Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Aftermath of Live Security Platinum, possibly still infected?


  • This topic is locked This topic is locked
20 replies to this topic

#1 NerdyNurse

NerdyNurse

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 14 August 2012 - 01:27 AM

Ok, I was infected with "Live Security Platinum". I followed the uninstall guide from this site, however I was unable to complete step 10. I ended up downloading another anti-spyware program and only after that scan was I able to finally uninstall "Live Security". I ran a couple more scans with different programs and each one kept finding different "threats". I didn't write specific names down, but I know it included a worm, trojans, and rogues. Now I am having issues with windows security, specifically with automatic updating. When I try to changes settings I get a pop up saying that my center cannot change settings. I try to do it manually and hit ok and nothing happens. However, yesterday after hitting ok I was receiving another pop up saying that it "could not check for updates because it wasn't running, you may need to restart your computer". Of course restarting did not help, so I went under services to change the startup type to automatic, but Windows update is not even listed! I am also getting a "run dll error" upon start up "error loading C:\users\name\app data\roaming\wiext.dll" I also noticed that sometimes I get redirected to anti spyware sites, but this does not happen everytime. The last scan that I did today found some malware one of which was sirfef? I just don't feel confident that everything is gone, I feel like something else is lurking. Hoping someone can help me. Thank you in advance. Here is my log.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Monica at 19:42:50 on 2012-08-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1617 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [sctsv] "c:\windows\system32\rundll32.exe" "c:\users\monica\appdata\roaming\sctsv.dll",StopIteration
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [jswtrayutil] "c:\program files\jumpstart\jswtrayutil.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Corel Photo Downloader] "c:\program files\common files\corel\corel photodownloader\Corel PhotoDownloader.exe" -startup
mRun: [Corel File Shell Monitor] c:\program files\corel\corel paint shop pro photo x2\CorelIOMonitor.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [sctsv] "c:\windows\system32\rundll32.exe" "c:\users\monica\appdata\roaming\sctsv.dll",StopIteration
mRun: [wiext] rundll32.exe "c:\users\monica\appdata\roaming\wiext.dll",MessageBoxInstW
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{57F0E0EF-AEAB-4A44-9DEE-ED6315FB6FC3} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\monica\appdata\roaming\mozilla\firefox\profiles\a4jciv1i.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-13 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-13 353688]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20120419.001\IDSvix86.sys [2012-4-20 287792]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-2-20 20352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-13 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-8-13 57656]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-13 44808]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-4-18 106104]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-12 7168]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-2-12 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-20 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-26 250056]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-7-20 80824]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-20 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2012-2-20 937984]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-12 113120]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-7-20 181432]
.
=============== Created Last 30 ================
.
2012-08-13 22:51:04 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-13 22:50:53 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-13 22:49:38 41224 ----a-w- c:\windows\avastSS.scr
2012-08-13 22:49:11 -------- d-----w- c:\programdata\AVAST Software
2012-08-13 22:49:11 -------- d-----w- c:\program files\AVAST Software
2012-08-12 01:34:35 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-12 01:22:40 -------- d-----w- c:\users\monica\appdata\roaming\AVPro
2012-08-12 01:00:25 -------- d-----w- c:\users\monica\appdata\roaming\PC Cleaners
2012-08-12 01:00:22 6391096 ----a-w- c:\windows\uninstac.exe
2012-08-12 01:00:21 582992 ----a-w- c:\windows\system32\sbap.dll
2012-08-12 01:00:21 415056 ----a-w- c:\windows\system32\SpursDownload.dll
2012-08-12 01:00:21 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-08-12 01:00:20 308560 ----a-w- c:\windows\system32\vipre.dll
2012-08-12 01:00:20 160768 ----a-w- c:\windows\system32\unrar.dll
2012-08-12 01:00:19 -------- d-----w- c:\programdata\AVC1Data
2012-08-12 01:00:16 10985272 ----a-w- c:\windows\uninst.exe
2012-08-12 01:00:14 -------- d-----w- c:\users\monica\appdata\roaming\PCPro
2012-08-12 01:00:14 -------- d-----w- c:\programdata\PC1Data
2012-08-11 23:55:26 -------- d-----w- c:\users\monica\appdata\roaming\SUPERAntiSpyware.com
2012-08-11 23:55:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-11 23:55:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-11 23:54:58 19113832 ----a-w- C:\SAS_080431.EXE
2012-08-11 23:12:10 -------- d-----w- c:\programdata\PC Tools
2012-08-11 23:12:09 -------- d-----w- c:\users\monica\appdata\roaming\TestApp
2012-08-11 21:51:15 -------- d-----w- c:\programdata\HitmanPro
2012-08-11 07:44:16 1051552 ----a-w- C:\iExplore.exe
2012-08-11 07:43:19 1205 ----a-w- C:\registryfix.reg
2012-08-11 06:24:17 883616 ----a-w- c:\program files\FixExec.exe
2012-08-11 05:40:31 -------- d-----w- c:\programdata\036E192F02E0BBAFDED8220F2F3B707C
2012-08-11 05:40:28 -------- d-----w- c:\users\monica\appdata\local\{0F157248-E377-11E1-8270-B8AC6F996F26}
2012-08-11 05:40:25 446976 ----a-w- c:\users\monica\appdata\roaming\sctsv.dll
2012-08-10 20:42:59 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{b89eceaa-1310-4946-9b13-fc6d9b93c204}\mpengine.dll
2012-07-29 01:02:58 -------- d-----w- c:\users\monica\FrostWire
2012-07-29 01:02:54 -------- d-----w- c:\users\monica\.frostwire5
2012-07-21 05:03:22 -------- d-----w- c:\users\monica\appdata\local\Samsung
2012-07-21 05:03:19 -------- d-----w- c:\users\monica\appdata\roaming\Samsung
2012-07-21 05:00:45 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-21 05:00:45 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-21 04:59:54 -------- d-----w- c:\users\monica\{a3a49ad5-be03-43c5-b284-b711a5714f33}
2012-07-21 04:56:43 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-07-21 04:55:51 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-07-21 04:55:51 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-07-21 04:55:51 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-07-21 04:55:51 -------- d-----w- c:\program files\MarkAny
2012-07-21 04:54:57 -------- d-----w- c:\programdata\Samsung
2012-07-21 04:54:57 -------- d-----w- c:\program files\Samsung
2012-07-21 04:48:11 -------- d-----w- c:\users\monica\appdata\local\Downloaded Installations
2012-07-21 03:51:22 -------- d-----w- c:\users\monica\appdata\roaming\JRT Studio
2012-07-21 03:51:09 -------- d-----w- c:\program files\JRT Studio
2012-07-17 01:59:36 -------- d-----w- c:\users\monica\appdata\local\Apple Computer
2012-07-17 01:58:36 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-07-17 01:58:36 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-07-17 01:57:41 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-07-17 01:56:28 -------- d-----w- c:\users\monica\appdata\local\Apple
.
==================== Find3M ====================
.
2012-08-11 03:12:23 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2012-08-04 00:32:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-04 00:32:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 05:28:45 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-03 20:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 19:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 19:43:23.50 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 17 August 2012 - 11:41 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NerdyNurse

NerdyNurse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 20 August 2012 - 03:16 AM

Thank you so much for helping Gringo. Followed your directions, logs are posted below. I had no problems running either of the programs. I have since restarted my laptop and noticed that I do not get the rundll error upon startup. I checked out windows security center and everything is "on", even the automatic updating. I checked for windows updates and it found 11, however it fails to install them. I get error code 80246008, I follow the solution that they offer and I am still not able to install the updates. Are you able to help me with that? I haven't gotten redirected to any sites, but it wasn't doing it every time before. So I guess all seems ok, other then the windows update thing. Thank you again!

Security check:
Results of screen317's Security Check version 0.99.46
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 3
Java version out of Date!
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


ComboFix:
ComboFix 12-08-18.03 - Monica 08/19/2012 23:34:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1592 [GMT -7:00]
Running from: c:\users\Monica\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\iexplore.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\tooldownloadreadme.htm
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-20 06:44 . 2012-08-20 06:45 -------- d-----w- c:\users\Monica\AppData\Local\temp
2012-08-20 06:44 . 2012-08-20 06:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 22:51 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-13 22:51 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-13 22:51 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-13 22:51 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-13 22:51 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-13 22:50 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-13 22:49 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-13 22:49 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-13 22:49 . 2012-08-13 22:49 -------- d-----w- c:\programdata\AVAST Software
2012-08-13 22:49 . 2012-08-13 22:49 -------- d-----w- c:\program files\AVAST Software
2012-08-12 01:34 . 2012-08-12 01:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-12 01:22 . 2012-08-12 01:22 -------- d-----w- c:\users\Monica\AppData\Roaming\AVPro
2012-08-12 01:00 . 2012-08-12 01:00 -------- d-----w- c:\users\Monica\AppData\Roaming\PC Cleaners
2012-08-12 01:00 . 2012-08-12 01:00 582992 ----a-w- c:\windows\system32\sbap.dll
2012-08-12 01:00 . 2012-08-12 01:00 415056 ----a-w- c:\windows\system32\SpursDownload.dll
2012-08-12 01:00 . 2012-08-12 01:00 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-08-12 01:00 . 2012-08-12 01:00 308560 ----a-w- c:\windows\system32\vipre.dll
2012-08-12 01:00 . 2012-08-12 01:00 160768 ----a-w- c:\windows\system32\unrar.dll
2012-08-12 01:00 . 2012-08-12 01:00 -------- d-----w- c:\programdata\AVC1Data
2012-08-12 01:00 . 2012-08-12 01:00 -------- d-----w- c:\users\Monica\AppData\Roaming\PCPro
2012-08-12 01:00 . 2012-08-12 01:00 -------- d-----w- c:\programdata\PC1Data
2012-08-11 23:55 . 2012-08-11 23:55 -------- d-----w- c:\users\Monica\AppData\Roaming\SUPERAntiSpyware.com
2012-08-11 23:55 . 2012-08-11 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-11 23:55 . 2012-08-11 23:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-11 23:54 . 2012-08-11 23:40 19113832 ----a-w- C:\SAS_080431.EXE
2012-08-11 23:12 . 2012-08-11 23:12 -------- d-----w- c:\programdata\PC Tools
2012-08-11 23:12 . 2012-08-11 23:12 -------- d-----w- c:\users\Monica\AppData\Roaming\TestApp
2012-08-11 21:51 . 2012-08-12 01:34 -------- d-----w- c:\programdata\HitmanPro
2012-08-11 07:43 . 2012-08-11 07:32 1205 ----a-w- C:\registryfix.reg
2012-08-11 06:24 . 2012-08-11 06:16 883616 ----a-w- c:\program files\FixExec.exe
2012-08-11 05:40 . 2012-08-11 23:55 -------- d-----w- c:\programdata\036E192F02E0BBAFDED8220F2F3B707C
2012-08-11 05:40 . 2012-08-11 05:40 -------- d-----w- c:\users\Monica\AppData\Local\{0F157248-E377-11E1-8270-B8AC6F996F26}
2012-08-10 20:42 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B89ECEAA-1310-4946-9B13-FC6D9B93C204}\mpengine.dll
2012-07-29 01:02 . 2012-07-29 01:02 -------- d-----w- c:\users\Monica\FrostWire
2012-07-29 01:02 . 2012-07-29 01:02 -------- d-----w- c:\users\Monica\.frostwire5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 04:32 . 2012-06-26 22:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 04:32 . 2012-02-21 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:29 . 2012-07-06 05:29 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-06 05:29 . 2012-07-06 05:29 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-06 05:29 . 2012-07-06 05:29 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-06 05:29 . 2012-07-06 05:29 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-07-06 05:29 . 2012-07-06 05:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-06 05:29 . 2012-07-06 05:29 161792 ----a-w- c:\windows\system32\msls31.dll
2012-07-06 05:29 . 2012-07-06 05:29 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-07-06 05:29 . 2012-07-06 05:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-07-06 05:29 . 2012-07-06 05:29 367104 ----a-w- c:\windows\system32\html.iec
2012-07-06 05:29 . 2012-07-06 05:29 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-06 05:29 . 2012-07-06 05:29 152064 ----a-w- c:\windows\system32\wextract.exe
2012-07-06 05:29 . 2012-07-06 05:29 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-07-06 05:29 . 2012-07-06 05:29 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-07-06 05:29 . 2012-07-06 05:29 11776 ----a-w- c:\windows\system32\mshta.exe
2012-07-06 05:29 . 2012-07-06 05:29 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-06 05:29 . 2012-07-06 05:29 101888 ----a-w- c:\windows\system32\admparse.dll
2012-07-06 05:28 . 2012-07-06 05:28 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-06 05:28 . 2012-07-06 05:28 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-06 05:28 . 2012-07-06 05:28 586240 ----a-w- c:\windows\system32\stobject.dll
2012-07-06 05:28 . 2012-07-06 05:28 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-06 05:28 . 2012-07-06 05:28 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-06 05:28 . 2012-07-06 05:28 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-06 05:28 . 2012-07-06 05:28 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-06 05:28 . 2012-07-06 05:28 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-07-06 05:28 . 2012-07-06 05:28 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-07-06 05:28 . 2012-07-06 05:28 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-07-06 05:28 . 2012-07-06 05:28 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-07-06 05:28 . 2012-07-06 05:28 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-07-06 05:28 . 2012-07-06 05:28 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-06 05:28 . 2012-07-06 05:28 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-07-06 05:28 . 2012-07-06 05:28 37376 ----a-w- c:\windows\system32\cdd.dll
2012-07-06 05:28 . 2012-07-06 05:28 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-07-06 05:28 . 2012-07-06 05:28 258048 ----a-w- c:\windows\system32\winspool.drv
2012-07-06 05:28 . 2012-07-06 05:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-07-06 05:28 . 2012-07-06 05:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-07-06 05:28 . 2012-07-06 05:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-07-06 05:28 . 2012-07-06 05:28 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-06 05:28 . 2012-07-06 05:28 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-06 05:28 . 2012-07-06 05:28 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-06 05:28 . 2012-07-06 05:28 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-06 05:28 . 2012-07-06 05:28 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-06 05:28 . 2012-07-06 05:28 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-06 05:28 . 2012-07-06 05:28 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-06 05:28 . 2012-07-06 05:28 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-03 20:46 . 2012-05-29 02:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 23:03 . 2012-07-21 04:56 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-26 23:02 . 2012-06-26 23:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-06-26 23:02 . 2012-06-26 23:02 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 23:02 . 2012-06-26 23:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-06-26 23:02 . 2012-06-26 23:02 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-06-26 23:02 . 2012-06-26 23:02 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-06-26 23:02 . 2012-06-26 23:02 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-06-26 23:02 . 2012-06-26 23:02 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-06-26 23:02 . 2012-06-26 23:02 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-06-26 23:02 . 2012-06-26 23:02 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-06-26 23:02 . 2012-06-26 23:02 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-06-26 23:02 . 2012-06-26 23:02 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-06-26 23:02 . 2012-06-26 23:02 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-06-26 23:02 . 2012-06-26 23:02 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-06-26 23:02 . 2012-06-26 23:02 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-06-26 23:02 . 2012-06-26 23:02 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-06-26 23:02 . 2012-06-26 23:02 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-06-26 23:02 . 2012-06-26 23:02 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-06-26 23:02 . 2012-06-26 23:02 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-06-26 23:02 . 2012-06-26 23:02 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-06-26 23:02 . 2012-06-26 23:02 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-06-26 23:02 . 2012-06-26 23:02 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-06-26 23:02 . 2012-06-26 23:02 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-06-26 23:02 . 2012-06-26 23:02 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-06-26 23:02 . 2012-07-21 04:55 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-06-26 23:02 . 2012-07-21 04:55 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-06-26 23:02 . 2012-07-21 04:55 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-06-13 13:40 . 2012-07-12 12:10 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 12:05 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 12:05 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 12:05 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-04 07:59 . 2012-07-21 05:00 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-04 07:59 . 2012-07-21 05:00 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-02 22:19 . 2012-07-04 23:32 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-07-04 23:33 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-04 23:33 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-04 23:33 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-04 23:33 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-04 23:33 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-07-04 23:33 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-07-04 23:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-07-04 23:33 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-12 12:04 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 12:04 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 12:04 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 12:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 12:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 12:05 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-20 01:43 . 2012-06-12 19:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-21 39408]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-16 975800]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-18 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"NDSTray.exe"="NDSTray.exe" [BU]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-13 1862144]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 04:32]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 05:24]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 05:24]
.
2012-08-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c833c86d-369e-429c-8d77-614f345ee5a3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\a4jciv1i.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
HKLM-Run-wiext - c:\users\Monica\AppData\Roaming\wiext.dll
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-19 23:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????#&W?????h?????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-20 00:33:20
ComboFix-quarantined-files.txt 2012-08-20 07:33
.
Pre-Run: 178,018,000,896 bytes free
Post-Run: 178,270,461,952 bytes free
.
- - End Of File - - 5AC01DC28F02D12D30126F2240FA5093

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 20 August 2012 - 03:57 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NerdyNurse

NerdyNurse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 20 August 2012 - 03:10 PM

TDSS
12:54:34.0528 3724 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
12:54:35.0131 3724 ============================================================
12:54:35.0132 3724 Current date / time: 2012/08/20 12:54:35.0131
12:54:35.0132 3724 SystemInfo:
12:54:35.0132 3724
12:54:35.0132 3724 OS Version: 6.0.6002 ServicePack: 2.0
12:54:35.0132 3724 Product type: Workstation
12:54:35.0132 3724 ComputerName: MONICA-PC
12:54:35.0133 3724 UserName: Monica
12:54:35.0133 3724 Windows directory: C:\Windows
12:54:35.0133 3724 System windows directory: C:\Windows
12:54:35.0133 3724 Processor architecture: Intel x86
12:54:35.0133 3724 Number of processors: 2
12:54:35.0133 3724 Page size: 0x1000
12:54:35.0133 3724 Boot type: Normal boot
12:54:35.0133 3724 ============================================================
12:54:36.0204 3724 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:54:36.0207 3724 ============================================================
12:54:36.0207 3724 \Device\Harddisk0\DR0:
12:54:36.0207 3724 MBR partitions:
12:54:36.0207 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1CED7000
12:54:36.0207 3724 ============================================================
12:54:36.0235 3724 C: <-> \Device\Harddisk0\DR0\Partition1
12:54:36.0235 3724 ============================================================
12:54:36.0235 3724 Initialize success
12:54:36.0235 3724 ============================================================
12:54:43.0880 1184 ============================================================
12:54:43.0881 1184 Scan started
12:54:43.0881 1184 Mode: Manual;
12:54:43.0881 1184 ============================================================
12:54:44.0885 1184 ================ Scan system memory ========================
12:54:44.0886 1184 System memory - ok
12:54:44.0887 1184 ================ Scan services =============================
12:54:45.0051 1184 [ C0393EB99A6C72C6BEF9BFC4A72B33A6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:54:45.0053 1184 !SASCORE - ok
12:54:45.0804 1184 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
12:54:45.0814 1184 ACPI - ok
12:54:45.0911 1184 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:54:45.0927 1184 AdobeFlashPlayerUpdateSvc - ok
12:54:46.0022 1184 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:54:46.0047 1184 adp94xx - ok
12:54:46.0077 1184 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:54:46.0084 1184 adpahci - ok
12:54:46.0102 1184 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
12:54:46.0106 1184 adpu160m - ok
12:54:46.0122 1184 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:54:46.0126 1184 adpu320 - ok
12:54:46.0170 1184 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:54:46.0186 1184 AeLookupSvc - ok
12:54:46.0227 1184 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
12:54:46.0237 1184 AFD - ok
12:54:46.0270 1184 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
12:54:46.0275 1184 AgereModemAudio - ok
12:54:46.0515 1184 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
12:54:46.0547 1184 AgereSoftModem - ok
12:54:46.0594 1184 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:54:46.0596 1184 agp440 - ok
12:54:46.0640 1184 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
12:54:46.0662 1184 aic78xx - ok
12:54:46.0677 1184 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
12:54:46.0680 1184 ALG - ok
12:54:46.0698 1184 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
12:54:46.0699 1184 aliide - ok
12:54:46.0718 1184 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
12:54:46.0720 1184 amdagp - ok
12:54:46.0734 1184 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
12:54:46.0735 1184 amdide - ok
12:54:46.0760 1184 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
12:54:46.0762 1184 AmdK7 - ok
12:54:46.0791 1184 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:54:46.0792 1184 AmdK8 - ok
12:54:46.0833 1184 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
12:54:46.0835 1184 Appinfo - ok
12:54:46.0855 1184 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
12:54:46.0858 1184 arc - ok
12:54:46.0899 1184 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:54:46.0902 1184 arcsas - ok
12:54:46.0955 1184 [ 1C1F3D6DDDC046C920C493A779649F66 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
12:54:46.0956 1184 aswFsBlk - ok
12:54:46.0984 1184 [ A48D8015AF2A0D8B4937613FFBFD28DE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
12:54:46.0986 1184 aswMonFlt - ok
12:54:46.0998 1184 [ 982E275D1C5801042FE94209FB0160FB ] AswRdr C:\Windows\system32\drivers\AswRdr.sys
12:54:47.0000 1184 AswRdr - ok
12:54:47.0035 1184 [ 73DBCF808E00580F2A47F93DD9B03876 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
12:54:47.0068 1184 aswSnx - ok
12:54:47.0094 1184 [ 6CBD7D3A33F498D09C831CDD732DA2E0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
12:54:47.0101 1184 aswSP - ok
12:54:47.0115 1184 [ 7109A9AA551F37CD168C02368465957E ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
12:54:47.0117 1184 aswTdi - ok
12:54:47.0138 1184 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:54:47.0140 1184 AsyncMac - ok
12:54:47.0200 1184 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
12:54:47.0201 1184 atapi - ok
12:54:47.0317 1184 [ CA6078DDA7CF80FEC230D9478BBE6C1B ] athr C:\Windows\system32\DRIVERS\athr.sys
12:54:47.0340 1184 athr - ok
12:54:47.0473 1184 [ 581B9BE9E92A0F3856CC85EC011EDC6F ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
12:54:47.0487 1184 Ati External Event Utility - ok
12:54:47.0802 1184 [ 22D300F835600C9C634860CF2912F9CF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:54:47.0829 1184 atikmdag - ok
12:54:47.0897 1184 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
12:54:47.0898 1184 AtiPcie - ok
12:54:47.0991 1184 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:54:48.0015 1184 AudioEndpointBuilder - ok
12:54:48.0033 1184 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
12:54:48.0038 1184 Audiosrv - ok
12:54:48.0103 1184 [ 2F7C0F3E39C45E0127FB78B2F18A41F3 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:54:48.0105 1184 avast! Antivirus - ok
12:54:48.0153 1184 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
12:54:48.0154 1184 Beep - ok
12:54:48.0230 1184 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
12:54:48.0248 1184 BFE - ok
12:54:48.0282 1184 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
12:54:48.0284 1184 blbdrive - ok
12:54:48.0315 1184 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:54:48.0336 1184 bowser - ok
12:54:48.0380 1184 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
12:54:48.0382 1184 BrFiltLo - ok
12:54:48.0425 1184 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
12:54:48.0427 1184 BrFiltUp - ok
12:54:48.0482 1184 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
12:54:48.0488 1184 Browser - ok
12:54:48.0525 1184 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
12:54:48.0528 1184 Brserid - ok
12:54:48.0551 1184 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
12:54:48.0553 1184 BrSerWdm - ok
12:54:48.0565 1184 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
12:54:48.0567 1184 BrUsbMdm - ok
12:54:48.0591 1184 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
12:54:48.0592 1184 BrUsbSer - ok
12:54:48.0643 1184 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:54:48.0645 1184 BTHMODEM - ok
12:54:48.0718 1184 catchme - ok
12:54:48.0794 1184 [ FE69C498B922CE835E2E2123FBD0A272 ] ccEvtMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:54:48.0797 1184 ccEvtMgr - ok
12:54:48.0822 1184 [ FE69C498B922CE835E2E2123FBD0A272 ] ccSetMgr C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:54:48.0826 1184 ccSetMgr - ok
12:54:48.0873 1184 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:54:48.0877 1184 cdfs - ok
12:54:48.0926 1184 [ BF79E659C506674C0497CC9C61F1A165 ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
12:54:48.0928 1184 Cdr4_xp - ok
12:54:48.0939 1184 [ 2C41CD49D82D5FD85C72D57B6CA25471 ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
12:54:48.0940 1184 Cdralw2k - ok
12:54:48.0984 1184 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:54:48.0986 1184 cdrom - ok
12:54:49.0051 1184 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
12:54:49.0061 1184 CertPropSvc - ok
12:54:49.0084 1184 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
12:54:49.0086 1184 circlass - ok
12:54:49.0152 1184 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
12:54:49.0177 1184 CLFS - ok
12:54:49.0266 1184 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:54:49.0282 1184 clr_optimization_v2.0.50727_32 - ok
12:54:49.0367 1184 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:54:49.0370 1184 clr_optimization_v4.0.30319_32 - ok
12:54:49.0394 1184 [ FE69C498B922CE835E2E2123FBD0A272 ] CLTNetCnService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:54:49.0397 1184 CLTNetCnService - ok
12:54:49.0434 1184 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:54:49.0435 1184 CmBatt - ok
12:54:49.0454 1184 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:54:49.0456 1184 cmdide - ok
12:54:49.0509 1184 [ 3B38F3DEFD61DB294421993F969BC88F ] comHost C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
12:54:49.0532 1184 comHost - ok
12:54:49.0550 1184 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:54:49.0552 1184 Compbatt - ok
12:54:49.0561 1184 COMSysApp - ok
12:54:49.0601 1184 [ 596E452B5152EC9AFE8153D296459D2B ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
12:54:49.0602 1184 ConfigFree Service - ok
12:54:49.0615 1184 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:54:49.0617 1184 crcdisk - ok
12:54:49.0637 1184 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
12:54:49.0639 1184 Crusoe - ok
12:54:49.0705 1184 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:54:49.0708 1184 CryptSvc - ok
12:54:49.0788 1184 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:54:49.0799 1184 DcomLaunch - ok
12:54:49.0818 1184 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:54:49.0821 1184 DfsC - ok
12:54:50.0049 1184 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
12:54:50.0224 1184 DFSR - ok
12:54:50.0266 1184 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
12:54:50.0274 1184 dg_ssudbus - ok
12:54:50.0376 1184 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
12:54:50.0385 1184 Dhcp - ok
12:54:50.0422 1184 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
12:54:50.0424 1184 disk - ok
12:54:50.0458 1184 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:54:50.0461 1184 Dnscache - ok
12:54:50.0524 1184 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:54:50.0548 1184 dot3svc - ok
12:54:50.0593 1184 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
12:54:50.0597 1184 DPS - ok
12:54:50.0634 1184 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:54:50.0635 1184 drmkaud - ok
12:54:50.0738 1184 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:54:50.0771 1184 DXGKrnl - ok
12:54:50.0797 1184 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
12:54:50.0800 1184 E1G60 - ok
12:54:50.0835 1184 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
12:54:50.0838 1184 EapHost - ok
12:54:50.0919 1184 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
12:54:50.0937 1184 Ecache - ok
12:54:51.0024 1184 [ 579A6B6135D32B857FAF0E3A974535D8 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
12:54:51.0032 1184 eeCtrl - ok
12:54:51.0102 1184 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:54:51.0108 1184 ehRecvr - ok
12:54:51.0121 1184 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
12:54:51.0125 1184 ehSched - ok
12:54:51.0142 1184 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
12:54:51.0144 1184 ehstart - ok
12:54:51.0190 1184 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:54:51.0197 1184 elxstor - ok
12:54:51.0273 1184 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
12:54:51.0295 1184 EMDMgmt - ok
12:54:51.0337 1184 [ 028D50F059BD0D2CCB209E9011B9A9A4 ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:54:51.0341 1184 EraserUtilRebootDrv - ok
12:54:51.0358 1184 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:54:51.0359 1184 ErrDev - ok
12:54:51.0428 1184 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
12:54:51.0433 1184 EventSystem - ok
12:54:51.0490 1184 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
12:54:51.0494 1184 exfat - ok
12:54:51.0533 1184 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:54:51.0537 1184 fastfat - ok
12:54:51.0564 1184 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:54:51.0565 1184 fdc - ok
12:54:51.0584 1184 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
12:54:51.0601 1184 fdPHost - ok
12:54:51.0629 1184 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
12:54:51.0633 1184 FDResPub - ok
12:54:51.0650 1184 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:54:51.0653 1184 FileInfo - ok
12:54:51.0679 1184 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:54:51.0681 1184 Filetrace - ok
12:54:51.0712 1184 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:54:51.0714 1184 flpydisk - ok
12:54:51.0774 1184 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:54:51.0779 1184 FltMgr - ok
12:54:51.0912 1184 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
12:54:51.0955 1184 FontCache - ok
12:54:51.0998 1184 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:54:52.0001 1184 FontCache3.0.0.0 - ok
12:54:52.0057 1184 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:54:52.0058 1184 Fs_Rec - ok
12:54:52.0101 1184 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys
12:54:52.0103 1184 FwLnk - ok
12:54:52.0134 1184 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:54:52.0154 1184 gagp30kx - ok
12:54:52.0250 1184 [ 01A5829DD261B4F3DD66D7E9F9B973F5 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
12:54:52.0256 1184 GameConsoleService - ok
12:54:52.0299 1184 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
12:54:52.0301 1184 GEARAspiWDM - ok
12:54:52.0483 1184 [ CD6AD074C0158FFAA0CEEF86675E2E13 ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
12:54:52.0522 1184 GoogleDesktopManager - ok
12:54:52.0807 1184 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
12:54:52.0831 1184 gpsvc - ok
12:54:52.0895 1184 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:52.0900 1184 gupdate - ok
12:54:52.0926 1184 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:54:52.0930 1184 gupdatem - ok
12:54:53.0005 1184 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:54:53.0010 1184 gusvc - ok
12:54:53.0059 1184 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:54:53.0065 1184 HdAudAddService - ok
12:54:53.0188 1184 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:54:53.0204 1184 HDAudBus - ok
12:54:53.0227 1184 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:54:53.0232 1184 HidBth - ok
12:54:53.0251 1184 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
12:54:53.0256 1184 HidIr - ok
12:54:53.0331 1184 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
12:54:53.0335 1184 hidserv - ok
12:54:53.0373 1184 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:54:53.0375 1184 HidUsb - ok
12:54:53.0409 1184 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:54:53.0415 1184 hkmsvc - ok
12:54:53.0431 1184 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
12:54:53.0434 1184 HpCISSs - ok
12:54:53.0487 1184 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:54:53.0509 1184 HTTP - ok
12:54:53.0529 1184 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
12:54:53.0531 1184 i2omp - ok
12:54:53.0563 1184 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:54:53.0565 1184 i8042prt - ok
12:54:53.0591 1184 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
12:54:53.0597 1184 iaStorV - ok
12:54:53.0646 1184 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
12:54:53.0649 1184 IDriverT - ok
12:54:53.0727 1184 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:54:53.0760 1184 idsvc - ok
12:54:53.0832 1184 [ B147CCF3B7A42B64AF8EC0520B4B15E3 ] IDSvix86 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20120419.001\IDSvix86.sys
12:54:53.0839 1184 IDSvix86 - ok
12:54:53.0854 1184 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:54:53.0856 1184 iirsp - ok
12:54:53.0916 1184 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
12:54:53.0938 1184 IKEEXT - ok
12:54:54.0047 1184 [ 8A4341616976E47712B60F18C7049DCC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:54:54.0102 1184 IntcAzAudAddService - ok
12:54:54.0129 1184 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
12:54:54.0131 1184 intelide - ok
12:54:54.0160 1184 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:54:54.0163 1184 intelppm - ok
12:54:54.0189 1184 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:54:54.0194 1184 IPBusEnum - ok
12:54:54.0219 1184 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:54:54.0221 1184 IpFilterDriver - ok
12:54:54.0260 1184 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:54:54.0267 1184 iphlpsvc - ok
12:54:54.0276 1184 IpInIp - ok
12:54:54.0289 1184 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
12:54:54.0292 1184 IPMIDRV - ok
12:54:54.0328 1184 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
12:54:54.0332 1184 IPNAT - ok
12:54:54.0355 1184 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:54:54.0357 1184 IRENUM - ok
12:54:54.0393 1184 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:54:54.0396 1184 isapnp - ok
12:54:54.0446 1184 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
12:54:54.0451 1184 iScsiPrt - ok
12:54:54.0460 1184 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
12:54:54.0463 1184 iteatapi - ok
12:54:54.0473 1184 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
12:54:54.0476 1184 iteraid - ok
12:54:54.0548 1184 [ 723BA0AEC942E91C0A9CE146E73DECEB ] jswpsapi C:\Program Files\Jumpstart\jswpsapi.exe
12:54:54.0585 1184 jswpsapi - ok
12:54:54.0614 1184 [ 7E72514A3A1C5A9F3BFF0660B3866C2B ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys
12:54:54.0617 1184 jswpslwf - ok
12:54:54.0631 1184 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:54:54.0634 1184 kbdclass - ok
12:54:54.0651 1184 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
12:54:54.0653 1184 kbdhid - ok
12:54:54.0687 1184 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
12:54:54.0691 1184 KeyIso - ok
12:54:54.0734 1184 [ E8CA038F51F7761BD6E3A3B0B8014263 ] KR10I C:\Windows\system32\drivers\kr10i.sys
12:54:54.0739 1184 KR10I - ok
12:54:54.0782 1184 [ 6A4ADB9186DD0E114E623DAF57E42B31 ] KR10N C:\Windows\system32\drivers\kr10n.sys
12:54:54.0787 1184 KR10N - ok
12:54:54.0834 1184 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:54:54.0847 1184 KSecDD - ok
12:54:54.0889 1184 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
12:54:54.0912 1184 KtmRm - ok
12:54:54.0955 1184 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
12:54:54.0962 1184 LanmanServer - ok
12:54:55.0005 1184 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:54:55.0023 1184 LanmanWorkstation - ok
12:54:55.0495 1184 [ A97EEB81F05BCE3D7AA6C81F04EF39A4 ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
12:54:55.0601 1184 LiveUpdate - ok
12:54:55.0639 1184 [ FE69C498B922CE835E2E2123FBD0A272 ] LiveUpdate Notice Ex C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
12:54:55.0641 1184 LiveUpdate Notice Ex - ok
12:54:55.0703 1184 [ 2D1389E05A807D956829F44BD4B60389 ] LiveUpdate Notice Service C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
12:54:55.0710 1184 LiveUpdate Notice Service - ok
12:54:55.0737 1184 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:54:55.0747 1184 lltdio - ok
12:54:55.0784 1184 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:54:55.0792 1184 lltdsvc - ok
12:54:55.0830 1184 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:54:55.0835 1184 lmhosts - ok
12:54:55.0860 1184 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:54:55.0863 1184 LSI_FC - ok
12:54:55.0876 1184 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:54:55.0879 1184 LSI_SAS - ok
12:54:55.0914 1184 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:54:55.0919 1184 LSI_SCSI - ok
12:54:55.0938 1184 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
12:54:55.0941 1184 luafv - ok
12:54:55.0958 1184 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:54:55.0963 1184 Mcx2Svc - ok
12:54:56.0005 1184 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
12:54:56.0007 1184 megasas - ok
12:54:56.0068 1184 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
12:54:56.0076 1184 MegaSR - ok
12:54:56.0120 1184 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
12:54:56.0131 1184 MMCSS - ok
12:54:56.0155 1184 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
12:54:56.0156 1184 Modem - ok
12:54:56.0174 1184 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:54:56.0175 1184 monitor - ok
12:54:56.0186 1184 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:54:56.0197 1184 mouclass - ok
12:54:56.0214 1184 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\drivers\mouhid.sys
12:54:56.0216 1184 mouhid - ok
12:54:56.0238 1184 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
12:54:56.0240 1184 MountMgr - ok
12:54:56.0291 1184 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:54:56.0294 1184 MozillaMaintenance - ok
12:54:56.0327 1184 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
12:54:56.0330 1184 mpio - ok
12:54:56.0367 1184 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:54:56.0371 1184 mpsdrv - ok
12:54:56.0442 1184 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
12:54:56.0450 1184 MpsSvc - ok
12:54:56.0485 1184 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
12:54:56.0487 1184 Mraid35x - ok
12:54:56.0530 1184 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:54:56.0535 1184 MRxDAV - ok
12:54:56.0562 1184 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:54:56.0565 1184 mrxsmb - ok
12:54:56.0591 1184 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:54:56.0596 1184 mrxsmb10 - ok
12:54:56.0617 1184 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:54:56.0622 1184 mrxsmb20 - ok
12:54:56.0653 1184 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
12:54:56.0655 1184 msahci - ok
12:54:56.0684 1184 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:54:56.0688 1184 msdsm - ok
12:54:56.0720 1184 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
12:54:56.0727 1184 MSDTC - ok
12:54:56.0756 1184 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:54:56.0759 1184 Msfs - ok
12:54:56.0779 1184 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:54:56.0781 1184 msisadrv - ok
12:54:56.0822 1184 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:54:56.0827 1184 MSiSCSI - ok
12:54:56.0838 1184 msiserver - ok
12:54:56.0880 1184 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:54:56.0881 1184 MSKSSRV - ok
12:54:56.0897 1184 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:54:56.0899 1184 MSPCLOCK - ok
12:54:56.0942 1184 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:54:56.0943 1184 MSPQM - ok
12:54:56.0985 1184 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:54:56.0990 1184 MsRPC - ok
12:54:57.0025 1184 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:54:57.0027 1184 mssmbios - ok
12:54:57.0058 1184 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:54:57.0060 1184 MSTEE - ok
12:54:57.0088 1184 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
12:54:57.0091 1184 Mup - ok
12:54:57.0145 1184 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
12:54:57.0167 1184 napagent - ok
12:54:57.0228 1184 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:54:57.0235 1184 NativeWifiP - ok
12:54:57.0327 1184 [ 862F55824AC81295837B0AB63F91071F ] NAVENG C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120421.017\NAVENG.SYS
12:54:57.0329 1184 NAVENG - ok
12:54:57.0395 1184 [ 529D571B551CB9DA44237389B936F1AE ] NAVEX15 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120421.017\NAVEX15.SYS
12:54:57.0411 1184 NAVEX15 - ok
12:54:57.0471 1184 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:54:57.0493 1184 NDIS - ok
12:54:57.0522 1184 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:54:57.0524 1184 NdisTapi - ok
12:54:57.0543 1184 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:54:57.0545 1184 Ndisuio - ok
12:54:57.0601 1184 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:54:57.0605 1184 NdisWan - ok
12:54:57.0632 1184 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:54:57.0636 1184 NDProxy - ok
12:54:57.0657 1184 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:54:57.0659 1184 NetBIOS - ok
12:54:57.0710 1184 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
12:54:57.0716 1184 netbt - ok
12:54:57.0732 1184 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
12:54:57.0735 1184 Netlogon - ok
12:54:57.0768 1184 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
12:54:57.0791 1184 Netman - ok
12:54:57.0811 1184 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
12:54:57.0819 1184 netprofm - ok
12:54:57.0862 1184 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:54:57.0866 1184 NetTcpPortSharing - ok
12:54:57.0924 1184 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:54:57.0926 1184 nfrd960 - ok
12:54:57.0970 1184 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:54:57.0979 1184 NlaSvc - ok
12:54:58.0008 1184 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:54:58.0010 1184 Npfs - ok
12:54:58.0035 1184 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
12:54:58.0040 1184 nsi - ok
12:54:58.0052 1184 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:54:58.0054 1184 nsiproxy - ok
12:54:58.0133 1184 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:54:58.0166 1184 Ntfs - ok
12:54:58.0189 1184 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
12:54:58.0191 1184 ntrigdigi - ok
12:54:58.0208 1184 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
12:54:58.0211 1184 Null - ok
12:54:58.0228 1184 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:54:58.0239 1184 nvraid - ok
12:54:58.0268 1184 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:54:58.0270 1184 nvstor - ok
12:54:58.0300 1184 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:54:58.0304 1184 nv_agp - ok
12:54:58.0311 1184 NwlnkFlt - ok
12:54:58.0320 1184 NwlnkFwd - ok
12:54:58.0423 1184 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:54:58.0433 1184 odserv - ok
12:54:58.0484 1184 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:54:58.0487 1184 ohci1394 - ok
12:54:58.0506 1184 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:54:58.0511 1184 ose - ok
12:54:58.0577 1184 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
12:54:58.0599 1184 p2pimsvc - ok
12:54:58.0633 1184 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
12:54:58.0645 1184 p2psvc - ok
12:54:58.0668 1184 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
12:54:58.0671 1184 Parport - ok
12:54:58.0696 1184 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:54:58.0698 1184 partmgr - ok
12:54:58.0722 1184 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
12:54:58.0724 1184 Parvdm - ok
12:54:58.0765 1184 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
12:54:58.0771 1184 PcaSvc - ok
12:54:58.0815 1184 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
12:54:58.0818 1184 pci - ok
12:54:58.0845 1184 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
12:54:58.0847 1184 pciide - ok
12:54:58.0880 1184 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:54:58.0885 1184 pcmcia - ok
12:54:58.0934 1184 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:54:58.0967 1184 PEAUTH - ok
12:54:59.0039 1184 [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1 ] pinger C:\TOSHIBA\IVP\ISM\pinger.exe
12:54:59.0041 1184 pinger - ok
12:54:59.0093 1184 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
12:54:59.0136 1184 pla - ok
12:54:59.0185 1184 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:54:59.0193 1184 PlugPlay - ok
12:54:59.0226 1184 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
12:54:59.0236 1184 PNRPAutoReg - ok
12:54:59.0270 1184 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
12:54:59.0280 1184 PNRPsvc - ok
12:54:59.0309 1184 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:54:59.0331 1184 PolicyAgent - ok
12:54:59.0353 1184 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:54:59.0357 1184 PptpMiniport - ok
12:54:59.0380 1184 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
12:54:59.0383 1184 Processor - ok
12:54:59.0439 1184 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
12:54:59.0446 1184 ProfSvc - ok
12:54:59.0469 1184 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:54:59.0475 1184 ProtectedStorage - ok
12:54:59.0521 1184 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
12:54:59.0529 1184 ProtexisLicensing - ok
12:54:59.0568 1184 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
12:54:59.0572 1184 PSched - ok
12:54:59.0586 1184 [ F7BB4E7A7C02AB4A2672937E124E306E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
12:54:59.0589 1184 PxHelp20 - ok
12:54:59.0654 1184 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:54:59.0687 1184 ql2300 - ok
12:54:59.0698 1184 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:54:59.0702 1184 ql40xx - ok
12:54:59.0737 1184 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
12:54:59.0748 1184 QWAVE - ok
12:54:59.0772 1184 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:54:59.0775 1184 QWAVEdrv - ok
12:54:59.0798 1184 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:54:59.0800 1184 RasAcd - ok
12:54:59.0821 1184 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
12:54:59.0829 1184 RasAuto - ok
12:54:59.0847 1184 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:54:59.0850 1184 Rasl2tp - ok
12:54:59.0910 1184 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
12:54:59.0922 1184 RasMan - ok
12:54:59.0985 1184 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:54:59.0991 1184 RasPppoe - ok
12:55:00.0043 1184 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:55:00.0046 1184 RasSstp - ok
12:55:00.0107 1184 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:55:00.0112 1184 rdbss - ok
12:55:00.0124 1184 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:55:00.0126 1184 RDPCDD - ok
12:55:00.0158 1184 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
12:55:00.0165 1184 rdpdr - ok
12:55:00.0185 1184 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:55:00.0187 1184 RDPENCDD - ok
12:55:00.0223 1184 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:55:00.0228 1184 RDPWD - ok
12:55:00.0269 1184 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:55:00.0276 1184 RemoteAccess - ok
12:55:00.0323 1184 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:55:00.0331 1184 RemoteRegistry - ok
12:55:00.0358 1184 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
12:55:00.0365 1184 RpcLocator - ok
12:55:00.0403 1184 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
12:55:00.0414 1184 RpcSs - ok
12:55:00.0438 1184 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:55:00.0441 1184 rspndr - ok
12:55:00.0479 1184 [ 8CCA591019216E9523E3CB385CE643E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
12:55:00.0483 1184 RTL8169 - ok
12:55:00.0509 1184 [ 01C64783DB1F40E1E3DF67DD36199B35 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
12:55:00.0512 1184 RTSTOR - ok
12:55:00.0617 1184 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
12:55:00.0624 1184 SamSs - ok
12:55:00.0698 1184 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:55:00.0701 1184 SASDIFSV - ok
12:55:00.0730 1184 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:55:00.0733 1184 SASKUTIL - ok
12:55:00.0748 1184 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:55:00.0751 1184 sbp2port - ok
12:55:00.0803 1184 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:55:00.0812 1184 SCardSvr - ok
12:55:00.0865 1184 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
12:55:00.0876 1184 Schedule - ok
12:55:00.0899 1184 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
12:55:00.0901 1184 SCPolicySvc - ok
12:55:00.0927 1184 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:55:00.0936 1184 SDRSVC - ok
12:55:00.0972 1184 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:55:00.0974 1184 secdrv - ok
12:55:00.0987 1184 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
12:55:00.0995 1184 seclogon - ok
12:55:01.0013 1184 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
12:55:01.0020 1184 SENS - ok
12:55:01.0050 1184 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
12:55:01.0052 1184 Serenum - ok
12:55:01.0080 1184 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
12:55:01.0083 1184 Serial - ok
12:55:01.0114 1184 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:55:01.0116 1184 sermouse - ok
12:55:01.0157 1184 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
12:55:01.0166 1184 SessionEnv - ok
12:55:01.0181 1184 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:55:01.0183 1184 sffdisk - ok
12:55:01.0212 1184 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:55:01.0214 1184 sffp_mmc - ok
12:55:01.0244 1184 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:55:01.0246 1184 sffp_sd - ok
12:55:01.0254 1184 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:55:01.0256 1184 sfloppy - ok
12:55:01.0288 1184 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:55:01.0311 1184 SharedAccess - ok
12:55:01.0349 1184 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:55:01.0360 1184 ShellHWDetection - ok
12:55:01.0400 1184 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
12:55:01.0403 1184 sisagp - ok
12:55:01.0434 1184 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
12:55:01.0439 1184 SiSRaid2 - ok
12:55:01.0474 1184 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:55:01.0481 1184 SiSRaid4 - ok
12:55:01.0635 1184 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
12:55:01.0730 1184 slsvc - ok
12:55:01.0762 1184 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
12:55:01.0770 1184 SLUINotify - ok
12:55:01.0812 1184 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:55:01.0815 1184 Smb - ok
12:55:01.0850 1184 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:55:01.0857 1184 SNMPTRAP - ok
12:55:01.0920 1184 [ CDEA9A0A0E547FEF4C44CCAE35A9B09C ] SPBBCDrv C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
12:55:01.0943 1184 SPBBCDrv - ok
12:55:01.0971 1184 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
12:55:01.0973 1184 spldr - ok
12:55:02.0013 1184 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
12:55:02.0021 1184 Spooler - ok
12:55:02.0050 1184 [ 655773F2F1A3730C6CF20280A49F4EE1 ] SRTSP C:\Windows\system32\Drivers\SRTSP.SYS
12:55:02.0058 1184 SRTSP - ok
12:55:02.0096 1184 [ 2A0AAF370D4C6574A34AE2F4A0709CAE ] SRTSPL C:\Windows\system32\Drivers\SRTSPL.SYS
12:55:02.0104 1184 SRTSPL - ok
12:55:02.0127 1184 [ 3104BDCEACE2D5710776DD05E6A286C1 ] SRTSPX C:\Windows\system32\Drivers\SRTSPX.SYS
12:55:02.0130 1184 SRTSPX - ok
12:55:02.0178 1184 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
12:55:02.0185 1184 srv - ok
12:55:02.0219 1184 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:55:02.0223 1184 srv2 - ok
12:55:02.0247 1184 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:55:02.0251 1184 srvnet - ok
12:55:02.0283 1184 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:55:02.0291 1184 SSDPSRV - ok
12:55:02.0323 1184 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:55:02.0333 1184 SstpSvc - ok
12:55:02.0390 1184 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
12:55:02.0395 1184 ssudmdm - ok
12:55:02.0441 1184 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
12:55:02.0453 1184 stisvc - ok
12:55:02.0472 1184 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:55:02.0474 1184 swenum - ok
12:55:02.0528 1184 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
12:55:02.0551 1184 swprv - ok
12:55:02.0589 1184 [ E1292C1ED4DEB17B8A9B586D22CB2061 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
12:55:02.0590 1184 Swupdtmr - ok
12:55:02.0680 1184 [ FA2F6A8849219B16460BF44F9D1F3AA7 ] Symantec Core LC C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
12:55:02.0693 1184 Symantec Core LC - ok
12:55:02.0708 1184 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
12:55:02.0710 1184 Symc8xx - ok
12:55:02.0739 1184 [ A16D76BAA5D2CBE45C57FA582C1208E5 ] SYMDNS C:\Windows\System32\Drivers\SYMDNS.SYS
12:55:02.0741 1184 SYMDNS - ok
12:55:02.0769 1184 [ 06B95820DF51502099A8A15C93E87986 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
12:55:02.0773 1184 SymEvent - ok
12:55:02.0791 1184 [ C64D200569A18EA6C676266DEE3AC158 ] SYMFW C:\Windows\System32\Drivers\SYMFW.SYS
12:55:02.0796 1184 SYMFW - ok
12:55:02.0816 1184 [ 7764D3D7A3C858F04CED3C1F16410D89 ] SYMIDS C:\Windows\System32\Drivers\SYMIDS.SYS
12:55:02.0819 1184 SYMIDS - ok
12:55:02.0839 1184 [ D193684004658FE4F3F143CA6DD9EF8B ] SYMNDISV C:\Windows\System32\Drivers\SYMNDISV.SYS
12:55:02.0841 1184 SYMNDISV - ok
12:55:02.0870 1184 [ 829830A3CA1C5E329D68E26C9CD2DE8D ] SYMREDRV C:\Windows\System32\Drivers\SYMREDRV.SYS
12:55:02.0871 1184 SYMREDRV - ok
12:55:02.0885 1184 [ B1AA9704124B494C34E8D372E6654196 ] SYMTDI C:\Windows\System32\Drivers\SYMTDI.SYS
12:55:02.0890 1184 SYMTDI - ok
12:55:02.0908 1184 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
12:55:02.0910 1184 Sym_hi - ok
12:55:02.0921 1184 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
12:55:02.0923 1184 Sym_u3 - ok
12:55:02.0969 1184 [ 55F6E55CC2430CA8713387106FA79817 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
12:55:02.0974 1184 SynTP - ok
12:55:03.0037 1184 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
12:55:03.0059 1184 SysMain - ok
12:55:03.0090 1184 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:55:03.0099 1184 TabletInputService - ok
12:55:03.0153 1184 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:55:03.0165 1184 TapiSrv - ok
12:55:03.0180 1184 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
12:55:03.0188 1184 TBS - ok
12:55:03.0245 1184 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:55:03.0278 1184 Tcpip - ok
12:55:03.0311 1184 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
12:55:03.0321 1184 Tcpip6 - ok
12:55:03.0357 1184 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:55:03.0359 1184 tcpipreg - ok
12:55:03.0382 1184 [ 1825BCEB47BF41C5A9F0E44DE82FC27A ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
12:55:03.0385 1184 tdcmdpst - ok
12:55:03.0424 1184 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:55:03.0426 1184 TDPIPE - ok
12:55:03.0461 1184 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:55:03.0463 1184 TDTCP - ok
12:55:03.0509 1184 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:55:03.0512 1184 tdx - ok
12:55:03.0528 1184 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:55:03.0531 1184 TermDD - ok
12:55:03.0556 1184 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
12:55:03.0579 1184 TermService - ok
12:55:03.0605 1184 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
12:55:03.0615 1184 Themes - ok
12:55:03.0625 1184 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
12:55:03.0630 1184 THREADORDER - ok
12:55:03.0691 1184 [ E47F35A87FF0DA38DEF37A0EB0C2D2DF ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
12:55:03.0694 1184 TNaviSrv - ok
12:55:03.0730 1184 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe
12:55:03.0738 1184 TODDSrv - ok
12:55:03.0780 1184 [ DA6903958CBDC091FFCBBCA70CCFF34C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
12:55:03.0786 1184 TosCoSrv - ok
12:55:03.0809 1184 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
12:55:03.0812 1184 TOSHIBA SMART Log Service - ok
12:55:03.0855 1184 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys
12:55:03.0862 1184 tos_sps32 - ok
12:55:03.0896 1184 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
12:55:03.0904 1184 TrkWks - ok
12:55:03.0972 1184 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:55:03.0974 1184 TrustedInstaller - ok
12:55:04.0015 1184 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:55:04.0017 1184 tssecsrv - ok
12:55:04.0043 1184 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
12:55:04.0045 1184 tunmp - ok
12:55:04.0069 1184 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:55:04.0072 1184 tunnel - ok
12:55:04.0095 1184 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
12:55:04.0097 1184 TVALZ - ok
12:55:04.0122 1184 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:55:04.0125 1184 uagp35 - ok
12:55:04.0170 1184 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:55:04.0176 1184 udfs - ok
12:55:04.0220 1184 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:55:04.0228 1184 UI0Detect - ok
12:55:04.0303 1184 [ 332D341D92B933600D41953B08360DFB ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
12:55:04.0305 1184 UleadBurningHelper - ok
12:55:04.0330 1184 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:55:04.0333 1184 uliagpkx - ok
12:55:04.0352 1184 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
12:55:04.0359 1184 uliahci - ok
12:55:04.0368 1184 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
12:55:04.0374 1184 UlSata - ok
12:55:04.0395 1184 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
12:55:04.0399 1184 ulsata2 - ok
12:55:04.0424 1184 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:55:04.0426 1184 umbus - ok
12:55:04.0455 1184 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
12:55:04.0468 1184 upnphost - ok
12:55:04.0498 1184 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:55:04.0501 1184 usbccgp - ok
12:55:04.0525 1184 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:55:04.0528 1184 usbcir - ok
12:55:04.0572 1184 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:55:04.0574 1184 usbehci - ok
12:55:04.0592 1184 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:55:04.0598 1184 usbhub - ok
12:55:04.0621 1184 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
12:55:04.0623 1184 usbohci - ok
12:55:04.0645 1184 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
12:55:04.0647 1184 usbprint - ok
12:55:04.0668 1184 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:55:04.0672 1184 USBSTOR - ok
12:55:04.0685 1184 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
12:55:04.0687 1184 usbuhci - ok
12:55:04.0717 1184 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:55:04.0721 1184 usbvideo - ok
12:55:04.0766 1184 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
12:55:04.0774 1184 UxSms - ok
12:55:04.0829 1184 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
12:55:04.0851 1184 vds - ok
12:55:04.0873 1184 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:55:04.0876 1184 vga - ok
12:55:04.0901 1184 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
12:55:04.0903 1184 VgaSave - ok
12:55:04.0935 1184 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
12:55:04.0938 1184 viaagp - ok
12:55:04.0963 1184 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
12:55:04.0965 1184 ViaC7 - ok
12:55:04.0977 1184 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
12:55:04.0979 1184 viaide - ok
12:55:05.0001 1184 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:55:05.0004 1184 volmgr - ok
12:55:05.0053 1184 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:55:05.0060 1184 volmgrx - ok
12:55:05.0091 1184 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:55:05.0097 1184 volsnap - ok
12:55:05.0131 1184 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:55:05.0135 1184 vsmraid - ok
12:55:05.0188 1184 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
12:55:05.0232 1184 VSS - ok
12:55:05.0262 1184 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
12:55:05.0285 1184 W32Time - ok
12:55:05.0308 1184 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:55:05.0310 1184 WacomPen - ok
12:55:05.0326 1184 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
12:55:05.0329 1184 Wanarp - ok
12:55:05.0335 1184 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:55:05.0338 1184 Wanarpv6 - ok
12:55:05.0400 1184 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:55:05.0423 1184 wcncsvc - ok
12:55:05.0453 1184 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:55:05.0462 1184 WcsPlugInService - ok
12:55:05.0470 1184 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
12:55:05.0473 1184 Wd - ok
12:55:05.0503 1184 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:55:05.0524 1184 Wdf01000 - ok
12:55:05.0542 1184 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:55:05.0550 1184 WdiServiceHost - ok
12:55:05.0556 1184 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:55:05.0563 1184 WdiSystemHost - ok
12:55:05.0610 1184 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
12:55:05.0620 1184 WebClient - ok
12:55:05.0736 1184 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:55:05.0746 1184 Wecsvc - ok
12:55:05.0787 1184 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:55:05.0819 1184 wercplsupport - ok
12:55:05.0889 1184 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
12:55:05.0906 1184 WerSvc - ok
12:55:05.0966 1184 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
12:55:05.0972 1184 WinDefend - ok
12:55:05.0981 1184 WinHttpAutoProxySvc - ok
12:55:06.0037 1184 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:55:06.0043 1184 Winmgmt - ok
12:55:06.0107 1184 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
12:55:06.0151 1184 WinRM - ok
12:55:06.0206 1184 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
12:55:06.0229 1184 Wlansvc - ok
12:55:06.0256 1184 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:55:06.0258 1184 WmiAcpi - ok
12:55:06.0321 1184 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:55:06.0325 1184 wmiApSrv - ok
12:55:06.0418 1184 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
12:55:06.0426 1184 WMPNetworkSvc - ok
12:55:06.0451 1184 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:55:06.0461 1184 WPCSvc - ok
12:55:06.0497 1184 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:55:06.0506 1184 WPDBusEnum - ok
12:55:06.0543 1184 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
12:55:06.0545 1184 WpdUsb - ok
12:55:06.0649 1184 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:55:06.0657 1184 WPFFontCache_v0400 - ok
12:55:06.0679 1184 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:55:06.0681 1184 ws2ifsl - ok
12:55:06.0724 1184 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
12:55:06.0733 1184 wscsvc - ok
12:55:06.0740 1184 WSearch - ok
12:55:06.0850 1184 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
12:55:06.0916 1184 wuauserv - ok
12:55:06.0949 1184 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:55:06.0952 1184 WUDFRd - ok
12:55:06.0986 1184 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:55:06.0995 1184 wudfsvc - ok
12:55:07.0010 1184 ================ Scan global ===============================
12:55:07.0045 1184 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:55:07.0084 1184 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:55:07.0132 1184 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:55:07.0195 1184 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:55:07.0204 1184 [Global] - ok
12:55:07.0205 1184 ================ Scan MBR ==================================
12:55:07.0216 1184 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
12:55:07.0714 1184 \Device\Harddisk0\DR0 - ok
12:55:07.0715 1184 ================ Scan VBR ==================================
12:55:07.0719 1184 [ 8349E95A05F08F056040C20AAEB38ADA ] \Device\Harddisk0\DR0\Partition1
12:55:07.0721 1184 \Device\Harddisk0\DR0\Partition1 - ok
12:55:07.0723 1184 ============================================================
12:55:07.0723 1184 Scan finished
12:55:07.0723 1184 ============================================================
12:55:07.0741 4516 Detected object count: 0
12:55:07.0741 4516 Actual detected object count: 0


ASWMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-20 12:58:23
-----------------------------
12:58:23.932 OS Version: Windows 6.0.6002 Service Pack 2
12:58:23.932 Number of processors: 2 586 0x6802
12:58:23.934 ComputerName: MONICA-PC UserName: Monica
12:58:30.414 Initialize success
12:58:30.560 AVAST engine defs: 12082000
12:58:46.786 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:58:46.795 Disk 0 Vendor: FUJITSU_MHZ2250BH_G1 00400209 Size: 238475MB BusType: 3
12:58:46.820 Disk 0 MBR read successfully
12:58:46.828 Disk 0 MBR scan
12:58:46.839 Disk 0 Windows VISTA default MBR code
12:58:46.856 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
12:58:46.871 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 236974 MB offset 3074048
12:58:46.890 Disk 0 scanning sectors +488396800
12:58:46.950 Disk 0 scanning C:\Windows\system32\drivers
12:58:55.959 Service scanning
12:59:18.706 Modules scanning
12:59:25.260 Disk 0 trace - called modules:
12:59:25.307 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:59:25.315 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8536e590]
12:59:25.322 3 CLASSPNP.SYS[82b168b3] -> nt!IofCallDriver -> [0x85358898]
12:59:25.330 5 acpi.sys[806136bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85356030]
12:59:26.534 AVAST engine scan C:\Windows
12:59:30.330 AVAST engine scan C:\Windows\system32
13:02:31.352 AVAST engine scan C:\Windows\system32\drivers
13:02:44.026 AVAST engine scan C:\Users\Monica
13:04:59.281 Disk 0 MBR has been saved successfully to "C:\Users\Monica\Desktop\MBR.dat"
13:04:59.291 The log file has been saved successfully to "C:\Users\Monica\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 21 August 2012 - 01:27 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 NerdyNurse

NerdyNurse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 21 August 2012 - 06:53 PM

Okay followed your directions. Combofix ran fine and produced a log, but now I cannot access any programs. I can't use Internet explorer, firefox, nor can I access the Combofix log or any other notepad file. I get error message "Illegal operation attempted on a registry key that has been marked for deletion".

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 21 August 2012 - 07:22 PM

please read all my instructions and restart the computer and then send me the report



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 NerdyNurse

NerdyNurse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 21 August 2012 - 07:31 PM

Sorry about that. I realized it after I posted. Only problem that I am still having is installing the windows update.
Here is the report:

ComboFix

ComboFix 12-08-21.02 - Monica 08/21/2012 15:28:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2941.1838 [GMT -7:00]
Running from: c:\users\Monica\Desktop\ComboFix.exe
Command switches used :: c:\users\Monica\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Monica\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 22:39 . 2012-08-21 22:42 -------- d-----w- c:\users\Monica\AppData\Local\temp
2012-08-13 22:51 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-13 22:51 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-13 22:51 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-13 22:51 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-13 22:51 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-13 22:50 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-13 22:49 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-13 22:49 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-13 22:49 . 2012-08-13 22:49 -------- d-----w- c:\programdata\AVAST Software
2012-08-13 22:49 . 2012-08-13 22:49 -------- d-----w- c:\program files\AVAST Software
2012-08-12 01:34 . 2012-08-12 01:34 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-12 01:22 . 2012-08-12 01:22 -------- d-----w- c:\users\Monica\AppData\Roaming\AVPro
2012-08-12 01:00 . 2012-08-12 01:00 -------- d-----w- c:\users\Monica\AppData\Roaming\PC Cleaners
2012-08-12 01:00 . 2012-08-12 01:00 582992 ----a-w- c:\windows\system32\sbap.dll
2012-08-12 01:00 . 2012-08-12 01:00 415056 ----a-w- c:\windows\system32\SpursDownload.dll
2012-08-12 01:00 . 2012-08-12 01:00 1332560 ----a-w- c:\windows\system32\sbte.dll
2012-08-12 01:00 . 2012-08-12 01:00 308560 ----a-w- c:\windows\system32\vipre.dll
2012-08-12 01:00 . 2012-08-12 01:00 160768 ----a-w- c:\windows\system32\unrar.dll
2012-08-12 01:00 . 2012-08-12 01:00 -------- d-----w- c:\programdata\AVC1Data
2012-08-12 01:00 . 2012-08-12 01:00 -------- d-----w- c:\users\Monica\AppData\Roaming\PCPro
2012-08-12 01:00 . 2012-08-12 01:00 -------- d-----w- c:\programdata\PC1Data
2012-08-11 23:55 . 2012-08-11 23:55 -------- d-----w- c:\users\Monica\AppData\Roaming\SUPERAntiSpyware.com
2012-08-11 23:55 . 2012-08-11 23:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-11 23:55 . 2012-08-11 23:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-11 23:54 . 2012-08-11 23:40 19113832 ----a-w- C:\SAS_080431.EXE
2012-08-11 23:12 . 2012-08-11 23:12 -------- d-----w- c:\programdata\PC Tools
2012-08-11 23:12 . 2012-08-11 23:12 -------- d-----w- c:\users\Monica\AppData\Roaming\TestApp
2012-08-11 21:51 . 2012-08-12 01:34 -------- d-----w- c:\programdata\HitmanPro
2012-08-11 07:43 . 2012-08-11 07:32 1205 ----a-w- C:\registryfix.reg
2012-08-11 06:24 . 2012-08-11 06:16 883616 ----a-w- c:\program files\FixExec.exe
2012-08-11 05:40 . 2012-08-11 23:55 -------- d-----w- c:\programdata\036E192F02E0BBAFDED8220F2F3B707C
2012-08-11 05:40 . 2012-08-11 05:40 -------- d-----w- c:\users\Monica\AppData\Local\{0F157248-E377-11E1-8270-B8AC6F996F26}
2012-08-10 20:42 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B89ECEAA-1310-4946-9B13-FC6D9B93C204}\mpengine.dll
2012-07-29 01:02 . 2012-07-29 01:02 -------- d-----w- c:\users\Monica\FrostWire
2012-07-29 01:02 . 2012-07-29 01:02 -------- d-----w- c:\users\Monica\.frostwire5
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 04:32 . 2012-06-26 22:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 04:32 . 2012-02-21 19:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 05:29 . 2012-07-06 05:29 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-06 05:29 . 2012-07-06 05:29 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-06 05:29 . 2012-07-06 05:29 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-06 05:29 . 2012-07-06 05:29 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-07-06 05:29 . 2012-07-06 05:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-06 05:29 . 2012-07-06 05:29 161792 ----a-w- c:\windows\system32\msls31.dll
2012-07-06 05:29 . 2012-07-06 05:29 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-07-06 05:29 . 2012-07-06 05:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-07-06 05:29 . 2012-07-06 05:29 367104 ----a-w- c:\windows\system32\html.iec
2012-07-06 05:29 . 2012-07-06 05:29 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-06 05:29 . 2012-07-06 05:29 152064 ----a-w- c:\windows\system32\wextract.exe
2012-07-06 05:29 . 2012-07-06 05:29 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-07-06 05:29 . 2012-07-06 05:29 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-07-06 05:29 . 2012-07-06 05:29 11776 ----a-w- c:\windows\system32\mshta.exe
2012-07-06 05:29 . 2012-07-06 05:29 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-06 05:29 . 2012-07-06 05:29 101888 ----a-w- c:\windows\system32\admparse.dll
2012-07-06 05:28 . 2012-07-06 05:28 98816 ----a-w- c:\windows\system32\mfps.dll
2012-07-06 05:28 . 2012-07-06 05:28 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2012-07-06 05:28 . 2012-07-06 05:28 586240 ----a-w- c:\windows\system32\stobject.dll
2012-07-06 05:28 . 2012-07-06 05:28 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2012-07-06 05:28 . 2012-07-06 05:28 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2012-07-06 05:28 . 2012-07-06 05:28 2873344 ----a-w- c:\windows\system32\mf.dll
2012-07-06 05:28 . 2012-07-06 05:28 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-07-06 05:28 . 2012-07-06 05:28 209920 ----a-w- c:\windows\system32\mfplat.dll
2012-07-06 05:28 . 2012-07-06 05:28 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-07-06 05:28 . 2012-07-06 05:28 847360 ----a-w- c:\windows\system32\OpcServices.dll
2012-07-06 05:28 . 2012-07-06 05:28 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-07-06 05:28 . 2012-07-06 05:28 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2012-07-06 05:28 . 2012-07-06 05:28 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2012-07-06 05:28 . 2012-07-06 05:28 478720 ----a-w- c:\windows\system32\dxgi.dll
2012-07-06 05:28 . 2012-07-06 05:28 37376 ----a-w- c:\windows\system32\cdd.dll
2012-07-06 05:28 . 2012-07-06 05:28 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-07-06 05:28 . 2012-07-06 05:28 258048 ----a-w- c:\windows\system32\winspool.drv
2012-07-06 05:28 . 2012-07-06 05:28 189952 ----a-w- c:\windows\system32\d3d10core.dll
2012-07-06 05:28 . 2012-07-06 05:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2012-07-06 05:28 . 2012-07-06 05:28 1029120 ----a-w- c:\windows\system32\d3d10.dll
2012-07-06 05:28 . 2012-07-06 05:28 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-06 05:28 . 2012-07-06 05:28 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-06 05:28 . 2012-07-06 05:28 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-06 05:28 . 2012-07-06 05:28 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-06 05:28 . 2012-07-06 05:28 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-06 05:28 . 2012-07-06 05:28 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-06 05:28 . 2012-07-06 05:28 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-06 05:28 . 2012-07-06 05:28 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-03 20:46 . 2012-05-29 02:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 23:03 . 2012-07-21 04:56 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-06-26 23:02 . 2012-06-26 23:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-06-26 23:02 . 2012-06-26 23:02 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 23:02 . 2012-06-26 23:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-06-26 23:02 . 2012-06-26 23:02 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-06-26 23:02 . 2012-06-26 23:02 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-06-26 23:02 . 2012-06-26 23:02 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-06-26 23:02 . 2012-06-26 23:02 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-06-26 23:02 . 2012-06-26 23:02 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-06-26 23:02 . 2012-06-26 23:02 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-06-26 23:02 . 2012-06-26 23:02 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-06-26 23:02 . 2012-06-26 23:02 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-06-26 23:02 . 2012-06-26 23:02 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-06-26 23:02 . 2012-06-26 23:02 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-06-26 23:02 . 2012-06-26 23:02 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-06-26 23:02 . 2012-06-26 23:02 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-06-26 23:02 . 2012-06-26 23:02 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-06-26 23:02 . 2012-06-26 23:02 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-06-26 23:02 . 2012-06-26 23:02 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-06-26 23:02 . 2012-06-26 23:02 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-06-26 23:02 . 2012-06-26 23:02 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-06-26 23:02 . 2012-06-26 23:02 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-06-26 23:02 . 2012-06-26 23:02 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-06-26 23:02 . 2012-06-26 23:02 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-06-26 23:02 . 2012-07-21 04:55 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-06-26 23:02 . 2012-07-21 04:55 319456 ----a-w- c:\windows\system32\DIFxAPI.dll
2012-06-26 23:02 . 2012-07-21 04:55 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2012-06-13 13:40 . 2012-07-12 12:10 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 12:05 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 12:05 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 12:05 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-04 07:59 . 2012-07-21 05:00 80824 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-04 07:59 . 2012-07-21 05:00 181432 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-02 22:19 . 2012-07-04 23:32 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-07-04 23:33 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-07-04 23:33 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-07-04 23:33 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-07-04 23:33 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-07-04 23:33 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-07-04 23:33 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-07-04 23:32 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-07-04 23:33 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 08:33 . 2012-07-12 12:04 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 12:04 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 12:04 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 12:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 12:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-11 12:05 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-20 01:43 . 2012-06-12 19:36 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-20_06.45.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2012-08-21 22:42 51952 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-08-21 22:42 75684 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2012-02-21 04:55 . 2012-08-21 22:42 10396 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2814727818-1069787717-128289730-1000_UserData.bin
+ 2012-02-21 04:51 . 2012-08-21 22:43 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-21 04:51 . 2012-08-20 03:10 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-21 04:51 . 2012-08-21 22:43 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-21 04:51 . 2012-08-21 22:43 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-02-21 04:51 . 2012-08-20 03:10 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-19 15:49 . 2012-08-19 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-21 22:40 . 2012-08-21 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-19 15:49 . 2012-08-19 15:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-21 22:40 . 2012-08-21 22:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-21 19:00 . 2012-08-21 21:28 238900 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2012-07-21 05:48 . 2012-08-19 05:07 396524 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2012-07-21 05:48 . 2012-08-21 22:39 396524 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-System.dat
+ 2012-07-21 05:48 . 2012-08-21 22:39 396524 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-2814727818-1069787717-128289730-1000-8192.dat
- 2012-07-21 05:48 . 2012-08-19 05:07 396524 c:\windows\ServiceProfiles\LocalService\AppData\Local\WPFFontCache_v0400-S-1-5-21-2814727818-1069787717-128289730-1000-8192.dat
- 2012-07-12 05:49 . 2012-08-19 05:07 234768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-12 05:49 . 2012-08-21 22:39 234768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-07-08 05:47 . 2012-08-19 05:07 382700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-08 05:47 . 2012-08-21 22:39 382700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-30 07:38 . 2012-08-20 08:26 623348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2814727818-1069787717-128289730-1000-12288.dat
- 2012-07-30 07:38 . 2012-08-14 07:26 623348 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2814727818-1069787717-128289730-1000-12288.dat
+ 2012-07-08 05:47 . 2012-08-21 22:39 3303340 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2814727818-1069787717-128289730-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-21 39408]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-16 975800]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-18 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"NDSTray.exe"="NDSTray.exe" [BU]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-13 1862144]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 04:32]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 05:24]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-21 05:24]
.
2012-08-11 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c833c86d-369e-429c-8d77-614f345ee5a3.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Monica\AppData\Roaming\Mozilla\Firefox\Profiles\a4jciv1i.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-21 15:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????#&W?????h?????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\windows\system32\PSIService.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2012-08-21 16:33:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-21 23:33
ComboFix2.txt 2012-08-20 07:33
.
Pre-Run: 178,055,925,760 bytes free
Post-Run: 177,926,078,464 bytes free
.
- - End Of File - - 8897A16C1FA20A2E308E0F3D71054F4B

Edited by NerdyNurse, 21 August 2012 - 07:31 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 21 August 2012 - 07:54 PM

greetings

I have uploaded a file and I want you to download it and run it and if asked to merge please allow




gringo

Attached Files


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 NerdyNurse

NerdyNurse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 21 August 2012 - 09:18 PM

Ok downloaded and ran the file. Tried windows update and it worked. Are the logs looking ok, and is there anything else that I should do?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 22 August 2012 - 06:37 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.0
Java™ 6 Update 3
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 NerdyNurse

NerdyNurse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 23 August 2012 - 02:06 AM

Hello, I completed all the steps, and had no problems at all. Computer is running much faster now.

MalwareBytes

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Monica :: MONICA-PC [administrator]

8/22/2012 11:31:03 PM
mbam-log-2012-08-22 (23-31-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192007
Time elapsed: 8 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:43:26 PM, on 8/22/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Monica\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10069 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:51 AM

Posted 23 August 2012 - 07:10 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe -update plugin
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 NerdyNurse

NerdyNurse
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:11:51 PM

Posted 23 August 2012 - 11:24 PM

Glad to hear the logs are looking better. The scan did find a threat.

C:\Users\Monica\AppData\Local\{0F157248-E377-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users