:08:53.0581 4148 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
17:08:53.0581 4148 upnphost - ok
17:08:53.0628 4148 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
17:08:53.0643 4148 USBAAPL - ok
17:08:53.0706 4148 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
17:08:53.0721 4148 usbaudio - ok
17:08:53.0753 4148 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
17:08:53.0768 4148 usbccgp - ok
17:08:53.0768 4148 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
17:08:53.0784 4148 usbcir - ok
17:08:53.0815 4148 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
17:08:53.0815 4148 usbehci - ok
17:08:53.0862 4148 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
17:08:53.0862 4148 usbhub - ok
17:08:53.0877 4148 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
17:08:53.0877 4148 usbohci - ok
17:08:53.0909 4148 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
17:08:53.0909 4148 usbprint - ok
17:08:53.0940 4148 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:08:53.0940 4148 USBSTOR - ok
17:08:53.0971 4148 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
17:08:54.0002 4148 usbuhci - ok
17:08:54.0033 4148 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
17:08:54.0049 4148 usbvideo - ok
17:08:54.0080 4148 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
17:08:54.0096 4148 UxSms - ok
17:08:54.0127 4148 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
17:08:54.0127 4148 VaultSvc - ok
17:08:54.0158 4148 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
17:08:54.0158 4148 vdrvroot - ok
17:08:54.0221 4148 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
17:08:54.0236 4148 vds - ok
17:08:54.0267 4148 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
17:08:54.0267 4148 vga - ok
17:08:54.0283 4148 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
17:08:54.0283 4148 VgaSave - ok
17:08:54.0330 4148 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
17:08:54.0330 4148 vhdmp - ok
17:08:54.0392 4148 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
17:08:54.0408 4148 viaagp - ok
17:08:54.0408 4148 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
17:08:54.0423 4148 ViaC7 - ok
17:08:54.0423 4148 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
17:08:54.0470 4148 viaide - ok
17:08:54.0501 4148 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
17:08:54.0517 4148 vmbus - ok
17:08:54.0517 4148 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
17:08:54.0533 4148 VMBusHID - ok
17:08:54.0548 4148 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
17:08:54.0548 4148 volmgr - ok
17:08:54.0595 4148 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
17:08:54.0611 4148 volmgrx - ok
17:08:54.0657 4148 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
17:08:54.0673 4148 volsnap - ok
17:08:54.0704 4148 vpcbus (b26536add1d748cda104d856c979ae79) C:\Windows\system32\DRIVERS\vpchbus.sys
17:08:54.0704 4148 vpcbus - ok
17:08:54.0767 4148 vpcnfltr (a0f7e923a6261760130f22b85df9040e) C:\Windows\system32\DRIVERS\vpcnfltr.sys
17:08:54.0767 4148 vpcnfltr - ok
17:08:54.0798 4148 vpcusb (5f4b55e91ce7e2523c9e1e0ece858869) C:\Windows\system32\DRIVERS\vpcusb.sys
17:08:54.0798 4148 vpcusb - ok
17:08:54.0860 4148 vpcvmm (b487191fe18d6863381a1ac55482469a) C:\Windows\system32\drivers\vpcvmm.sys
17:08:54.0860 4148 vpcvmm - ok
17:08:54.0923 4148 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
17:08:54.0954 4148 vsmraid - ok
17:08:55.0079 4148 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
17:08:55.0094 4148 VSS - ok
17:08:55.0157 4148 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
17:08:55.0172 4148 vwifibus - ok
17:08:55.0188 4148 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
17:08:55.0188 4148 vwififlt - ok
17:08:55.0219 4148 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
17:08:55.0219 4148 vwifimp - ok
17:08:55.0297 4148 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
17:08:55.0297 4148 W32Time - ok
17:08:55.0344 4148 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
17:08:55.0359 4148 WacomPen - ok
17:08:55.0422 4148 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:08:55.0422 4148 WANARP - ok
17:08:55.0422 4148 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
17:08:55.0437 4148 Wanarpv6 - ok
17:08:55.0609 4148 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
17:08:55.0687 4148 WatAdminSvc - ok
17:08:55.0937 4148 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
17:08:55.0968 4148 wbengine - ok
17:08:55.0999 4148 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
17:08:55.0999 4148 WbioSrvc - ok
17:08:56.0061 4148 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
17:08:56.0061 4148 wcncsvc - ok
17:08:56.0093 4148 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
17:08:56.0093 4148 WcsPlugInService - ok
17:08:56.0171 4148 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
17:08:56.0202 4148 Wd - ok
17:08:56.0264 4148 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
17:08:56.0280 4148 Wdf01000 - ok
17:08:56.0311 4148 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:08:56.0311 4148 WdiServiceHost - ok
17:08:56.0311 4148 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
17:08:56.0327 4148 WdiSystemHost - ok
17:08:56.0373 4148 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
17:08:56.0389 4148 WebClient - ok
17:08:56.0405 4148 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
17:08:56.0405 4148 Wecsvc - ok
17:08:56.0420 4148 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
17:08:56.0529 4148 wercplsupport - ok
17:08:56.0592 4148 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
17:08:56.0592 4148 WerSvc - ok
17:08:56.0623 4148 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
17:08:56.0623 4148 WfpLwf - ok
17:08:56.0654 4148 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
17:08:56.0685 4148 WIMMount - ok
17:08:56.0779 4148 winachsf (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
17:08:56.0795 4148 winachsf - ok
17:08:56.0919 4148 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
17:08:56.0919 4148 WinDefend - ok
17:08:56.0935 4148 WinHttpAutoProxySvc - ok
17:08:57.0107 4148 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
17:08:57.0138 4148 Winmgmt - ok
17:08:57.0278 4148 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
17:08:57.0294 4148 WinRM - ok
17:08:57.0403 4148 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
17:08:57.0419 4148 WinUsb - ok
17:08:57.0512 4148 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
17:08:57.0543 4148 Wlansvc - ok
17:08:57.0809 4148 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:08:57.0824 4148 wlidsvc - ok
17:08:57.0965 4148 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
17:08:57.0980 4148 WmiAcpi - ok
17:08:58.0043 4148 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
17:08:58.0043 4148 wmiApSrv - ok
17:08:58.0214 4148 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
17:08:58.0230 4148 WMPNetworkSvc - ok
17:08:58.0355 4148 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
17:08:58.0370 4148 WPCSvc - ok
17:08:58.0417 4148 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
17:08:58.0417 4148 WPDBusEnum - ok
17:08:58.0495 4148 WPS (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\Windows\system32\drivers\wpsdrvnt.sys
17:08:58.0495 4148 WPS - ok
17:08:58.0526 4148 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\Windows\system32\drivers\WpsHelper.sys
17:08:58.0526 4148 WpsHelper - ok
17:08:58.0557 4148 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
17:08:58.0557 4148 ws2ifsl - ok
17:08:58.0589 4148 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
17:08:58.0604 4148 wscsvc - ok
17:08:58.0635 4148 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
17:08:58.0635 4148 WSDPrintDevice - ok
17:08:58.0635 4148 WSearch - ok
17:08:58.0838 4148 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
17:08:58.0869 4148 wuauserv - ok
17:08:59.0041 4148 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
17:08:59.0041 4148 WudfPf - ok
17:08:59.0088 4148 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:08:59.0103 4148 WUDFRd - ok
17:08:59.0135 4148 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
17:08:59.0150 4148 wudfsvc - ok
17:08:59.0197 4148 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
17:08:59.0213 4148 WwanSvc - ok
17:08:59.0228 4148 XAudio (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
17:08:59.0228 4148 XAudio - ok
17:08:59.0275 4148 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:08:59.0525 4148 \Device\Harddisk0\DR0 - ok
17:08:59.0540 4148 Boot (0x1200) (ffda410a37ca2b0f36b6ff623b795c14) \Device\Harddisk0\DR0\Partition0
17:08:59.0540 4148 \Device\Harddisk0\DR0\Partition0 - ok
17:08:59.0540 4148 ============================================================
17:08:59.0540 4148 Scan finished
17:08:59.0540 4148 ============================================================
17:08:59.0540 3152 Detected object count: 0
17:08:59.0540 3152 Actual detected object count: 0
17:10:43.0996 3984 Deinitialize success



Then I encountered a problem scanning using aswMBR.

I ran aswMBR. It downloaded the latest version of virus definition.
During the first scan Symantec Endpoint Protection detected Trojan.Gen2
at the folder created by aswMBR in temp folder and quarantined the file.
After a while aswMBR stopped and a pop-up message appeared.
It said, "avast! Antirootkit has stopped working. The program no longer
works properly since it has encountered a problem. Windows will notify if
there are any solution."

I thought that Symantec caused the problem and ran aswMBR again with Symantec
disabled. But it has stopped again.
I don't know if it helps but I captured the aswMBR window when it stopped.
The attached is it.

Best,
oyo07

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 08 August 2012 - 08:48 PM

Greetings

Is this what Symantec is finding - DWH*.tmp in Temp folder


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 oyo07

oyo07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 08 August 2012 - 09:52 PM

Hi Gringo,

As for the file detected by Symantec during aswMBR scan, it is not DWH****.tmp in temp folder.
It was found in %userprofile%\AppData\Local\temp\_avast4_ and its name is unp188580493.tmp.

I made CFscript.txt by copy and pate to Notepad and ran ComboFix by dragging the script file into ComboFix.exe

After ComboFix finished I could not open any files or programs. I restarted my PC. Now I can open files and programs.

But Firefox icon still doubles in the task bar when I start it.
And there are still {random number} folders in %userprofile%\AppData\Local and C:\Windows\Installer
which appeared again when PC was connected to the internet after the first ComboFix run.
(At that time many DWH****.tmp files were created in temp folder and Symantec detected them.)
Though they look empty now, they are the folders in which the infected files were found first.

So far there is no new infected files detected in temp folder.

Here is the log from ComboFix:


ComboFix 12-08-08.01 - fremont71 2012/08/08 19:00:49.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.932.81.1041.18.1911.728 [GMT -7:00]
Running from: c:\users\fremont71.FM\Desktop\ComboFix.exe
Command switches used :: c:\users\fremont71.FM\Desktop\CFscript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
.
.
2012-08-09 02:07 . 2012-08-09 02:07 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-09 02:07 . 2012-08-09 02:07 -------- d-----w- c:\users\Yutaka Terao\AppData\Local\temp
2012-08-09 02:07 . 2012-08-09 02:07 -------- d-----w- c:\users\fremont71\AppData\Local\temp
2012-08-09 02:07 . 2012-08-09 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-09 00:50 . 2012-08-09 00:50 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29FD7B9A-3E67-46E2-9EA2-C14816E87B46}\offreg.dll
2012-08-09 00:31 . 2012-08-09 00:31 -------- d-----w- c:\programdata\Conexant
2012-08-09 00:31 . 2012-08-09 00:31 -------- d-----w- c:\users\fremont71.FM\AppData\Local\Conexant
2012-08-09 00:30 . 2012-07-16 09:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29FD7B9A-3E67-46E2-9EA2-C14816E87B46}\mpengine.dll
2012-08-04 12:04 . 2012-08-04 12:04 -------- d-----w- C:\FRST
2012-08-03 18:43 . 2012-08-03 18:43 -------- d-----w- c:\users\fremont71.FM\AppData\Local\Apps
2012-08-02 23:28 . 2012-08-02 23:28 -------- d-----w- c:\users\fremont71.FM\AppData\Roaming\SPE
2012-08-01 17:30 . 2012-08-01 17:30 -------- d-----w- c:\users\Yutaka Terao\AppData\Local\Babylon
2012-08-01 17:30 . 2012-08-01 17:30 -------- d-----w- c:\users\Yutaka Terao\AppData\Roaming\Apple Computer
2012-08-01 17:30 . 2012-08-01 17:30 -------- d-----w- c:\users\Yutaka Terao\AppData\Local\Apple Computer
2012-07-29 10:00 . 2012-08-09 02:07 -------- d-----w- c:\users\fremont71.FM\AppData\Local\temp
2012-07-28 11:56 . 2012-07-28 11:56 -------- d-----w- c:\program files\CCleaner
2012-07-28 11:54 . 2012-07-28 11:54 -------- d-----w- c:\program files\Common Files\Java
2012-07-28 11:54 . 2012-07-28 11:53 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-11 18:02 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 07:20 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 07:20 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 07:20 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 07:19 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 07:19 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 07:19 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 07:19 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 07:19 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 07:19 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 07:19 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll
2012-07-11 07:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 07:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 07:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 07:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-11 07:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 20:03 . 2010-09-21 23:26 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-07-28 11:53 . 2010-11-02 23:44 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-21 17:56 . 2012-06-16 08:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-21 17:49 . 2012-06-20 07:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-02 22:19 . 2012-06-08 22:59 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-08 23:00 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-08 22:59 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-08 22:59 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-08 22:59 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-08 22:59 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-08 22:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-08 22:59 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-08 22:59 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2010-09-21 22:02 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-30 22:01 . 2012-05-30 22:01 509952 ----a-r- c:\users\fremont71.FM\AppData\Roaming\Microsoft\Installer\{961C4E1E-A1E3-404F-B5D4-56C3ED000200}\ico.exe
2012-07-18 17:37 . 2011-03-23 17:22 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPlanEx"="c:\program files\Panasonic\PPlanEx\PPlanEx.exe" [2010-03-18 590208]
"WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2010-02-09 1143680]
"PCinfo"="c:\program files\Panasonic\pcinfo\PcInfoUt.exe" [2009-07-02 99136]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-17 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-17 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-17 168472]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2009-07-16 161088]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
"IME14 JPN Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232]
"Panasonic Hotkey Manager"="c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2009-08-10 1064768]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-15 296056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
Ime File REG_SZ imjp14.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 03:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsMon00]
2010-02-09 23:43 2621440 ----a-r- c:\program files\Browny02\Brother\BrStMonW.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 17:26 114688 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 23:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-12-13 21:37 135536 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 18:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-06-15 19:36 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
R3 mircap;mircap;c:\windows\system32\DRIVERS\mircap.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 mtpaudio;Panasonic Projector Audio Device Driver;c:\windows\system32\DRIVERS\mtpaudio.sys [x]
R3 mtvpbus;Panasonic Projector Virtual Bus Enumerator;c:\windows\system32\DRIVERS\mtvpbus.sys [x]
R3 PJDrv;PJDrv;c:\program files\Panasonic\Wireless Manager ME5.5\PJDrv.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 seccap;seccap;c:\windows\system32\DRIVERS\seccap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD printing support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ETMService;Intel® Dynamic Power Performance Model Service Application;c:\windows\system32\EtmService.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [x]
S2 nsvsvc;Panasonic NetSelector2 Service;c:\program files\Panasonic\NSelect2\nsvsvc.exe [x]
S2 OPDOFFSV;Panasonic Opdoff Utility;c:\program files\Panasonic\PPlanEx\opdoffsv.exe [x]
S2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [x]
S2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SELSUSSV;Panasonic USB Selective Suspend Manager;c:\program files\Panasonic\Selsussv\selsussv.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 EtmDevDram;EtmDevDram;c:\windows\system32\DRIVERS\EtmDevDram.sys [x]
S3 EtmDevGen;EtmDevGen;c:\windows\system32\DRIVERS\EtmDevGen.sys [x]
S3 EtmDevMcp;EtmDevMcp;c:\windows\system32\DRIVERS\EtmDevMcp.sys [x]
S3 EtmDevPch;EtmDevPch;c:\windows\system32\DRIVERS\EtmDevPch.sys [x]
S3 EtmDrvMgr;EtmDrvMgr;c:\windows\system32\DRIVERS\EtmDrvMgr.sys [x]
S3 EtmFan;EtmFan;c:\windows\system32\DRIVERS\EtmDevFan.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Audio for Display;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s32;Windows 7 32 bit Intel® Wireless WiFi Link Adopter Driver;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NewMisc;Panasonic Misc Driver;c:\windows\system32\DRIVERS\newmisc.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S4 stdriver;Sound Tap Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver32.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 83000080
*NewlyCreated* - ASWMBR
*Deregistered* - 83000080
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://panasonic.biz/pc/
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
TCP: DhcpNameServer = 128.111.1.1 128.111.1.2
FF - ProfilePath - c:\users\fremont71.FM\AppData\Roaming\Mozilla\Firefox\Profiles\7h1kq1yj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.co.jp/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3544177900-3989621451-674115747-1322\Software\Microsoft\Office\14.0\Common\Open Find\Microsoft PowerPoint\Settings\ニ0・゙0~0_0o0ニ0・゙0 *ノ0ュ0・・・ネ0n0x裾b]
"ClientGUID"=hex:ea,86,dd,ce,de,d6,3e,4c,85,97,2d,db,b1,ec,d4,64
.
[HKEY_USERS\S-1-5-21-3544177900-3989621451-674115747-1322\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*「0・ヨ0・S*E*O*\OpenWithList]
@Class="Shell"
"a"="realplay.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3544177900-3989621451-674115747-1322\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*「0・ヨ0・S*E*O*\OpenWithProgids]
"アメブロSEO_auto_file"=hex(0):
.
[HKEY_USERS\S-1-5-21-3544177900-3989621451-674115747-1322_Classes\「0・ヨ0・S*E*O*_*a*u*t*o*_*f*i*l*e*\shell\open\command]
@="\"c:\\program files\\real\\realplayer\\realplay.exe\" \"%1\""
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4932)
c:\program files\Babylon\Babylon-Pro\Captlib.dll
.
Completion time: 2012-08-08 19:09:11
ComboFix-quarantined-files.txt 2012-08-09 02:09
ComboFix2.txt 2012-08-08 19:32
.
Pre-Run: 140,927,262,720 byte available
Post-Run: 140,644,225,024 byte available
.
- - End Of File - - A2637107E278BF4610E089434A24175C

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 08 August 2012 - 09:56 PM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 oyo07

oyo07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 09 August 2012 - 12:35 AM

Hi Gringo,

I have scanned my PC and searched services.exe using FRST.
The logs are as follows.

Best,
oyo07


Here is the scan log:


Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 08-08-2012 02
Ran by SYSTEM at 08-08-2012 22:03:53
Running from F:\
Windows 7 Professional (X86) OS Language: 0411
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [PPlanEx] C:\Program Files\Panasonic\PPlanEx\PPlanEx.exe [590208 2010-03-18] (Panasonic Corporation)
HKLM\...\Run: [WSwitch] C:\Program Files\Panasonic\WSwitch\WSwitch.exe [1143680 2010-02-09] (Panasonic Corporation)
HKLM\...\Run: [PCinfo] C:\Program Files\Panasonic\pcinfo\PcInfoUt.exe [99136 2009-07-02] (Panasonic Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2010-03-17] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [175640 2010-03-17] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [168472 2010-03-17] (Intel Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [496184 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe [161088 2009-07-16] (Panasonic Corporation)
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [115560 2010-01-26] (Symantec Corporation)
HKLM\...\Run: [IME14 JPN Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log [81200 2012-03-14] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1797008 2010-07-22] (Microsoft Corporation)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart [3563232 2008-09-02] (Babylon Ltd.)
HKLM\...\Run: [Panasonic Hotkey Manager] C:\Program Files\Panasonic\Hotkey Appendix\HKEYAPP.EXE [1064768 2009-08-10] (Panasonic Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-31] (Apple Inc.)
HKLM\...\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-25] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN [2621440 2010-02-10] (Brother Industries, Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-08] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-06-16] (RealNetworks, Inc.)
HKU\fremont71.FM\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-24] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

================================ Services (Whitelisted) ==================

3 BrYNSvc; "C:\Program Files\Browny02\BrYNSvc.exe" [245760 2010-01-26] (Brother Industries, Ltd.)
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-01-26] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108392 2010-01-26] (Symantec Corporation)
2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [669040 2011-04-25] (Juniper Networks)
2 ETMService; C:\Windows\System32\EtmService.exe [207384 2009-11-13] (Intel Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-14] (Microsoft Corporation)
2 ImeDictUpdateService; "C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE" [59760 2010-10-21] (Microsoft Corporation)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2010-02-18] (Symantec Corporation)
2 nsvsvc; C:\Program Files\Panasonic\NSelect2\nsvsvc.exe [146240 2009-07-21] (Panasonic Corporation)
2 OPDOFFSV; C:\Program Files\Panasonic\PPlanEx\opdoffsv.exe [1389440 2010-03-18] (Panasonic Corporation)
2 PcInfoPi; C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe [46912 2009-09-30] (Panasonic Corporation)
2 PcInfoSV; C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe [243072 2010-03-26] (Panasonic Corporation)
2 SELSUSSV; C:\Program Files\Panasonic\Selsussv\selsussv.exe [76672 2010-01-18] (Panasonic Corporation)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-06] (Skype Technologies)
2 SmcService; "C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" [1881368 2010-04-17] (Symantec Corporation)
4 SNAC; "C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" [349512 2010-04-02] (Symantec Corporation)
2 Symantec AntiVirus; "C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe" [1831024 2010-04-23] (Symantec Corporation)

========================== Drivers (Whitelisted) =============

3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2011-04-25] (Juniper Networks)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-31] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-31] (Symantec Corporation)
3 EtmDevDram; C:\Windows\System32\DRIVERS\EtmDevDram.sys [56832 2009-10-20] (Intel Corporation)
3 EtmDevGen; C:\Windows\System32\DRIVERS\EtmDevGen.sys [46080 2009-10-20] (Intel Corporation)
3 EtmDevMcp; C:\Windows\System32\DRIVERS\EtmDevMcp.sys [78336 2009-10-20] (Intel Corporation)
3 EtmDevPch; C:\Windows\System32\DRIVERS\EtmDevPch.sys [51200 2009-10-20] (Intel Corporation)
3 EtmDrvMgr; C:\Windows\System32\DRIVERS\EtmDrvMgr.sys [120320 2009-10-20] (Intel Corporation)
3 EtmFan; C:\Windows\System32\DRIVERS\EtmDevFan.sys [27136 2009-10-20] (Intel Corporation)
3 HOTKEY; C:\Windows\System32\DRIVERS\hotkey.sys [24640 2009-03-10] (Panasonic Corporation)
3 mircap; C:\Windows\System32\DRIVERS\mircap.sys [3712 2009-09-17] (Panasonic Corporation)
3 mtpaudio; C:\Windows\System32\DRIVERS\mtpaudio.sys [12672 2009-09-17] (Panasonic Corporation)
3 mtvpbus; C:\Windows\System32\DRIVERS\mtvpbus.sys [12032 2009-09-17] (Panasonic Corporation)
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120808.004\NAVENG.SYS [87928 2012-07-17] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120808.004\NAVEX15.SYS [1589752 2012-07-17] (Symantec Corporation)
3 NewMisc; C:\Windows\System32\DRIVERS\newmisc.sys [53376 2009-10-28] (Panasonic Corporation)
3 seccap; C:\Windows\System32\DRIVERS\seccap.sys [4608 2009-09-17] (Panasonic Corporation)
1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-12-19] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [283184 2010-03-09] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320944 2010-03-09] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2010-03-09] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2012-08-08] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-04] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-04] (Symantec Corporation)
4 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [97096 2010-04-17] (Symantec Corporation)
3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [67472 2009-12-29] (Symantec Corporation)
3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
1 WPS; \??\C:\Windows\system32\drivers\wpsdrvnt.sys [43336 2010-04-17] (Symantec Corporation)
3 WpsHelper; \??\C:\Windows\system32\drivers\WpsHelper.sys [167936 2011-06-22] (Symantec Corporation)
3 catchme; \??\C:\Users\FREMON~1.FM\AppData\Local\Temp\catchme.sys [x]
3 PJDrv; \??\C:\Program Files\Panasonic\Wireless Manager ME5.5\PJDrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-09 11:09 - 2012-08-09 11:09 - 00016687 ____A C:\ComboFix.txt
2012-08-09 10:54 - 2012-08-09 10:54 - 04727110 ____R (Swearware) C:\Users\fremont71.FM\Desktop\ComboFix.exe
2012-08-09 09:48 - 2012-08-09 09:48 - 00000170 ____A C:\Users\fremont71.FM\Desktop\ErrorMssg.txt
2012-08-09 09:31 - 2012-08-09 09:31 - 00000000 ____D C:\Users\fremont71.FM\AppData\Local\Conexant
2012-08-09 09:31 - 2012-08-09 09:31 - 00000000 ____D C:\Users\All Users\Conexant
2012-08-09 09:10 - 2012-08-09 09:11 - 04731392 ____A (AVAST Software) C:\Users\fremont71.FM\Desktop\aswMBR.exe
2012-08-09 08:40 - 2012-08-09 08:40 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\fremont71.FM\Desktop\tdsskiller.exe
2012-08-09 04:56 - 2012-08-09 04:56 - 00000000 __SHD C:\Users\fremont71.FM\AppData\Local\{eafc3248-12d4-a3af-f193-d0ac3ba32f08}
2012-08-09 04:20 - 2011-06-26 15:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-09 04:20 - 2010-11-08 02:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-09 04:20 - 2009-04-20 13:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-09 04:20 - 2000-08-31 09:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-09 04:20 - 2000-08-31 09:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-09 04:20 - 2000-08-31 09:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-09 04:20 - 2000-08-31 09:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-09 04:20 - 2000-08-31 09:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-09 04:11 - 2012-08-09 04:11 - 00001005 ____A C:\Users\fremont71.FM\Desktop\checkup.txt
2012-08-09 04:05 - 2012-08-09 04:05 - 00881494 ____A C:\Users\fremont71.FM\Desktop\SecurityCheck.exe
2012-08-09 03:03 - 2012-08-09 13:42 - 00000168 ____A C:\Windows\setupact.log
2012-08-09 03:03 - 2012-08-09 03:03 - 00000000 ____A C:\Windows\setuperr.log
2012-08-09 03:02 - 2012-08-09 11:14 - 00006194 ____A C:\Windows\PFRO.log
2012-08-06 14:51 - 2012-08-06 14:51 - 00013039 ____A C:\Users\fremont71.FM\Desktop\ark.txt
2012-08-06 14:03 - 2012-08-06 14:03 - 00008603 ____A C:\Users\fremont71.FM\Desktop\Attach.txt
2012-08-06 13:53 - 2012-08-06 13:55 - 00000480 ____A C:\Users\fremont71.FM\Desktop\defogger_disable.log
2012-08-06 13:53 - 2012-08-06 13:53 - 00000000 ____A C:\Users\fremont71.FM\defogger_reenable
2012-08-06 13:51 - 2012-08-06 13:51 - 00050477 ____A C:\Users\fremont71.FM\Desktop\Defogger.exe
2012-08-04 21:04 - 2012-08-04 21:04 - 00000000 ____D C:\FRST
2012-08-04 03:43 - 2012-08-04 03:43 - 00000000 ____D C:\Users\fremont71.FM\AppData\Local\Apps\2.0
2012-08-03 08:28 - 2012-08-03 08:28 - 00000000 ____D C:\Users\fremont71.FM\AppData\Roaming\SPE
2012-08-02 02:30 - 2012-08-02 02:30 - 00000000 ____D C:\Users\Yutaka Terao\AppData\Roaming\Apple Computer
2012-08-02 02:30 - 2012-08-02 02:30 - 00000000 ____D C:\Users\Yutaka Terao\AppData\Local\Babylon
2012-08-02 02:30 - 2012-08-02 02:30 - 00000000 ____D C:\Users\Yutaka Terao\AppData\Local\Apple Computer
2012-08-01 05:21 - 2012-08-01 05:21 - 00001628 ____A C:\Users\fremont71.FM\Documents\2012summer_SBJA.txt
2012-07-29 18:49 - 2012-08-09 11:09 - 00000000 ____D C:\Qoobox
2012-07-29 18:49 - 2012-08-09 04:19 - 00000000 ____D C:\Windows\erdnt
2012-07-29 04:17 - 2012-07-29 04:17 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-28 20:56 - 2012-07-28 20:56 - 00000000 ____D C:\Program Files\CCleaner
2012-07-28 20:54 - 2012-07-28 20:54 - 00000000 ____D C:\Program Files\Common Files\Java
2012-07-28 20:54 - 2012-07-28 20:53 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-28 20:54 - 2012-07-28 20:53 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-28 20:53 - 2012-07-28 20:53 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-28 20:53 - 2012-07-28 20:53 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-12 03:07 - 2012-06-02 18:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 03:07 - 2012-06-02 17:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 03:07 - 2012-06-02 17:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 03:07 - 2012-06-02 17:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 03:07 - 2012-06-02 17:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 03:07 - 2012-06-02 17:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 03:07 - 2012-06-02 17:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 03:07 - 2012-06-02 17:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 03:07 - 2012-06-02 17:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 03:07 - 2012-06-02 17:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 03:07 - 2012-06-02 17:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 03:07 - 2012-06-02 17:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 03:07 - 2012-06-02 17:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 03:07 - 2012-06-02 17:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 03:02 - 2012-06-12 11:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 16:20 - 2012-06-02 13:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-11 16:20 - 2012-06-02 13:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-11 16:20 - 2012-06-02 13:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-11 16:19 - 2012-06-06 14:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-11 16:19 - 2012-06-06 14:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-11 16:19 - 2012-06-06 14:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-11 16:19 - 2012-06-02 13:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-11 16:19 - 2012-06-02 13:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-11 16:19 - 2010-06-26 12:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-11 16:18 - 2012-06-09 13:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

============ 3 Months Modified Files ========================

2012-08-09 13:56 - 2010-09-23 06:24 - 01649672 ____A C:\Windows\WindowsUpdate.log
2012-08-09 13:56 - 2010-03-29 22:52 - 01228100 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-09 13:56 - 2009-07-15 00:19 - 00395012 ____A C:\Windows\System32\perfh011.dat
2012-08-09 13:56 - 2009-07-15 00:19 - 00108202 ____A C:\Windows\System32\perfc011.dat
2012-08-09 13:50 - 2009-07-14 13:34 - 00013888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-09 13:50 - 2009-07-14 13:34 - 00013888 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-09 13:42 - 2012-08-09 03:03 - 00000168 ____A C:\Windows\setupact.log
2012-08-09 13:42 - 2009-07-14 13:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-09 11:14 - 2012-08-09 03:02 - 00006194 ____A C:\Windows\PFRO.log
2012-08-09 11:09 - 2012-08-09 11:09 - 00016687 ____A C:\ComboFix.txt
2012-08-09 11:07 - 2009-07-14 11:04 - 00000215 ____A C:\Windows\system.ini
2012-08-09 10:54 - 2012-08-09 10:54 - 04727110 ____R (Swearware) C:\Users\fremont71.FM\Desktop\ComboFix.exe
2012-08-09 09:48 - 2012-08-09 09:48 - 00000170 ____A C:\Users\fremont71.FM\Desktop\ErrorMssg.txt
2012-08-09 09:11 - 2012-08-09 09:10 - 04731392 ____A (AVAST Software) C:\Users\fremont71.FM\Desktop\aswMBR.exe
2012-08-09 08:40 - 2012-08-09 08:40 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\fremont71.FM\Desktop\tdsskiller.exe
2012-08-09 04:11 - 2012-08-09 04:11 - 00001005 ____A C:\Users\fremont71.FM\Desktop\checkup.txt
2012-08-09 04:05 - 2012-08-09 04:05 - 00881494 ____A C:\Users\fremont71.FM\Desktop\SecurityCheck.exe
2012-08-09 03:03 - 2012-08-09 03:03 - 00000000 ____A C:\Windows\setuperr.log
2012-08-08 05:03 - 2010-09-22 08:26 - 00124976 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2012-08-08 05:03 - 2010-09-22 08:26 - 00007456 ____A C:\Windows\System32\Drivers\SYMEVENT.CAT
2012-08-06 14:51 - 2012-08-06 14:51 - 00013039 ____A C:\Users\fremont71.FM\Desktop\ark.txt
2012-08-06 14:03 - 2012-08-06 14:03 - 00008603 ____A C:\Users\fremont71.FM\Desktop\Attach.txt
2012-08-06 13:55 - 2012-08-06 13:53 - 00000480 ____A C:\Users\fremont71.FM\Desktop\defogger_disable.log
2012-08-06 13:53 - 2012-08-06 13:53 - 00000000 ____A C:\Users\fremont71.FM\defogger_reenable
2012-08-06 13:51 - 2012-08-06 13:51 - 00050477 ____A C:\Users\fremont71.FM\Desktop\Defogger.exe
2012-08-01 05:21 - 2012-08-01 05:21 - 00001628 ____A C:\Users\fremont71.FM\Documents\2012summer_SBJA.txt
2012-07-31 06:16 - 2011-02-12 02:25 - 00000419 ____A C:\Windows\BRWMARK.INI
2012-07-29 04:17 - 2012-07-29 04:17 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-28 20:53 - 2012-07-28 20:54 - 00772592 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-07-28 20:53 - 2012-07-28 20:54 - 00227824 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-07-28 20:53 - 2012-07-28 20:53 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-07-28 20:53 - 2012-07-28 20:53 - 00174064 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-07-28 20:53 - 2010-11-03 08:44 - 00687600 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-07-12 07:33 - 2009-07-14 13:33 - 00491368 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 03:03 - 2010-11-03 09:15 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-30 15:31 - 2012-06-30 15:31 - 00002086 ____A C:\Users\Public\Desktop\Brother Creative Center.lnk
2012-06-30 15:31 - 2011-02-12 02:25 - 00000242 ____A C:\Windows\Brpfx04a.ini
2012-06-30 15:31 - 2011-02-12 02:25 - 00000093 ____A C:\Windows\brpcfx.ini
2012-06-30 15:30 - 2012-06-30 15:30 - 00000066 ____A C:\Windows\Brfaxrx.ini
2012-06-30 15:30 - 2011-02-12 02:23 - 00000050 ____A C:\Windows\System32\BRIDF10B.DAT
2012-06-22 02:56 - 2012-06-16 17:55 - 00404640 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-22 02:49 - 2012-06-20 16:05 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-16 10:23 - 2010-12-03 04:45 - 00000108 ____A C:\Users\Yutaka Terao\Desktop\domain name.txt
2012-06-16 04:37 - 2011-11-16 16:10 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\System32\rmoc3260.dll
2012-06-16 04:37 - 2011-11-16 16:10 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5016.dll
2012-06-16 04:37 - 2011-11-16 16:10 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\System32\pndx5032.dll
2012-06-16 04:37 - 2010-11-15 09:55 - 00272896 ____A (Progressive Networks) C:\Windows\System32\pncrt.dll
2012-06-12 11:40 - 2012-07-12 03:02 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 13:41 - 2012-07-11 16:18 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-06 14:05 - 2012-07-11 16:19 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 14:05 - 2012-07-11 16:19 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 14:03 - 2012-07-11 16:19 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-03 15:09 - 2012-02-28 06:28 - 00002379 ____A C:\Users\fremont71.FM\Desktop\article.txt
2012-06-03 07:19 - 2012-06-09 08:00 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-03 07:19 - 2012-06-09 07:59 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-03 07:19 - 2012-06-09 07:59 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-03 07:19 - 2012-06-09 07:59 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-03 07:19 - 2012-06-09 07:59 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-03 07:19 - 2012-06-09 07:59 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-03 07:12 - 2012-06-09 07:59 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-03 07:12 - 2012-06-09 07:59 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-03 07:12 - 2012-06-09 07:59 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 18:07 - 2012-07-12 03:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 17:43 - 2012-07-12 03:07 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 17:33 - 2012-07-12 03:07 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 17:26 - 2012-07-12 03:07 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 17:25 - 2012-07-12 03:07 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 17:25 - 2012-07-12 03:07 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 17:23 - 2012-07-12 03:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 17:21 - 2012-07-12 03:07 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 17:20 - 2012-07-12 03:07 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 17:19 - 2012-07-12 03:07 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 17:19 - 2012-07-12 03:07 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 17:17 - 2012-07-12 03:07 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 17:16 - 2012-07-12 03:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 17:14 - 2012-07-12 03:07 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 13:45 - 2012-07-11 16:20 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 13:45 - 2012-07-11 16:19 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 13:40 - 2012-07-11 16:20 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 13:40 - 2012-07-11 16:19 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 13:39 - 2012-07-11 16:20 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 04:25 - 2010-09-22 07:02 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-31 07:01 - 2012-05-31 07:01 - 00001931 ____A C:\Users\fremont71.FM\Desktop\PDForsell2.lnk


ZeroAccess:
C:\Windows\Installer\{eafc3248-12d4-a3af-f193-d0ac3ba32f08}
C:\Windows\Installer\{eafc3248-12d4-a3af-f193-d0ac3ba32f08}\l

ZeroAccess:
C:\Users\fremont71.FM\AppData\Local\{eafc3248-12d4-a3af-f193-d0ac3ba32f08}
C:\Users\fremont71.FM\AppData\Local\{eafc3248-12d4-a3af-f193-d0ac3ba32f08}\l

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 1910.55 MB
Available physical RAM: 1488.86 MB
Total Pagefile: 1910.55 MB
Available Pagefile: 1494.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.14 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:220.87 GB) (Free:131.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Recovery) (Fixed) (Total:11.72 GB) (Free:4.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (System) (Fixed) (Total:0.29 GB) (Free:0.25 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (2011USASUC) (Removable) (Total:0.47 GB) (Free:0.37 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk Status Size vacancy Dynamic GPT
###
------------ ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 2017 MB 0 B

Ending DiskPart...


==========================================================

Last Boot: 2012-08-09 05:10

======================= End Of Log ==========================



Here is the search log:

Farbar Recovery Scan Tool Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-08 22:06:02
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-14 08:11] - [2009-07-14 10:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-14 08:11] - [2009-07-14 10:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\erdnt\cache\services.exe
[2012-07-29 18:58] - [2009-07-14 10:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

#10 oyo07

oyo07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 09 August 2012 - 02:35 AM

Hi Gringo,

A couple of more update about my PC.

Many infected files detected by SEP in temp folder since my infection are DWH****.tmp,
which your link suggested that the detection is SEP's error.
So what I need to do is something about SEP, right?

The firefox icon doubling in taskbar was solved. I deleted the icon in taskbar and recreated
using the icon in the top portion of the start menu.

PC seems to work fine, though there are still suspicious folders in C:\Windows\Installer and
in %userprofile%\AppData\Local.
(When these folders were somehow regenerated after I first delete them, the icons on my desktop
were rearranged and I could not change them.)
Now I don't know if these folders are safe or not and how they are recreated after deletion.

Best,
oyo07

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 09 August 2012 - 08:33 AM

Hello oyo07

"So what I need to do is something about SEP, right?" - I would try and uninstall SEP, clear all temp files and reinstall and see if it clears up

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{eafc3248-12d4-a3af-f193-d0ac3ba32f08}
C:\Users\fremont71.FM\AppData\Local\{eafc3248-12d4-a3af-f193-d0ac3ba32f08}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 oyo07

oyo07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 09 August 2012 - 12:29 PM

Good morning Gringo,

My PC runs on Windows 7, 32bit. So I should run FRST, not FRST64?
I just want to make sure.

Best,
oyo07

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 09 August 2012 - 12:49 PM

sorry that is a typo run the same one that you have now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 oyo07

oyo07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:59 PM

Posted 09 August 2012 - 02:58 PM

Hi Gringo,

Here is the Fixlog from FRST:


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02
Ran by SYSTEM at 2012-08-09 12:31:51 Run:1
Running from F:\

==============================================

C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{eafc3248-12d4-a3af-f193-d0ac3ba32f08} moved successfully.
C:\Users\fremont71.FM\AppData\Local\{eafc3248-12d4-a3af-f193-d0ac3ba32f08} moved successfully.

==== End of Fixlog ====


Best,
oyo07

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:59 PM

Posted 09 August 2012 - 03:15 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users