Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP!! UNINVITED GUESTS: Lune.Sirefef.A,Trojan horse Patched_C.LYU, Trojan horse Generic_r,Trojan horse Back Door Generic15.BIVI & 15.BIXF


  • This topic is locked This topic is locked
13 replies to this topic

#1 davis.dirt

davis.dirt

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 25 August 2012 - 04:49 AM

I used to think that I knew quite a bit about how to properly maintain a healthy computer. But that was until my laptop became infested with these trojans and whatever else they are. It started out with a couple notifications from my AVG and this was not out of the ordinary. My internet started acting up and booting me offline every 30 minutes or so. Then the websites that I was trying to look at were "redirected" to http://bts.scour.com/index.html?3. I thought I'd be smart and block bts.scour.com in my Internet Options but it simply chose another route. So I blocked that site. Then it sent in another reroute site. These sites remind me of popups or those annoying "scan your computer for faster service" sites. Y'know the ones that would entice you to scan your computer and make you believe there was something wrong with your computer, but there wasn't.(that is until you scanned with their program and it would take control of your computer at the worst of times.) The Trojan Horse Back Door Generic 15 made its entrance right after the "bt.scour" did. AVG 's only option was to ignore it, but I still wasnt worried.

Everytime I blocked at redirect, the more intense the attack on my computer became. I gradually lost control of my computer. When I thought I should check Windows firewall, it was to late for any security measures. It was turned off and when I tried to turn it back on, it would give me an error(0x8000ffff). It wouldnt let me run Windows Defender neither or turn anything on that could help me remove or heal my computer. I kept trying with AVG but it just kept filling up my Virus Vault with clones of the 5 virus/malwares. It could clean up or heal some of the clones but the "parent" clones always remained. They were all located in c:\\Windows\System32|services.exe. or in the vicinity of. I was kinda worried, but always up for a challenge.

When I'd request "more info" from AVG, they would send me to their ENCYCLOPEDIA OF THREATS. Most of my trojans could not even be found. So I Googled them. I was amazed at how many other people were infected with the same trojans and had the same symptoms as myself!! I seen a couple links that implied they could help with the removal of this malware. I had done this a few other times. It was extensive, but worth saving my computer. I found an article regarding Lune.Sirefef.A. and its removal. I followed the instructions. It wanted me to open task manager and locate the "random.exe" process and end it. Then I was to find a couple registry files and .exes and simply delete them. Pretty easy, right?? WRONG!! I found the "random.exe" and killed the process. I started to hunt down the first bad registry file and my computer said it was and I quote, "shut down 1 minute. Save all work." WTF!!!

When it came back on, I thought I'd try again... but I couldn't find the "random.exe" and havent found it since. I seen a couple removal tools instead. But it wouldnt allow me to download anything and was giving me the same error messages as my firewall and w defender. I give up. I have gotten all my docs and pics etc off of my laptop. I tried running system restore and it almost crashed my laptop completely. I thought I was going to have to install windows again. I played with the recovery tools a little and managed to get it to reboot under the last successful configuration. I system restored again and it was successful. Thought and prayed it was over, but nope. The entire time I have been writing this, I can hear the little notification tones from AVG. I am able to remove alot of the bad objects but AVG has found 21 instances of The trojan horse Patched_CLYU and is unable to remove them. It says that it is white listed because it has infected a critical/system file that should not be removed. 2 clones of Patched has invaded a non-local location of my computer. *SIGH* The trojans are reproducing in my files and there aint much I can do. I'd like to spare my laptop, if possible.

Here are the reports you requested. Bless your hearts.

Sincerely,
CD
________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
DDS.txt log
DDS.txt log.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Crystal at 0:06:50 on 2012-08-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.617 [GMT -6:00]
.
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskmgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\12.2.0\ScriptHelper.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\notepad.exe
C:\Users\Crystal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T6L7LGAK\Defogger[1].exe
C:\windows\system32\conhost.exe
C:\windows\system32\DllHost.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
"C:\windows\System32\svchost.exe" -k LocalServiceDns
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.7.0.30\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.7.0.30\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Easy-Hide-IP] c:\program files\easy-hide-ip\easy-hide-ip.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: c:\users\crystal\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\crystal\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\crystal\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
LSP: c:\windows\system32\EasyRedirect.dll
LSP: mswsock.dll
Trusted Zone: cnet.com\download
Trusted Zone: stealthgenie.com\www
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://www.blm.gov/wispermits/wis/SP/capicom.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{A30A03F8-63A2-409B-8B77-6FD065C812FF} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.7.0.30\CoIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.0\ViProtocol.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-7-28 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-7-28 12464]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-12 27496]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-5-19 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.7.0.30\ccSvcHst.exe [2009-8-27 117640]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.0\ToolbarUpdater.exe [2012-8-12 927840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-5-19 167936]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2012-5-19 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-3 111960]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S2 EasyRedirect;EasyRedirect;c:\program files\easy-hide-ip\rdr\easyredirect.exe --> c:\program files\easy-hide-ip\rdr\EasyRedirect.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-20 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-3 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-20 136176]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-5-19 171520]
.
=============== Created Last 30 ================
.
2012-08-25 04:23:24 9232584 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-23 09:46:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 10:23:40 -------- d-----w- c:\windows\system32\BestPractices
2012-08-13 10:23:13 -------- d-----w- C:\inetpub
2012-08-13 05:37:31 -------- d-----w- c:\users\crystal\appdata\roaming\AVG2012
2012-08-13 05:34:26 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-13 05:34:20 -------- d-----w- c:\program files\AVG Secure Search
2012-08-13 05:32:43 -------- d--h--w- C:\$AVG
2012-08-13 05:32:42 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-13 05:32:42 -------- d-----w- c:\programdata\AVG2012
2012-08-13 05:30:35 -------- d-----w- c:\program files\AVG
2012-08-13 05:23:25 -------- d-----w- c:\programdata\MFAData
2012-08-04 03:52:32 -------- d-----w- c:\programdata\vsosdk
2012-08-03 21:37:00 364360 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-08-03 21:36:52 -------- d-----w- c:\program files\Easy-Hide-IP
2012-08-02 08:53:55 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-02 08:53:54 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-02 08:53:54 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-02 08:53:54 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-02 08:52:07 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-08-02 08:51:40 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-02 08:51:39 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-02 08:51:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-08-02 06:23:37 -------- d-----w- c:\programdata\xml_param
2012-08-02 04:57:06 -------- d-----w- c:\users\crystal\appdata\roaming\Wondershare Video Converter Ultimate
2012-08-02 04:56:36 -------- d-----w- c:\users\crystal\appdata\local\Wondershare
2012-08-02 04:56:35 -------- d-----w- c:\program files\common files\Wondershare
2012-08-02 04:56:15 496640 ----a-w- c:\windows\system32\xvid.ax
2012-08-02 04:56:14 892928 ----a-w- c:\windows\system32\iconv.dll
2012-08-02 04:56:14 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-08-02 04:56:07 -------- d-----w- c:\program files\Wondershare
2012-08-02 02:53:16 -------- d-----w- c:\users\crystal\appdata\roaming\C__Users_Crystal_Downloads_Hide IP Easy v5.1.6.6 + Crack { LAtest 2012 Version } Mr.Perfect_Crack_HideIPEasy.exe
2012-08-02 02:53:16 -------- d-----w- c:\programdata\C__Users_Crystal_Downloads_Hide IP Easy v5.1.6.6 + Crack { LAtest 2012 Version } Mr.Perfect_Crack_HideIPEasy.exe
2012-07-29 08:35:18 -------- d-----w- c:\users\crystal\Podcasts
2012-07-29 08:21:53 -------- d-----w- c:\users\crystal\appdata\local\Sony
2012-07-29 08:21:44 -------- d-----w- c:\program files\common files\Sony Shared
2012-07-29 08:19:01 -------- d-----w- c:\programdata\Sony Corporation
2012-07-29 08:19:01 -------- d-----w- c:\program files\Sony
2012-07-29 08:15:09 -------- d-----w- c:\program files\Sony Media Go Install
2012-07-29 06:28:14 -------- d-----w- c:\users\crystal\appdata\local\Nero
2012-07-29 06:28:12 -------- d-----w- c:\users\crystal\appdata\roaming\NeroDigital
2012-07-29 06:19:45 -------- d-----w- c:\users\crystal\appdata\local\Nero_AG
2012-07-29 05:56:46 -------- d-----w- c:\programdata\Nero
2012-07-29 05:45:16 -------- d-----w- c:\users\crystal\appdata\roaming\HideIPEasy
2012-07-29 05:45:16 -------- d-----w- c:\programdata\HideIPEasy
2012-07-29 05:15:08 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-07-29 05:15:01 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-07-29 05:15:00 -------- d-----w- c:\program files\Nero
2012-07-29 05:14:39 -------- d-----w- c:\users\crystal\appdata\local\AskToolbar
2012-07-29 05:14:25 -------- d-----w- c:\program files\Ask.com
2012-07-29 05:14:25 -------- d-----w- C:\Firefox
2012-07-29 05:11:08 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-29 05:11:08 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-29 05:11:08 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-07-29 05:11:08 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-29 05:11:08 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-29 05:08:46 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-07-29 05:08:46 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-07-29 05:08:46 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-07-29 05:08:45 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-07-29 05:08:45 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-29 05:07:37 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-07-29 05:06:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-07-29 05:05:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
.
==================== Find3M ====================
.
2012-08-25 04:23:29 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 04:23:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-13 08:34:54 564972385 ----a-w- c:\windows\system32\d3dcache.dll
2012-08-03 22:15:18 87608 ----a-w- c:\users\crystal\appdata\roaming\inst.exe
2012-08-03 22:15:18 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-08-03 22:15:18 47360 ----a-w- c:\users\crystal\appdata\roaming\pcouffin.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-30 08:57:19 32 ----a-w- c:\windows\system32\ieuicom.dat.dll
.
============= FINISH: 0:07:46.39 ===============

________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

Attached Files


Edited by davis.dirt, 25 August 2012 - 05:34 AM.


BC AdBot (Login to Remove)

 


m

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 25 August 2012 - 06:25 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 davis.dirt

davis.dirt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 25 August 2012 - 05:57 PM

Excuse me mr. gringo_pr...are you responding to MY case in particular?? This is the first forum I have ever joined. Stupid question, I know but I wanna confirm before I make changes to my computer.



:crazy:

Thanks,
CD

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 25 August 2012 - 06:05 PM

Hello CD

everything I post in this topic is all for you
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 davis.dirt

davis.dirt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 25 August 2012 - 06:37 PM

:thumbup2: After reviewing other members' posts/issues, I think you ARE assigned to me. :thumbup2:

Okay. So I ran the Security Check as instructed. I double clicked it and the program started but the box remained black and inactive. I shut it down and right clicked to run as administator and it worked. Here are my results:

Results of screen317's Security Check version 0.99.46
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 14
Java version out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Google Chrome 21.0.1180.75
Google Chrome 21.0.1180.83
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````




My computer seems to be running slower and rejecting new commands. For example, I wanted to save a copy of your post on the notepad and it would not save as a *.txt on my desktop or zip drive. I had to change the type of .txt to Unicode. I hope it saved right so i can view it when i want. I already mentioned that the internet would not let me download anything off the internet. This was PRIOR to my system restore when I was trying to save a removal tool. Maybe it knew I was gonna try to zap that ass. Anyhoo.

QUESTION: I keep getting script error messages. I can recall reading something about blocking scripts somewhere in this forum. I am not supposed to utilize script-blockers. I don't think I am so hopefully there are none running. Do I say yes or no to running scripts on the page when this happens???

Alright. I'm off to do the next step in your instructions. Thank you Gringo_PR. You are too sweet.

CD

#6 davis.dirt

davis.dirt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 25 August 2012 - 08:38 PM

OK, so I ran ComboFix. I disabled AVG 2012, Ive never even installed the prepacked Norton, and Windows firewall or Defender don't even make an appearance anymore. The first time I ran it it did a short little quick scan... but never presented a log. So I ran it again and something forced my computer to reboot. This scared me because I have not turned off my computer since the incident with the first attempt w system restore. YAY!! But it came right back on. ComboFix warned me that there was some antivirus running, but AVG was off and so was Windows. It was stupid Norton(I hate that guy) but it was just the request to install. nope. Shut that off real quick.

As for now, my computer ran fine. I had no problems saving the report to my zip drive. I will get on my laptop tonight to see how she is.

Thank you Gringo. :heart:

Here is the ComboFix Report:

ComboFix 12-08-25.04 - Crystal 08/25/2012 18:06:59.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1087 [GMT -6:00]
Running from: c:\users\Crystal\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{cd772052-6cc0-b542-e5ae-c01bb26bf63a}\@
c:\windows\Installer\{cd772052-6cc0-b542-e5ae-c01bb26bf63a}\L\00000004.@
c:\windows\Installer\{cd772052-6cc0-b542-e5ae-c01bb26bf63a}\L\201d3dde
c:\windows\Installer\{cd772052-6cc0-b542-e5ae-c01bb26bf63a}\U\00000004.@
c:\windows\Installer\{cd772052-6cc0-b542-e5ae-c01bb26bf63a}\U\00000008.@
c:\windows\Installer\{cd772052-6cc0-b542-e5ae-c01bb26bf63a}\U\000000cb.@
c:\windows\Installer\{cd772052-6cc0-b542-e5ae-c01bb26bf63a}\U\80000000.@
c:\windows\Installer\{cd772052-6cc0-b542-e5ae-c01bb26bf63a}\U\80000032.@
c:\windows\system32\ieuicom.dat.dll
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy6_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 00:17 . 2012-08-26 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 04:23 . 2012-08-25 04:23 9232584 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-23 09:46 . 2012-08-25 04:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 10:27 . 2012-08-25 06:00 -------- d-----w- c:\users\Classic .NET AppPool
2012-08-13 10:23 . 2012-08-25 05:59 -------- d-----w- c:\windows\system32\BestPractices
2012-08-13 10:23 . 2012-08-25 05:58 -------- d-----w- C:\inetpub
2012-08-13 05:37 . 2012-08-25 05:58 -------- d-----w- c:\users\Crystal\AppData\Roaming\AVG2012
2012-08-13 05:34 . 2012-08-13 05:34 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-13 05:34 . 2012-08-25 05:58 -------- d-----w- c:\program files\AVG Secure Search
2012-08-13 05:32 . 2012-08-13 05:32 -------- d-----w- C:\$AVG
2012-08-13 05:32 . 2012-08-25 23:17 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-13 05:32 . 2012-08-25 05:58 -------- d-----w- c:\programdata\AVG2012
2012-08-13 05:30 . 2012-08-25 05:51 -------- d-----w- c:\program files\AVG
2012-08-13 05:23 . 2012-08-25 23:17 -------- d-----w- c:\programdata\MFAData
2012-08-04 03:52 . 2012-08-04 03:52 -------- d-----w- c:\programdata\vsosdk
2012-08-03 21:37 . 2012-07-13 20:08 364360 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-08-03 21:36 . 2012-08-25 05:51 -------- d-----w- c:\program files\Easy-Hide-IP
2012-08-02 08:53 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-02 08:53 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-02 08:53 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-02 08:53 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-02 08:52 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-08-02 08:51 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-02 08:51 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-02 08:51 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-08-02 06:23 . 2012-08-02 07:53 -------- d-----w- c:\programdata\xml_param
2012-08-02 04:57 . 2012-08-02 04:57 -------- d-----w- c:\users\Crystal\AppData\Roaming\Wondershare Video Converter Ultimate
2012-08-02 04:56 . 2012-08-02 04:56 -------- d-----w- c:\users\Crystal\AppData\Local\Wondershare
2012-08-02 04:56 . 2012-08-25 05:51 -------- d-----w- c:\program files\Common Files\Wondershare
2012-08-02 04:56 . 2012-07-20 15:54 496640 ----a-w- c:\windows\system32\xvid.ax
2012-08-02 04:56 . 2012-07-20 15:54 892928 ----a-w- c:\windows\system32\iconv.dll
2012-08-02 04:56 . 2012-07-20 15:54 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-08-02 04:56 . 2012-08-02 08:24 -------- d-----w- c:\program files\Wondershare
2012-08-02 02:53 . 2012-08-02 02:53 -------- d-----w- c:\users\Crystal\AppData\Roaming\C__Users_Crystal_Downloads_Hide IP Easy v5.1.6.6 + Crack { LAtest 2012 Version } Mr.Perfect_Crack_HideIPEasy.exe
2012-08-02 02:53 . 2012-08-02 02:53 -------- d-----w- c:\programdata\C__Users_Crystal_Downloads_Hide IP Easy v5.1.6.6 + Crack { LAtest 2012 Version } Mr.Perfect_Crack_HideIPEasy.exe
2012-07-29 08:35 . 2012-07-29 08:35 -------- d-----w- c:\users\Crystal\Podcasts
2012-07-29 08:21 . 2012-08-25 05:53 -------- d-----w- c:\users\Crystal\AppData\Local\Sony
2012-07-29 08:21 . 2012-08-25 05:51 -------- d-----w- c:\program files\Common Files\Sony Shared
2012-07-29 08:19 . 2012-08-25 05:52 -------- d-----w- c:\program files\Sony
2012-07-29 08:19 . 2012-07-29 08:21 -------- d-----w- c:\programdata\Sony Corporation
2012-07-29 08:15 . 2012-08-25 05:52 -------- d-----w- c:\program files\Sony Media Go Install
2012-07-29 08:15 . 2012-07-29 08:50 -------- d-----w- c:\users\Crystal\AppData\Roaming\Sony
2012-07-29 06:28 . 2012-07-29 10:44 -------- d-----w- c:\users\Crystal\AppData\Local\Nero
2012-07-29 06:14 . 2012-08-25 05:53 -------- d-----w- c:\users\Crystal\AppData\Roaming\Nero
2012-07-29 05:56 . 2012-08-25 05:52 -------- d-----w- c:\programdata\Nero
2012-07-29 05:45 . 2012-07-29 05:45 -------- d-----w- c:\users\Crystal\AppData\Roaming\HideIPEasy
2012-07-29 05:45 . 2012-07-29 05:45 -------- d-----w- c:\programdata\HideIPEasy
2012-07-29 05:18 . 2012-07-29 05:18 -------- d-----w- c:\users\Crystal\AppData\Roaming\Apple Computer
2012-07-29 05:15 . 2011-12-01 17:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-07-29 05:15 . 2012-08-25 05:55 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-29 05:15 . 2011-12-01 17:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-07-29 05:15 . 2012-08-25 05:52 -------- d-----w- c:\program files\Nero
2012-07-29 05:14 . 2012-08-25 05:58 -------- d-----w- c:\users\Crystal\AppData\Local\AskToolbar
2012-07-29 05:14 . 2012-08-25 05:58 -------- d-----w- c:\program files\Ask.com
2012-07-29 05:14 . 2012-08-25 05:58 -------- d-----w- C:\Firefox
2012-07-29 05:11 . 2009-11-25 18:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-29 05:11 . 2009-11-25 18:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-29 05:11 . 2009-11-25 18:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-07-29 05:11 . 2009-11-25 18:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-29 05:11 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-29 05:08 . 2010-05-26 17:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-07-29 05:08 . 2010-05-26 17:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-07-29 05:08 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-07-29 05:08 . 2010-05-26 17:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-07-29 05:08 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-29 05:07 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-07-29 05:06 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-07-29 05:05 . 2008-10-15 12:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 04:23 . 2012-06-04 02:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 04:23 . 2012-06-04 02:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:37 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2012-06-02 22:19 . 2012-06-26 11:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 11:56 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 11:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 11:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 11:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 11:56 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 11:56 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-26 11:56 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12 . 2012-06-26 11:56 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-13 05:34 2045024 ----a-w- c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-04-09 23:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll" [2012-08-13 2045024]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-13 1162848]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-07-05 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-13 1020512]
.
c:\users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [x]
S2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 04:23]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-20 10:02]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-20 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\EasyRedirect.dll
Trusted Zone: cnet.com\download
Trusted Zone: stealthgenie.com\www
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\1e\08,5o"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3876)
c:\users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\16.7.0.30\InstStub.exe
c:\windows\system32\conhost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-08-25 18:24:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-26 00:24
.
Pre-Run: 191,990,013,952 bytes free
Post-Run: 192,170,491,904 bytes free
.
- - End Of File - - 0B977C1E7B8609EE6B671A698FCBF151

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 25 August 2012 - 10:14 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 davis.dirt

davis.dirt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 27 August 2012 - 01:57 AM

Here is the report for TDSSKiller. No reboot has been required so far. My computer seems to be improving. I have been online for about two hours and I have had no sign of the trojans. No antivirus software screaming at me and no trouble w computer. (ie its not freezing, random activity, excessive popups etc) Yay! Maybe its working! I am so excited...

00:50:49.0815 4344 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
00:50:50.0532 4344 ============================================================
00:50:50.0532 4344 Current date / time: 2012/08/27 00:50:50.0532
00:50:50.0532 4344 SystemInfo:
00:50:50.0532 4344
00:50:50.0532 4344 OS Version: 6.1.7600 ServicePack: 0.0
00:50:50.0532 4344 Product type: Workstation
00:50:50.0532 4344 ComputerName: DEJAPOO
00:50:50.0532 4344 UserName: Crystal
00:50:50.0532 4344 Windows directory: C:\windows
00:50:50.0532 4344 System windows directory: C:\windows
00:50:50.0532 4344 Processor architecture: Intel x86
00:50:50.0532 4344 Number of processors: 1
00:50:50.0532 4344 Page size: 0x1000
00:50:50.0532 4344 Boot type: Normal boot
00:50:50.0532 4344 ============================================================
00:50:51.0952 4344 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:50:51.0968 4344 ============================================================
00:50:51.0968 4344 \Device\Harddisk0\DR0:
00:50:51.0968 4344 MBR partitions:
00:50:51.0968 4344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BEAA800
00:50:51.0968 4344 ============================================================
00:50:52.0014 4344 C: <-> \Device\Harddisk0\DR0\Partition1
00:50:52.0014 4344 ============================================================
00:50:52.0014 4344 Initialize success
00:50:52.0014 4344 ============================================================
00:51:18.0176 2904 ============================================================
00:51:18.0176 2904 Scan started
00:51:18.0176 2904 Mode: Manual;
00:51:18.0176 2904 ============================================================
00:51:19.0112 2904 ================ Scan system memory ========================
00:51:19.0112 2904 System memory - ok
00:51:19.0112 2904 ================ Scan services =============================
00:51:19.0299 2904 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
00:51:19.0299 2904 1394ohci - ok
00:51:19.0361 2904 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
00:51:19.0361 2904 ACPI - ok
00:51:19.0408 2904 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
00:51:19.0408 2904 AcpiPmi - ok
00:51:19.0517 2904 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
00:51:19.0517 2904 AdobeARMservice - ok
00:51:19.0642 2904 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:51:19.0658 2904 AdobeFlashPlayerUpdateSvc - ok
00:51:19.0689 2904 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
00:51:19.0704 2904 adp94xx - ok
00:51:19.0751 2904 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
00:51:19.0751 2904 adpahci - ok
00:51:19.0782 2904 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
00:51:19.0782 2904 adpu320 - ok
00:51:19.0845 2904 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
00:51:19.0845 2904 AeLookupSvc - ok
00:51:19.0892 2904 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\windows\system32\drivers\afd.sys
00:51:19.0892 2904 AFD - ok
00:51:19.0954 2904 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
00:51:19.0970 2904 AgereSoftModem - ok
00:51:19.0985 2904 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\DRIVERS\agp440.sys
00:51:20.0001 2904 agp440 - ok
00:51:20.0048 2904 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
00:51:20.0094 2904 aic78xx - ok
00:51:20.0172 2904 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
00:51:20.0235 2904 ALG - ok
00:51:20.0266 2904 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\DRIVERS\aliide.sys
00:51:20.0282 2904 aliide - ok
00:51:20.0344 2904 [ 0BC6704F6FB4C63CDCB85401E8263A1B ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
00:51:20.0344 2904 AMD External Events Utility - ok
00:51:20.0391 2904 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\DRIVERS\amdagp.sys
00:51:20.0391 2904 amdagp - ok
00:51:20.0406 2904 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\DRIVERS\amdide.sys
00:51:20.0422 2904 amdide - ok
00:51:20.0438 2904 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
00:51:20.0438 2904 AmdK8 - ok
00:51:20.0469 2904 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
00:51:20.0469 2904 AmdPPM - ok
00:51:20.0516 2904 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
00:51:20.0516 2904 amdsata - ok
00:51:20.0547 2904 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
00:51:20.0547 2904 amdsbs - ok
00:51:20.0562 2904 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
00:51:20.0578 2904 amdxata - ok
00:51:20.0594 2904 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\windows\system32\drivers\appid.sys
00:51:20.0594 2904 AppID - ok
00:51:20.0640 2904 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
00:51:20.0640 2904 AppIDSvc - ok
00:51:20.0656 2904 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\windows\System32\appinfo.dll
00:51:20.0656 2904 Appinfo - ok
00:51:20.0718 2904 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
00:51:20.0718 2904 arc - ok
00:51:20.0750 2904 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
00:51:20.0750 2904 arcsas - ok
00:51:20.0781 2904 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
00:51:20.0781 2904 AsyncMac - ok
00:51:20.0812 2904 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\DRIVERS\atapi.sys
00:51:20.0812 2904 atapi - ok
00:51:20.0999 2904 [ C97BE8350FBCB1960B22FAD2E6C2B514 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
00:51:21.0140 2904 atikmdag - ok
00:51:21.0171 2904 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
00:51:21.0171 2904 AtiPcie - ok
00:51:21.0233 2904 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:51:21.0233 2904 AudioEndpointBuilder - ok
00:51:21.0249 2904 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\windows\System32\Audiosrv.dll
00:51:21.0249 2904 Audiosrv - ok
00:51:21.0498 2904 [ D67719BCFDE5798F5C30D14EFED3BCAF ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
00:51:21.0623 2904 AVGIDSAgent - ok
00:51:21.0670 2904 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdriverx.sys
00:51:21.0670 2904 AVGIDSDriver - ok
00:51:21.0701 2904 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfilterx.sys
00:51:21.0701 2904 AVGIDSFilter - ok
00:51:21.0748 2904 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\windows\system32\DRIVERS\avgidshx.sys
00:51:21.0748 2904 AVGIDSHX - ok
00:51:21.0810 2904 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\windows\system32\DRIVERS\avgidsshimx.sys
00:51:21.0810 2904 AVGIDSShim - ok
00:51:21.0842 2904 [ DDA6A2A18841E4C9172BB85958B8D948 ] Avgldx86 C:\windows\system32\DRIVERS\avgldx86.sys
00:51:21.0842 2904 Avgldx86 - ok
00:51:21.0873 2904 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\windows\system32\DRIVERS\avgmfx86.sys
00:51:21.0873 2904 Avgmfx86 - ok
00:51:21.0888 2904 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\windows\system32\DRIVERS\avgrkx86.sys
00:51:21.0888 2904 Avgrkx86 - ok
00:51:21.0935 2904 [ 1263F2554ACE925C237A40B4C568D815 ] Avgtdix C:\windows\system32\DRIVERS\avgtdix.sys
00:51:21.0951 2904 Avgtdix - ok
00:51:21.0966 2904 [ 493F32BA712319CA1B720E6A17EC38D7 ] avgtp C:\windows\system32\drivers\avgtpx86.sys
00:51:21.0966 2904 avgtp - ok
00:51:22.0044 2904 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
00:51:22.0060 2904 avgwd - ok
00:51:22.0107 2904 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\windows\System32\AxInstSV.dll
00:51:22.0107 2904 AxInstSV - ok
00:51:22.0169 2904 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
00:51:22.0169 2904 b06bdrv - ok
00:51:22.0216 2904 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
00:51:22.0216 2904 b57nd60x - ok
00:51:22.0263 2904 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
00:51:22.0263 2904 BDESVC - ok
00:51:22.0294 2904 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
00:51:22.0294 2904 Beep - ok
00:51:22.0372 2904 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\windows\System32\bfe.dll
00:51:22.0372 2904 BFE - ok
00:51:22.0466 2904 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
00:51:22.0466 2904 blbdrive - ok
00:51:22.0497 2904 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\windows\system32\DRIVERS\bowser.sys
00:51:22.0497 2904 bowser - ok
00:51:22.0528 2904 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
00:51:22.0528 2904 BrFiltLo - ok
00:51:22.0575 2904 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
00:51:22.0575 2904 BrFiltUp - ok
00:51:22.0606 2904 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
00:51:22.0606 2904 BridgeMP - ok
00:51:22.0653 2904 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\windows\System32\browser.dll
00:51:22.0653 2904 Browser - ok
00:51:22.0700 2904 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
00:51:22.0700 2904 Brserid - ok
00:51:22.0731 2904 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
00:51:22.0731 2904 BrSerWdm - ok
00:51:22.0762 2904 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
00:51:22.0762 2904 BrUsbMdm - ok
00:51:22.0793 2904 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
00:51:22.0793 2904 BrUsbSer - ok
00:51:22.0824 2904 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
00:51:22.0824 2904 BTHMODEM - ok
00:51:22.0871 2904 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
00:51:22.0871 2904 bthserv - ok
00:51:22.0949 2904 catchme - ok
00:51:22.0980 2904 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
00:51:22.0996 2904 cdfs - ok
00:51:23.0012 2904 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
00:51:23.0012 2904 cdrom - ok
00:51:23.0058 2904 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\windows\System32\certprop.dll
00:51:23.0058 2904 CertPropSvc - ok
00:51:23.0183 2904 [ 1F8A319D29394F9CE1B7AE020DF2EBBF ] cfWiMAXService C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
00:51:23.0183 2904 cfWiMAXService - ok
00:51:23.0230 2904 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
00:51:23.0230 2904 circlass - ok
00:51:23.0277 2904 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
00:51:23.0277 2904 CLFS - ok
00:51:23.0386 2904 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:51:23.0386 2904 clr_optimization_v2.0.50727_32 - ok
00:51:23.0480 2904 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:51:23.0480 2904 clr_optimization_v4.0.30319_32 - ok
00:51:23.0542 2904 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
00:51:23.0542 2904 CmBatt - ok
00:51:23.0558 2904 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
00:51:23.0558 2904 cmdide - ok
00:51:23.0604 2904 [ 36C252E474B2FFA0F0FBBFF20D92A640 ] CNG C:\windows\system32\Drivers\cng.sys
00:51:23.0620 2904 CNG - ok
00:51:23.0651 2904 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
00:51:23.0651 2904 Compbatt - ok
00:51:23.0682 2904 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
00:51:23.0682 2904 CompositeBus - ok
00:51:23.0698 2904 COMSysApp - ok
00:51:23.0729 2904 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
00:51:23.0745 2904 ConfigFree Service - ok
00:51:23.0776 2904 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
00:51:23.0776 2904 crcdisk - ok
00:51:23.0823 2904 [ 520A108A2657F4BCA7FCED9CA7D885DE ] CryptSvc C:\windows\system32\cryptsvc.dll
00:51:23.0823 2904 CryptSvc - ok
00:51:23.0885 2904 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\windows\system32\rpcss.dll
00:51:23.0885 2904 DcomLaunch - ok
00:51:23.0932 2904 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
00:51:23.0932 2904 defragsvc - ok
00:51:23.0979 2904 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\windows\system32\Drivers\dfsc.sys
00:51:23.0979 2904 DfsC - ok
00:51:24.0026 2904 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\windows\system32\dhcpcore.dll
00:51:24.0026 2904 Dhcp - ok
00:51:24.0072 2904 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
00:51:24.0072 2904 discache - ok
00:51:24.0088 2904 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
00:51:24.0088 2904 Disk - ok
00:51:24.0135 2904 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\windows\System32\dnsrslvr.dll
00:51:25.0289 2904 Dnscache - ok
00:51:25.0320 2904 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\windows\System32\dot3svc.dll
00:51:25.0336 2904 dot3svc - ok
00:51:25.0352 2904 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\windows\system32\dps.dll
00:51:25.0352 2904 DPS - ok
00:51:25.0383 2904 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
00:51:25.0383 2904 drmkaud - ok
00:51:25.0445 2904 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
00:51:25.0445 2904 DXGKrnl - ok
00:51:25.0476 2904 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
00:51:25.0492 2904 EapHost - ok
00:51:25.0539 2904 EasyRedirect - ok
00:51:25.0679 2904 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
00:51:25.0757 2904 ebdrv - ok
00:51:25.0788 2904 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\windows\System32\lsass.exe
00:51:25.0788 2904 EFS - ok
00:51:25.0851 2904 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\windows\ehome\ehRecvr.exe
00:51:25.0866 2904 ehRecvr - ok
00:51:25.0898 2904 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
00:51:25.0898 2904 ehSched - ok
00:51:25.0944 2904 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
00:51:25.0960 2904 elxstor - ok
00:51:25.0976 2904 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
00:51:25.0991 2904 ErrDev - ok
00:51:26.0054 2904 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
00:51:26.0069 2904 EventSystem - ok
00:51:26.0116 2904 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
00:51:26.0116 2904 exfat - ok
00:51:26.0147 2904 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
00:51:26.0147 2904 fastfat - ok
00:51:26.0210 2904 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\windows\system32\fxssvc.exe
00:51:26.0210 2904 Fax - ok
00:51:26.0256 2904 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
00:51:26.0256 2904 fdc - ok
00:51:26.0288 2904 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
00:51:26.0288 2904 fdPHost - ok
00:51:26.0303 2904 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
00:51:26.0303 2904 FDResPub - ok
00:51:26.0334 2904 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
00:51:26.0350 2904 FileInfo - ok
00:51:26.0381 2904 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
00:51:26.0381 2904 Filetrace - ok
00:51:26.0412 2904 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
00:51:26.0412 2904 flpydisk - ok
00:51:26.0444 2904 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
00:51:26.0444 2904 FltMgr - ok
00:51:26.0506 2904 [ B6512A85815FDC3D560C3705F5BDB93D ] FontCache C:\windows\system32\FntCache.dll
00:51:26.0522 2904 FontCache - ok
00:51:26.0584 2904 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:51:26.0584 2904 FontCache3.0.0.0 - ok
00:51:26.0631 2904 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
00:51:26.0631 2904 FsDepends - ok
00:51:26.0693 2904 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
00:51:26.0693 2904 Fs_Rec - ok
00:51:26.0740 2904 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
00:51:26.0740 2904 fvevol - ok
00:51:26.0771 2904 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
00:51:26.0771 2904 gagp30kx - ok
00:51:26.0849 2904 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
00:51:26.0849 2904 GameConsoleService - ok
00:51:26.0912 2904 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\windows\System32\gpsvc.dll
00:51:26.0912 2904 gpsvc - ok
00:51:27.0005 2904 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
00:51:27.0005 2904 gupdate - ok
00:51:27.0036 2904 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
00:51:27.0036 2904 gupdatem - ok
00:51:27.0130 2904 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
00:51:27.0130 2904 gusvc - ok
00:51:27.0177 2904 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
00:51:27.0177 2904 hcw85cir - ok
00:51:27.0224 2904 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:51:27.0224 2904 HdAudAddService - ok
00:51:27.0255 2904 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
00:51:27.0255 2904 HDAudBus - ok
00:51:27.0286 2904 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
00:51:27.0286 2904 HidBatt - ok
00:51:27.0333 2904 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
00:51:27.0333 2904 HidBth - ok
00:51:27.0348 2904 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
00:51:27.0348 2904 HidIr - ok
00:51:27.0395 2904 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll
00:51:27.0395 2904 hidserv - ok
00:51:27.0442 2904 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
00:51:27.0442 2904 HidUsb - ok
00:51:27.0489 2904 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\windows\system32\kmsvc.dll
00:51:27.0489 2904 hkmsvc - ok
00:51:27.0504 2904 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:51:27.0520 2904 HomeGroupListener - ok
00:51:27.0551 2904 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:51:27.0567 2904 HomeGroupProvider - ok
00:51:27.0598 2904 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
00:51:27.0598 2904 HpSAMD - ok
00:51:27.0645 2904 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\windows\system32\drivers\HTTP.sys
00:51:27.0645 2904 HTTP - ok
00:51:27.0676 2904 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
00:51:27.0676 2904 hwpolicy - ok
00:51:27.0707 2904 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
00:51:27.0707 2904 i8042prt - ok
00:51:27.0738 2904 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
00:51:27.0738 2904 iaStorV - ok
00:51:27.0801 2904 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:51:27.0816 2904 idsvc - ok
00:51:27.0863 2904 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
00:51:27.0863 2904 iirsp - ok
00:51:27.0910 2904 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\windows\System32\ikeext.dll
00:51:27.0926 2904 IKEEXT - ok
00:51:28.0050 2904 [ E4A2E810CB2607C9C159C0DFB0BD4C88 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHDA.sys
00:51:28.0097 2904 IntcAzAudAddService - ok
00:51:28.0128 2904 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\DRIVERS\intelide.sys
00:51:28.0128 2904 intelide - ok
00:51:28.0160 2904 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
00:51:28.0160 2904 intelppm - ok
00:51:28.0191 2904 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
00:51:28.0191 2904 IPBusEnum - ok
00:51:28.0222 2904 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
00:51:28.0222 2904 IpFilterDriver - ok
00:51:28.0284 2904 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
00:51:28.0284 2904 iphlpsvc - ok
00:51:28.0316 2904 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
00:51:28.0316 2904 IPMIDRV - ok
00:51:28.0362 2904 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
00:51:28.0362 2904 IPNAT - ok
00:51:28.0378 2904 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
00:51:28.0378 2904 IRENUM - ok
00:51:28.0409 2904 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
00:51:28.0409 2904 isapnp - ok
00:51:28.0456 2904 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
00:51:28.0456 2904 iScsiPrt - ok
00:51:28.0487 2904 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
00:51:28.0487 2904 kbdclass - ok
00:51:28.0518 2904 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
00:51:28.0534 2904 kbdhid - ok
00:51:28.0550 2904 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\windows\system32\lsass.exe
00:51:28.0550 2904 KeyIso - ok
00:51:28.0596 2904 [ 0263364ACB9C834ACE52FB85C2C064EC ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
00:51:28.0596 2904 KSecDD - ok
00:51:28.0628 2904 [ 27391DB553BE2A4E2B0ADEEA2873B2AF ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
00:51:28.0628 2904 KSecPkg - ok
00:51:28.0674 2904 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
00:51:28.0674 2904 KtmRm - ok
00:51:28.0721 2904 [ BCA92CB047A4326925ECEF759DBAA233 ] LanmanServer C:\windows\System32\srvsvc.dll
00:51:28.0721 2904 LanmanServer - ok
00:51:28.0768 2904 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:51:28.0768 2904 LanmanWorkstation - ok
00:51:28.0815 2904 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
00:51:28.0815 2904 lltdio - ok
00:51:28.0862 2904 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
00:51:28.0862 2904 lltdsvc - ok
00:51:28.0893 2904 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
00:51:28.0893 2904 lmhosts - ok
00:51:28.0924 2904 [ 6E3D3816749E107883EEC5734CE44493 ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
00:51:28.0924 2904 LPCFilter - ok
00:51:28.0986 2904 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
00:51:28.0986 2904 LSI_FC - ok
00:51:29.0033 2904 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
00:51:29.0033 2904 LSI_SAS - ok
00:51:29.0049 2904 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
00:51:29.0064 2904 LSI_SAS2 - ok
00:51:29.0080 2904 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
00:51:29.0080 2904 LSI_SCSI - ok
00:51:29.0111 2904 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
00:51:29.0111 2904 luafv - ok
00:51:29.0158 2904 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
00:51:29.0158 2904 Mcx2Svc - ok
00:51:29.0205 2904 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
00:51:29.0205 2904 megasas - ok
00:51:29.0236 2904 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
00:51:29.0236 2904 MegaSR - ok
00:51:29.0283 2904 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
00:51:29.0283 2904 MMCSS - ok
00:51:29.0314 2904 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
00:51:29.0314 2904 Modem - ok
00:51:29.0345 2904 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
00:51:29.0345 2904 monitor - ok
00:51:29.0376 2904 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
00:51:29.0376 2904 mouclass - ok
00:51:29.0392 2904 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
00:51:29.0408 2904 mouhid - ok
00:51:29.0439 2904 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
00:51:29.0439 2904 mountmgr - ok
00:51:29.0486 2904 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\windows\system32\DRIVERS\mpio.sys
00:51:29.0486 2904 mpio - ok
00:51:29.0501 2904 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
00:51:29.0501 2904 mpsdrv - ok
00:51:29.0579 2904 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\windows\system32\mpssvc.dll
00:51:29.0595 2904 MpsSvc - ok
00:51:29.0610 2904 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
00:51:29.0610 2904 MRxDAV - ok
00:51:29.0657 2904 [ B4C76EF46322A9711C7B0F4E21EF6EA5 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
00:51:29.0657 2904 mrxsmb - ok
00:51:29.0673 2904 [ E593D45024A3FDD11E93CC4A6CA91101 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
00:51:29.0688 2904 mrxsmb10 - ok
00:51:29.0735 2904 [ A9F86C82C9CC3B679CC3957E1183A30F ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
00:51:29.0735 2904 mrxsmb20 - ok
00:51:29.0766 2904 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\windows\system32\DRIVERS\msahci.sys
00:51:29.0766 2904 msahci - ok
00:51:29.0813 2904 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
00:51:29.0813 2904 msdsm - ok
00:51:29.0844 2904 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
00:51:29.0844 2904 MSDTC - ok
00:51:29.0876 2904 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
00:51:29.0891 2904 Msfs - ok
00:51:29.0922 2904 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
00:51:29.0922 2904 mshidkmdf - ok
00:51:29.0954 2904 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
00:51:29.0954 2904 msisadrv - ok
00:51:30.0000 2904 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
00:51:30.0000 2904 MSiSCSI - ok
00:51:30.0016 2904 msiserver - ok
00:51:30.0047 2904 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
00:51:30.0047 2904 MSKSSRV - ok
00:51:30.0063 2904 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
00:51:30.0063 2904 MSPCLOCK - ok
00:51:30.0094 2904 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
00:51:30.0094 2904 MSPQM - ok
00:51:30.0110 2904 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
00:51:30.0125 2904 MsRPC - ok
00:51:30.0156 2904 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
00:51:30.0156 2904 mssmbios - ok
00:51:30.0172 2904 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
00:51:30.0172 2904 MSTEE - ok
00:51:30.0219 2904 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
00:51:30.0219 2904 MTConfig - ok
00:51:30.0234 2904 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
00:51:30.0250 2904 Mup - ok
00:51:30.0297 2904 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\windows\system32\qagentRT.dll
00:51:30.0312 2904 napagent - ok
00:51:30.0406 2904 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
00:51:30.0422 2904 NativeWifiP - ok
00:51:30.0500 2904 NAVENG - ok
00:51:30.0515 2904 NAVEX15 - ok
00:51:30.0578 2904 [ 0AE25530894A934C6CA600865C6E9D7C ] NBVol C:\windows\system32\DRIVERS\NBVol.sys
00:51:30.0578 2904 NBVol - ok
00:51:30.0593 2904 [ 1DDCEF3039C9D90AF3529DEE6699967D ] NBVolUp C:\windows\system32\DRIVERS\NBVolUp.sys
00:51:30.0609 2904 NBVolUp - ok
00:51:30.0640 2904 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\windows\system32\drivers\ndis.sys
00:51:30.0656 2904 NDIS - ok
00:51:30.0687 2904 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
00:51:30.0687 2904 NdisCap - ok
00:51:30.0718 2904 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
00:51:30.0718 2904 NdisTapi - ok
00:51:30.0749 2904 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
00:51:30.0749 2904 Ndisuio - ok
00:51:30.0780 2904 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
00:51:30.0780 2904 NdisWan - ok
00:51:30.0812 2904 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
00:51:30.0812 2904 NDProxy - ok
00:51:30.0843 2904 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
00:51:30.0843 2904 NetBIOS - ok
00:51:30.0858 2904 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
00:51:30.0874 2904 NetBT - ok
00:51:30.0890 2904 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\windows\system32\lsass.exe
00:51:30.0890 2904 Netlogon - ok
00:51:30.0936 2904 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
00:51:30.0936 2904 Netman - ok
00:51:30.0983 2904 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
00:51:30.0999 2904 netprofm - ok
00:51:31.0046 2904 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:51:31.0046 2904 NetTcpPortSharing - ok
00:51:31.0092 2904 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
00:51:31.0092 2904 nfrd960 - ok
00:51:31.0139 2904 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\windows\System32\nlasvc.dll
00:51:31.0155 2904 NlaSvc - ok
00:51:31.0233 2904 [ EE215321E83BE72AB77B6627FD149EAE ] Norton Internet Security C:\Program Files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
00:51:31.0233 2904 Norton Internet Security - ok
00:51:31.0264 2904 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
00:51:31.0264 2904 Npfs - ok
00:51:31.0295 2904 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
00:51:31.0295 2904 nsi - ok
00:51:31.0326 2904 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
00:51:31.0326 2904 nsiproxy - ok
00:51:31.0389 2904 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\windows\system32\drivers\Ntfs.sys
00:51:31.0404 2904 Ntfs - ok
00:51:31.0436 2904 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
00:51:31.0436 2904 Null - ok
00:51:31.0467 2904 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
00:51:31.0467 2904 nvraid - ok
00:51:31.0482 2904 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
00:51:31.0482 2904 nvstor - ok
00:51:31.0514 2904 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
00:51:31.0529 2904 nv_agp - ok
00:51:31.0638 2904 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:51:31.0654 2904 odserv - ok
00:51:31.0685 2904 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
00:51:31.0685 2904 ohci1394 - ok
00:51:31.0732 2904 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:51:31.0748 2904 ose - ok
00:51:31.0794 2904 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
00:51:31.0794 2904 p2pimsvc - ok
00:51:31.0826 2904 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
00:51:31.0841 2904 p2psvc - ok
00:51:31.0872 2904 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
00:51:31.0872 2904 Parport - ok
00:51:31.0904 2904 [ FF4218952B51DE44FE910953A3E686B9 ] partmgr C:\windows\system32\drivers\partmgr.sys
00:51:31.0904 2904 partmgr - ok
00:51:31.0935 2904 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
00:51:31.0935 2904 Parvdm - ok
00:51:31.0982 2904 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
00:51:31.0982 2904 PcaSvc - ok
00:51:32.0013 2904 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\windows\system32\DRIVERS\pci.sys
00:51:32.0013 2904 pci - ok
00:51:32.0060 2904 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\DRIVERS\pciide.sys
00:51:32.0060 2904 pciide - ok
00:51:32.0091 2904 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
00:51:32.0091 2904 pcmcia - ok
00:51:32.0138 2904 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\windows\system32\Drivers\pcouffin.sys
00:51:32.0138 2904 pcouffin - ok
00:51:32.0169 2904 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
00:51:32.0169 2904 pcw - ok
00:51:32.0216 2904 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
00:51:32.0231 2904 PEAUTH - ok
00:51:32.0325 2904 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\windows\system32\pla.dll
00:51:32.0340 2904 pla - ok
00:51:32.0372 2904 [ 2CC2008F1296968FBA162ED9F9AFE328 ] PlugPlay C:\windows\system32\umpnpmgr.dll
00:51:32.0387 2904 PlugPlay - ok
00:51:32.0418 2904 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
00:51:32.0434 2904 PNRPAutoReg - ok
00:51:32.0465 2904 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
00:51:32.0465 2904 PNRPsvc - ok
00:51:32.0512 2904 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
00:51:32.0512 2904 PolicyAgent - ok
00:51:32.0543 2904 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\windows\system32\umpo.dll
00:51:32.0543 2904 Power - ok
00:51:32.0590 2904 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
00:51:32.0590 2904 PptpMiniport - ok
00:51:32.0621 2904 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
00:51:32.0621 2904 Processor - ok
00:51:32.0668 2904 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\windows\system32\profsvc.dll
00:51:32.0668 2904 ProfSvc - ok
00:51:32.0699 2904 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\windows\system32\lsass.exe
00:51:32.0699 2904 ProtectedStorage - ok
00:51:32.0730 2904 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
00:51:32.0730 2904 Psched - ok
00:51:32.0793 2904 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
00:51:32.0808 2904 ql2300 - ok
00:51:32.0840 2904 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
00:51:32.0840 2904 ql40xx - ok
00:51:32.0871 2904 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
00:51:32.0886 2904 QWAVE - ok
00:51:32.0902 2904 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
00:51:32.0902 2904 QWAVEdrv - ok
00:51:32.0933 2904 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
00:51:32.0933 2904 RasAcd - ok
00:51:32.0980 2904 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
00:51:32.0980 2904 RasAgileVpn - ok
00:51:33.0027 2904 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
00:51:33.0027 2904 RasAuto - ok
00:51:33.0074 2904 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
00:51:33.0089 2904 Rasl2tp - ok
00:51:33.0136 2904 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\windows\System32\rasmans.dll
00:51:33.0136 2904 RasMan - ok
00:51:33.0167 2904 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
00:51:33.0167 2904 RasPppoe - ok
00:51:33.0183 2904 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
00:51:33.0183 2904 RasSstp - ok
00:51:33.0214 2904 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
00:51:33.0214 2904 rdbss - ok
00:51:33.0261 2904 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
00:51:33.0261 2904 rdpbus - ok
00:51:33.0292 2904 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
00:51:33.0292 2904 RDPCDD - ok
00:51:33.0354 2904 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
00:51:33.0354 2904 RDPENCDD - ok
00:51:33.0386 2904 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
00:51:33.0386 2904 RDPREFMP - ok
00:51:33.0417 2904 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
00:51:33.0417 2904 RDPWD - ok
00:51:33.0448 2904 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
00:51:33.0448 2904 rdyboost - ok
00:51:33.0495 2904 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
00:51:33.0510 2904 RemoteAccess - ok
00:51:33.0557 2904 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
00:51:33.0557 2904 RemoteRegistry - ok
00:51:33.0588 2904 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
00:51:33.0588 2904 RpcEptMapper - ok
00:51:33.0635 2904 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
00:51:33.0635 2904 RpcLocator - ok
00:51:33.0666 2904 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\windows\system32\rpcss.dll
00:51:33.0682 2904 RpcSs - ok
00:51:33.0713 2904 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
00:51:33.0713 2904 rspndr - ok
00:51:33.0760 2904 [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
00:51:33.0776 2904 RSUSBSTOR - ok
00:51:33.0807 2904 [ 26A9D6227D12B9D9DA5A81BB9B55D810 ] RTL8167 C:\windows\system32\DRIVERS\Rt86win7.sys
00:51:33.0822 2904 RTL8167 - ok
00:51:33.0854 2904 [ 5BD298BDF62E6A8A0FC69F73A82A52BB ] RTL8187Se C:\windows\system32\DRIVERS\RTL8187Se.sys
00:51:33.0854 2904 RTL8187Se - ok
00:51:33.0885 2904 RtsUIR - ok
00:51:33.0900 2904 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\windows\system32\lsass.exe
00:51:33.0900 2904 SamSs - ok
00:51:33.0963 2904 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
00:51:33.0963 2904 sbp2port - ok
00:51:34.0010 2904 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
00:51:34.0010 2904 SCardSvr - ok
00:51:34.0041 2904 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
00:51:34.0041 2904 scfilter - ok
00:51:34.0072 2904 [ 3E8B0C453E25613A1F59762A5C42AA75 ] Schedule C:\windows\system32\schedsvc.dll
00:51:34.0088 2904 Schedule - ok
00:51:34.0103 2904 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\windows\System32\certprop.dll
00:51:34.0119 2904 SCPolicySvc - ok
00:51:34.0150 2904 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\windows\System32\SDRSVC.dll
00:51:34.0150 2904 SDRSVC - ok
00:51:34.0197 2904 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
00:51:34.0197 2904 secdrv - ok
00:51:34.0228 2904 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
00:51:34.0228 2904 seclogon - ok
00:51:34.0275 2904 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll
00:51:34.0275 2904 SENS - ok
00:51:34.0306 2904 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
00:51:34.0306 2904 SensrSvc - ok
00:51:34.0337 2904 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
00:51:34.0337 2904 Serenum - ok
00:51:34.0368 2904 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
00:51:34.0368 2904 Serial - ok
00:51:34.0384 2904 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
00:51:34.0384 2904 sermouse - ok
00:51:34.0446 2904 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\windows\system32\sessenv.dll
00:51:34.0462 2904 SessionEnv - ok
00:51:34.0493 2904 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
00:51:34.0493 2904 sffdisk - ok
00:51:34.0509 2904 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
00:51:34.0524 2904 sffp_mmc - ok
00:51:34.0540 2904 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
00:51:34.0540 2904 sffp_sd - ok
00:51:34.0556 2904 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
00:51:34.0556 2904 sfloppy - ok
00:51:34.0634 2904 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
00:51:34.0649 2904 SharedAccess - ok
00:51:34.0696 2904 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:51:34.0712 2904 ShellHWDetection - ok
00:51:34.0727 2904 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\DRIVERS\sisagp.sys
00:51:34.0727 2904 sisagp - ok
00:51:34.0790 2904 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
00:51:34.0790 2904 SiSRaid2 - ok
00:51:34.0821 2904 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
00:51:34.0821 2904 SiSRaid4 - ok
00:51:34.0836 2904 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
00:51:34.0836 2904 Smb - ok
00:51:34.0914 2904 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
00:51:34.0914 2904 SNMPTRAP - ok
00:51:34.0946 2904 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
00:51:34.0946 2904 spldr - ok
00:51:34.0992 2904 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\windows\System32\spoolsv.exe
00:51:34.0992 2904 Spooler - ok
00:51:35.0102 2904 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\windows\system32\sppsvc.exe
00:51:35.0148 2904 sppsvc - ok
00:51:35.0211 2904 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\windows\system32\sppuinotify.dll
00:51:35.0211 2904 sppuinotify - ok
00:51:35.0304 2904 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP C:\windows\system32\drivers\NIS\1007000.01E\SRTSP.SYS
00:51:35.0304 2904 SRTSP - ok
00:51:35.0336 2904 [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX C:\windows\system32\drivers\NIS\1007000.01E\SRTSPX.SYS
00:51:35.0336 2904 SRTSPX - ok
00:51:35.0382 2904 [ 2BA4EBC7DFBA845A1EDBE1F75913BE33 ] srv C:\windows\system32\DRIVERS\srv.sys
00:51:35.0398 2904 srv - ok
00:51:35.0429 2904 [ DCE7E10FEAABD4CAE95948B3DE5340BB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
00:51:35.0429 2904 srv2 - ok
00:51:35.0445 2904 [ B5665BAA2120B8A54E22E9CD07C05106 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
00:51:35.0445 2904 srvnet - ok
00:51:35.0507 2904 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
00:51:35.0507 2904 SSDPSRV - ok
00:51:35.0523 2904 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
00:51:35.0523 2904 SstpSvc - ok
00:51:35.0554 2904 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
00:51:35.0554 2904 stexstor - ok
00:51:35.0616 2904 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\windows\System32\wiaservc.dll
00:51:35.0632 2904 StiSvc - ok
00:51:35.0663 2904 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\DRIVERS\swenum.sys
00:51:35.0663 2904 swenum - ok
00:51:35.0710 2904 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
00:51:35.0710 2904 swprv - ok
00:51:35.0772 2904 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
00:51:35.0772 2904 SynTP - ok
00:51:35.0866 2904 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\windows\system32\sysmain.dll
00:51:35.0882 2904 SysMain - ok
00:51:35.0929 2904 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\windows\System32\TabSvc.dll
00:51:35.0944 2904 TabletInputService - ok
00:51:35.0975 2904 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\windows\System32\tapisrv.dll
00:51:35.0975 2904 TapiSrv - ok
00:51:36.0007 2904 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
00:51:36.0007 2904 TBS - ok
00:51:36.0085 2904 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] Tcpip C:\windows\system32\drivers\tcpip.sys
00:51:36.0100 2904 Tcpip - ok
00:51:36.0131 2904 [ 2CC3D75488ABD3EC628BBB9A4FC84EFC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
00:51:36.0147 2904 TCPIP6 - ok
00:51:36.0194 2904 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
00:51:36.0194 2904 tcpipreg - ok
00:51:36.0256 2904 [ 4084EA00D50C858D6F9038F86AE2E2D0 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
00:51:36.0256 2904 tdcmdpst - ok
00:51:36.0303 2904 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
00:51:36.0303 2904 TDPIPE - ok
00:51:36.0334 2904 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
00:51:36.0334 2904 TDTCP - ok
00:51:36.0365 2904 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\windows\system32\DRIVERS\tdx.sys
00:51:36.0365 2904 tdx - ok
00:51:36.0381 2904 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
00:51:36.0381 2904 TermDD - ok
00:51:36.0428 2904 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\windows\System32\termsrv.dll
00:51:36.0443 2904 TermService - ok
00:51:36.0459 2904 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
00:51:36.0459 2904 Themes - ok
00:51:36.0490 2904 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
00:51:36.0490 2904 THREADORDER - ok
00:51:36.0553 2904 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
00:51:36.0553 2904 TMachInfo - ok
00:51:36.0615 2904 [ FE65D33B7D4FF07DD1D29526A48DF810 ] TODDSrv C:\Windows\system32\TODDSrv.exe
00:51:36.0631 2904 TODDSrv - ok
00:51:36.0709 2904 [ 451B09BA1A0D019BA0B5A27229559D55 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:51:36.0709 2904 TosCoSrv - ok
00:51:36.0771 2904 [ 94ECABE1BA3559214FE6C3CE6C9677EB ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
00:51:36.0771 2904 TOSHIBA HDD SSD Alert Service - ok
00:51:36.0818 2904 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
00:51:36.0818 2904 TrkWks - ok
00:51:36.0896 2904 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:51:36.0896 2904 TrustedInstaller - ok
00:51:36.0927 2904 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
00:51:36.0943 2904 tssecsrv - ok
00:51:36.0958 2904 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
00:51:36.0958 2904 tunnel - ok
00:51:36.0989 2904 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:51:36.0989 2904 TVALZ - ok
00:51:37.0036 2904 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
00:51:37.0036 2904 uagp35 - ok
00:51:37.0067 2904 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\windows\system32\DRIVERS\udfs.sys
00:51:37.0067 2904 udfs - ok
00:51:37.0130 2904 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
00:51:37.0130 2904 UI0Detect - ok
00:51:37.0161 2904 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
00:51:37.0161 2904 uliagpkx - ok
00:51:37.0192 2904 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\windows\system32\DRIVERS\umbus.sys
00:51:37.0192 2904 umbus - ok
00:51:37.0223 2904 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
00:51:37.0223 2904 UmPass - ok
00:51:37.0270 2904 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
00:51:37.0769 2904 upnphost - ok
00:51:37.0847 2904 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
00:51:37.0863 2904 usbccgp - ok
00:51:37.0894 2904 USBCCID - ok
00:51:37.0925 2904 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
00:51:37.0925 2904 usbcir - ok
00:51:37.0957 2904 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
00:51:37.0957 2904 usbehci - ok
00:51:37.0988 2904 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
00:51:38.0003 2904 usbhub - ok
00:51:38.0050 2904 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
00:51:38.0050 2904 usbohci - ok
00:51:38.0081 2904 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
00:51:38.0081 2904 usbprint - ok
00:51:38.0113 2904 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
00:51:38.0113 2904 USBSTOR - ok
00:51:38.0144 2904 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
00:51:38.0144 2904 usbuhci - ok
00:51:38.0175 2904 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
00:51:38.0175 2904 UxSms - ok
00:51:38.0206 2904 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\windows\system32\lsass.exe
00:51:38.0206 2904 VaultSvc - ok
00:51:38.0253 2904 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
00:51:38.0253 2904 vdrvroot - ok
00:51:38.0300 2904 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\windows\System32\vds.exe
00:51:38.0315 2904 vds - ok
00:51:38.0347 2904 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
00:51:38.0347 2904 vga - ok
00:51:38.0378 2904 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
00:51:38.0393 2904 VgaSave - ok
00:51:38.0440 2904 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
00:51:38.0440 2904 vhdmp - ok
00:51:38.0471 2904 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\DRIVERS\viaagp.sys
00:51:38.0471 2904 viaagp - ok
00:51:38.0487 2904 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
00:51:38.0487 2904 ViaC7 - ok
00:51:38.0503 2904 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\DRIVERS\viaide.sys
00:51:38.0503 2904 viaide - ok
00:51:38.0534 2904 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
00:51:38.0534 2904 volmgr - ok
00:51:38.0581 2904 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
00:51:38.0581 2904 volmgrx - ok
00:51:38.0612 2904 [ 58DF9D2481A56EDDE167E51B334D44FD ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
00:51:38.0612 2904 volsnap - ok
00:51:38.0659 2904 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
00:51:38.0659 2904 vsmraid - ok
00:51:38.0705 2904 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\windows\system32\vssvc.exe
00:51:38.0721 2904 VSS - ok
00:51:38.0846 2904 [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
00:51:38.0877 2904 vToolbarUpdater12.2.0 - ok
00:51:38.0893 2904 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
00:51:38.0908 2904 vwifibus - ok
00:51:38.0924 2904 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
00:51:38.0924 2904 vwififlt - ok
00:51:38.0986 2904 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
00:51:38.0986 2904 vwifimp - ok
00:51:39.0033 2904 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
00:51:39.0049 2904 W32Time - ok
00:51:39.0080 2904 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
00:51:39.0080 2904 WacomPen - ok
00:51:39.0095 2904 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
00:51:39.0095 2904 WANARP - ok
00:51:39.0111 2904 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
00:51:39.0111 2904 Wanarpv6 - ok
00:51:39.0189 2904 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\windows\system32\wbengine.exe
00:51:39.0205 2904 wbengine - ok
00:51:39.0220 2904 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
00:51:39.0220 2904 WbioSrvc - ok
00:51:39.0283 2904 [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc C:\windows\System32\wcncsvc.dll
00:51:39.0298 2904 wcncsvc - ok
00:51:39.0345 2904 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:51:39.0345 2904 WcsPlugInService - ok
00:51:39.0392 2904 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
00:51:39.0407 2904 Wd - ok
00:51:39.0439 2904 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
00:51:39.0454 2904 Wdf01000 - ok
00:51:39.0485 2904 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
00:51:39.0501 2904 WdiServiceHost - ok
00:51:39.0501 2904 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
00:51:39.0517 2904 WdiSystemHost - ok
00:51:39.0548 2904 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\windows\System32\webclnt.dll
00:51:39.0563 2904 WebClient - ok
00:51:39.0579 2904 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
00:51:39.0595 2904 Wecsvc - ok
00:51:39.0641 2904 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
00:51:39.0641 2904 wercplsupport - ok
00:51:39.0688 2904 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
00:51:39.0688 2904 WerSvc - ok
00:51:39.0719 2904 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
00:51:39.0719 2904 WfpLwf - ok
00:51:39.0751 2904 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
00:51:39.0751 2904 WIMMount - ok
00:51:39.0844 2904 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
00:51:39.0860 2904 WinDefend - ok
00:51:39.0875 2904 WinHttpAutoProxySvc - ok
00:51:39.0969 2904 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
00:51:39.0969 2904 Winmgmt - ok
00:51:40.0031 2904 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\windows\system32\WsmSvc.dll
00:51:40.0047 2904 WinRM - ok
00:51:40.0125 2904 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
00:51:40.0125 2904 Wlansvc - ok
00:51:40.0156 2904 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
00:51:40.0156 2904 WmiAcpi - ok
00:51:40.0203 2904 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
00:51:40.0203 2904 wmiApSrv - ok
00:51:40.0312 2904 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
00:51:40.0343 2904 WMPNetworkSvc - ok
00:51:40.0390 2904 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
00:51:40.0390 2904 WPCSvc - ok
00:51:40.0421 2904 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
00:51:40.0421 2904 WPDBusEnum - ok
00:51:40.0468 2904 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
00:51:40.0468 2904 ws2ifsl - ok
00:51:40.0577 2904 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\system32\wscsvc.dll
00:51:40.0593 2904 wscsvc - ok
00:51:40.0609 2904 WSearch - ok
00:51:40.0733 2904 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
00:51:40.0765 2904 wuauserv - ok
00:51:40.0780 2904 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\windows\system32\drivers\WudfPf.sys
00:51:40.0796 2904 WudfPf - ok
00:51:40.0827 2904 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
00:51:41.0779 2904 WUDFRd - ok
00:51:41.0825 2904 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\windows\System32\WUDFSvc.dll
00:51:41.0825 2904 wudfsvc - ok
00:51:41.0857 2904 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
00:51:41.0872 2904 WwanSvc - ok
00:51:41.0997 2904 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:51:42.0013 2904 YahooAUService - ok
00:51:42.0059 2904 ================ Scan global ===============================
00:51:42.0137 2904 [ 9A595DF601070DA78C40481120DD2C06 ] C:\windows\system32\basesrv.dll
00:51:42.0169 2904 [ 827E4F75901CA3F990B1487D3301841E ] C:\windows\system32\winsrv.dll
00:51:42.0184 2904 [ 827E4F75901CA3F990B1487D3301841E ] C:\windows\system32\winsrv.dll
00:51:42.0231 2904 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
00:51:42.0278 2904 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
00:51:42.0278 2904 [Global] - ok
00:51:42.0293 2904 ================ Scan MBR ==================================
00:51:42.0309 2904 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
00:51:42.0527 2904 \Device\Harddisk0\DR0 - ok
00:51:42.0527 2904 ================ Scan VBR ==================================
00:51:42.0543 2904 [ 4D190DFBE6B0240214791C2EDE34DD65 ] \Device\Harddisk0\DR0\Partition1
00:51:42.0543 2904 \Device\Harddisk0\DR0\Partition1 - ok
00:51:42.0543 2904 ============================================================
00:51:42.0543 2904 Scan finished
00:51:42.0543 2904 ============================================================
00:51:42.0574 4856 Detected object count: 0
00:51:42.0574 4856 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 27 August 2012 - 02:51 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

Folder::
c:\program files\Ask.com
c:\users\Crystal\AppData\Local\AskToolbar

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 davis.dirt

davis.dirt
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 27 August 2012 - 11:46 PM

:thumbsup2: Here is the second dode of ComboFix. My computer is running soooooooooooooooooooooo much better Gringo. I am so relieved!! Can you explain what happened during which step of this process? I do not have any antivirus running and there are no popups, redirects, or anything that would suggest my computer is at risk. My computer used to seem like it was bogged down or overwhelmed with too much activity. It seems like it is running as good as it was when it came out of the box.

Now that we cured my computer, what should I install that maintain a healthy laptop?? Thank you!!!!!!

ComboFix 12-08-25.04 - Crystal 08/27/2012 4:48.2.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.1018 [GMT -6:00]
Running from: c:\users\Crystal\Desktop\ComboFix.exe
Command switches used :: c:\users\Crystal\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_434.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\users\Crystal\AppData\Local\AskToolbar
c:\users\Crystal\AppData\Local\AskToolbar\Downloaded Program Files\nero.inf
c:\users\Crystal\AppData\Local\AskToolbar\Downloaded Program Files\Nerooeopd.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7cbe36fa67e9e871.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 10:57 . 2012-08-27 10:57 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-27 10:57 . 2012-08-27 10:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 04:23 . 2012-08-25 04:23 9232584 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-08-23 09:46 . 2012-08-25 04:52 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-13 10:27 . 2012-08-25 06:00 -------- d-----w- c:\users\Classic .NET AppPool
2012-08-13 10:23 . 2012-08-25 05:59 -------- d-----w- c:\windows\system32\BestPractices
2012-08-13 10:23 . 2012-08-25 05:58 -------- d-----w- C:\inetpub
2012-08-13 05:37 . 2012-08-25 05:58 -------- d-----w- c:\users\Crystal\AppData\Roaming\AVG2012
2012-08-13 05:34 . 2012-08-27 08:14 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-13 05:34 . 2012-08-27 08:14 -------- d-----w- c:\program files\AVG Secure Search
2012-08-13 05:32 . 2012-08-13 05:32 -------- d-----w- C:\$AVG
2012-08-13 05:32 . 2012-08-27 00:52 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-13 05:32 . 2012-08-25 05:58 -------- d-----w- c:\programdata\AVG2012
2012-08-13 05:30 . 2012-08-25 05:51 -------- d-----w- c:\program files\AVG
2012-08-13 05:23 . 2012-08-27 00:52 -------- d-----w- c:\programdata\MFAData
2012-08-04 03:52 . 2012-08-04 03:52 -------- d-----w- c:\programdata\vsosdk
2012-08-03 21:37 . 2012-07-13 20:08 364360 ----a-w- c:\windows\system32\EasyRedirect.dll
2012-08-03 21:36 . 2012-08-25 05:51 -------- d-----w- c:\program files\Easy-Hide-IP
2012-08-02 08:53 . 2012-03-01 05:53 19312 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-02 08:53 . 2012-03-01 05:49 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-02 08:53 . 2012-03-01 05:45 158720 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-02 08:53 . 2012-03-01 05:40 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-02 08:52 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2012-08-02 08:51 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-02 08:51 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-02 08:51 . 2010-09-14 06:07 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2012-08-02 06:23 . 2012-08-02 07:53 -------- d-----w- c:\programdata\xml_param
2012-08-02 04:57 . 2012-08-02 04:57 -------- d-----w- c:\users\Crystal\AppData\Roaming\Wondershare Video Converter Ultimate
2012-08-02 04:56 . 2012-08-02 04:56 -------- d-----w- c:\users\Crystal\AppData\Local\Wondershare
2012-08-02 04:56 . 2012-08-25 05:51 -------- d-----w- c:\program files\Common Files\Wondershare
2012-08-02 04:56 . 2012-07-20 15:54 496640 ----a-w- c:\windows\system32\xvid.ax
2012-08-02 04:56 . 2012-07-20 15:54 892928 ----a-w- c:\windows\system32\iconv.dll
2012-08-02 04:56 . 2012-07-20 15:54 675840 ----a-w- c:\windows\system32\ac3filter.ax
2012-08-02 04:56 . 2012-08-02 08:24 -------- d-----w- c:\program files\Wondershare
2012-08-02 02:53 . 2012-08-02 02:53 -------- d-----w- c:\users\Crystal\AppData\Roaming\C__Users_Crystal_Downloads_Hide IP Easy v5.1.6.6 + Crack { LAtest 2012 Version } Mr.Perfect_Crack_HideIPEasy.exe
2012-08-02 02:53 . 2012-08-02 02:53 -------- d-----w- c:\programdata\C__Users_Crystal_Downloads_Hide IP Easy v5.1.6.6 + Crack { LAtest 2012 Version } Mr.Perfect_Crack_HideIPEasy.exe
2012-07-29 08:35 . 2012-07-29 08:35 -------- d-----w- c:\users\Crystal\Podcasts
2012-07-29 08:21 . 2012-08-25 05:53 -------- d-----w- c:\users\Crystal\AppData\Local\Sony
2012-07-29 08:21 . 2012-08-25 05:51 -------- d-----w- c:\program files\Common Files\Sony Shared
2012-07-29 08:19 . 2012-08-25 05:52 -------- d-----w- c:\program files\Sony
2012-07-29 08:19 . 2012-07-29 08:21 -------- d-----w- c:\programdata\Sony Corporation
2012-07-29 08:15 . 2012-08-25 05:52 -------- d-----w- c:\program files\Sony Media Go Install
2012-07-29 08:15 . 2012-07-29 08:50 -------- d-----w- c:\users\Crystal\AppData\Roaming\Sony
2012-07-29 06:28 . 2012-07-29 10:44 -------- d-----w- c:\users\Crystal\AppData\Local\Nero
2012-07-29 06:14 . 2012-08-25 05:53 -------- d-----w- c:\users\Crystal\AppData\Roaming\Nero
2012-07-29 05:56 . 2012-08-25 05:52 -------- d-----w- c:\programdata\Nero
2012-07-29 05:45 . 2012-07-29 05:45 -------- d-----w- c:\users\Crystal\AppData\Roaming\HideIPEasy
2012-07-29 05:45 . 2012-07-29 05:45 -------- d-----w- c:\programdata\HideIPEasy
2012-07-29 05:18 . 2012-07-29 05:18 -------- d-----w- c:\users\Crystal\AppData\Roaming\Apple Computer
2012-07-29 05:15 . 2011-12-01 17:40 12464 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-07-29 05:15 . 2012-08-25 05:55 -------- dc----w- c:\windows\system32\DRVSTORE
2012-07-29 05:15 . 2011-12-01 17:40 56496 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-07-29 05:15 . 2012-08-25 05:52 -------- d-----w- c:\program files\Nero
2012-07-29 05:14 . 2012-08-25 05:58 -------- d-----w- C:\Firefox
2012-07-29 05:11 . 2009-11-25 18:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-07-29 05:11 . 2009-11-25 18:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-07-29 05:11 . 2009-11-25 18:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-07-29 05:11 . 2009-11-25 18:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-07-29 05:11 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-07-29 05:08 . 2010-05-26 17:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-07-29 05:08 . 2010-05-26 17:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-07-29 05:08 . 2010-05-26 17:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-07-29 05:08 . 2010-05-26 17:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-07-29 05:08 . 2010-05-26 17:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-07-29 05:07 . 2009-09-04 23:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-07-29 05:06 . 2009-09-04 23:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-07-29 05:05 . 2008-10-15 12:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 04:23 . 2012-06-04 02:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 04:23 . 2012-06-04 02:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-24 06:37 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
2012-06-02 22:19 . 2012-06-26 11:56 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 11:56 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 11:56 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 11:56 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 11:56 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 11:56 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 11:56 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-26 11:56 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:12 . 2012-06-26 11:56 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-27 08:14 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-27 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Crystal\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 39408]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2012-05-25 6595928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 611672]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-27 947808]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-07-05 421888]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-13 1020512]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-27 1022048]
.
c:\users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Crystal\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-6-13 27595032]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 EasyRedirect;EasyRedirect;c:\program files\Easy-Hide-IP\rdr\EasyRedirect.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [x]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 69329231
*NewlyCreated* - ASWMBR
*Deregistered* - 69329231
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 04:23]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-20 10:02]
.
2012-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-20 10:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\EasyRedirect.dll
Trusted Zone: cnet.com\download
Trusted Zone: stealthgenie.com\www
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\05\03\1e\08,5o"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-27 05:00:36
ComboFix-quarantined-files.txt 2012-08-27 11:00
ComboFix2.txt 2012-08-26 00:24
.
Pre-Run: 190,919,811,072 bytes free
Post-Run: 190,949,646,336 bytes free
.
- - End Of File - - 1A6913DDA6F37E09EFC0DA6A88F7BF48

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 28 August 2012 - 06:37 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Ask Toolbar
Ask Toolbar Updater
BitTorrent
Java™ 6 Update 14
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 31 August 2012 - 10:35 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 02 September 2012 - 11:29 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:31 PM

Posted 08 September 2012 - 12:38 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users