Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svchost.exe *32: winrscmde


  • This topic is locked This topic is locked
25 replies to this topic

#1 Millene

Millene

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 23 September 2012 - 09:35 PM

I have the same issue as 467558 and 464588
Have Avast and Malwarebytes
Windows 7 64-bit

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 24 September 2012 - 01:15 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Millene

Millene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 24 September 2012 - 09:13 AM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1
Run by Kotaro at 10:03:27 on 2012-09-24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2500 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\wermgr.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} - hxxp://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 71.3.0.116 76.2.127.122
TCP: Interfaces\{620A531E-124D-4794-B4DC-CE00011AF19F} : DhcpNameServer = 71.3.0.116 76.2.127.122
TCP: Interfaces\{620A531E-124D-4794-B4DC-CE00011AF19F}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{620A531E-124D-4794-B4DC-CE00011AF19F}\75966496E405C4 : DhcpNameServer = 204.215.43.3 209.26.88.31
TCP: Interfaces\{620A531E-124D-4794-B4DC-CE00011AF19F}\B696E67646F6D60A865616274737 : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.co.jp/
FF - prefs.js: keyword.URL - hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o=16705&locale=en_US&apn_uid=4C3491A5-1CA9-4354-8717-F9E9236F47F3&apn_ptnrs=2R&apn_sauid=7F06CC20-4000-4C63-8607-295DE846A1B2&apn_dtid=get001YYUS&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-9-22 44808]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-1-4 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-1-4 126392]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-19 136176]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\Hamachi\hamachi-2.exe [2011-8-15 2329480]
S3 Mkd2Bthf;Mkd2Bthf;C:\windows\system32\drivers\Mkd2Bthf.sys --> C:\windows\system32\drivers\Mkd2Bthf.sys [?]
S3 Mkd2Nadr;Mkd2Nadr;C:\windows\system32\drivers\Mkd2Nadr.sys --> C:\windows\system32\drivers\Mkd2Nadr.sys [?]
S3 Mkd3kfNt;Mkd3kfNt;C:\windows\system32\drivers\Mkd3kfNt.sys --> C:\windows\system32\drivers\Mkd3kfNt.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-7-19 332272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-1-4 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-09-24 02:10:08 20480 ----a-w- C:\windows\svchost.exe
2012-09-23 21:32:29 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{311673DE-9D5E-49DB-B68E-98C2C34DD8B0}\offreg.dll
2012-09-23 00:11:15 54072 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2012-09-23 00:11:12 969200 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2012-09-23 00:11:04 71600 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2012-09-23 00:10:03 41224 ----a-w- C:\windows\avastSS.scr
2012-09-23 00:09:47 -------- d-----w- C:\ProgramData\AVAST Software
2012-09-23 00:09:47 -------- d-----w- C:\Program Files\AVAST Software
2012-09-22 23:49:47 -------- d-----w- C:\Users\Kotaro\AppData\Roaming\Malwarebytes
2012-09-22 23:49:31 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-22 23:49:30 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-22 23:49:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-22 23:26:57 -------- d-----w- C:\windows\pss
2012-09-22 16:56:35 -------- d-----w- C:\Users\Kotaro\AppData\Roaming\Seagate
2012-09-22 16:56:10 -------- d-----w- C:\Program Files (x86)\Seagate
2012-09-21 18:32:39 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{311673DE-9D5E-49DB-B68E-98C2C34DD8B0}\mpengine.dll
2012-09-20 22:20:45 -------- d-----r- C:\Program Files (x86)\Skype
2012-09-20 21:43:17 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-20 21:43:17 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-14 20:17:40 -------- d-----w- C:\Users\Kotaro\AppData\Roaming\uTorrent
2012-09-09 16:46:06 77824 ----a-w- C:\windows\zipexe_r.exe
2012-09-03 01:38:22 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-08-30 07:33:31 -------- d-----w- C:\Users\Kotaro\AppData\Roaming\DVD Flick
2012-08-30 07:00:16 40960 ----a-w- C:\windows\SysWow64\ssubtmr6.dll
2012-08-30 07:00:15 662288 ----a-w- C:\windows\SysWow64\mscomct2.ocx
2012-08-30 07:00:15 36864 ----a-w- C:\windows\SysWow64\trayicon_handler.ocx
2012-08-30 07:00:15 28672 ----a-w- C:\windows\SysWow64\mousewheel.ocx
2012-08-30 07:00:15 212240 ----a-w- C:\windows\SysWow64\richtx32.ocx
2012-08-30 07:00:15 164144 ----a-w- C:\windows\SysWow64\comct232.ocx
2012-08-30 07:00:14 -------- d-----w- C:\Program Files (x86)\DVD Flick
.
==================== Find3M ====================
.
2012-08-24 18:05:27 1197568 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 18:02:20 57856 ----a-w- C:\windows\System32\licmgr10.dll
2012-08-24 17:10:47 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 17:08:47 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45:23 482816 ----a-w- C:\windows\System32\html.iec
2012-08-24 16:02:45 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 16:01:45 386048 ----a-w- C:\windows\SysWow64\html.iec
2012-08-24 15:27:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-07-18 17:31:12 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-07-06 02:06:30 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-07-04 22:01:38 58880 ----a-w- C:\windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\windows\SysWow64\browcli.dll
.
============= FINISH: 10:08:16.43 ===============










.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/16/2011 6:12:33 PM
System Uptime: 9/24/2012 9:56:09 AM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon™ II P340 Dual-Core Processor | Socket S1G4 | 792/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 72.959 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi
.
==== System Restore Points ===================
.
RP488: 9/22/2012 5:42:38 PM - Windows Update
RP490: 9/22/2012 7:43:22 PM - Windows Defender Checkpoint
RP491: 9/22/2012 8:09:13 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
7-Zip 9.20.07 alpha
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.5
AhnLab Online Security
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Audacity 1.2.6
avast! Free Antivirus
BitTorrent
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDisplay 1.8
Combined Community Codec Pack 2011-11-11
DVD Flick 1.3.0.7
foobar2000 v1.1.5
GameStop App
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java™ 6 Update 31
Java™ 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
KeyHoleTV
Label@Once 1.0
Livestream Procaster
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Choice Guard
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
OpenOffice.org 3.3
Pokemon Online 2.0.02
Quickbooks Financial Center
Realtek USB 2.0 Card Reader
Riva FLV Encoder 2.0
Riva FLV Player
Seagate Dashboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Launcher
Skype™ 5.10
Sonic the Hedgehog™ 4 Episode 1
SpeedFan (remove only)
Steam
Super Mario Fusion Revival
System Requirements Lab CYRI
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
Viewpoint Media Player (Remove Only)
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.3
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
9/23/2012 5:28:00 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
9/23/2012 11:41:10 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/23/2012 10:14:14 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/23/2012 10:13:39 PM, Error: Service Control Manager [7031] - The Common Client Job Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/23/2012 10:13:28 PM, Error: Service Control Manager [7034] - The Toshiba Laptop Checkup Application Launcher service terminated unexpectedly. It has done this 1 time(s).
9/23/2012 10:11:43 PM, Error: Service Control Manager [7034] - The Seagate Dashboard Service service terminated unexpectedly. It has done this 1 time(s).
9/22/2012 5:44:37 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
9/22/2012 5:41:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
9/22/2012 4:18:45 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/20/2012 3:26:45 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
9/19/2012 5:32:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
9/19/2012 5:32:04 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 24 September 2012 - 11:31 AM

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Millene

Millene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 24 September 2012 - 01:00 PM

# AdwCleaner v2.003 - Logfile created 09/24/2012 at 13:51:34
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Kotaro - KOTAROPC
# Boot Mode : Normal
# Running from : C:\Users\Kotaro\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Kotaro\AppData\Local\Wajam

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\prefs.js

Deleted : user_pref("browser.search.defaultengine", "Search-Results");
Deleted : user_pref("browser.search.defaultenginename", "Search-Results");
Deleted : user_pref("browser.search.order.1", "Search-Results");
Deleted : user_pref("keyword.URL", "hxxp://websearch.search-results.com/redirect?client=ff&src=kw&tb=GET-SRS&o[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kotaro\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [4113 octets] - [24/09/2012 13:51:34]

########## EOF - C:\AdwCleaner[S1].txt - [4173 octets] ##########














RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Kotaro [Admin rights]
Mode : Scan -- Date : 09/24/2012 13:56:50

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3265GSXN ATA Device +++++
--- User ---
[MBR] 2f506b61e1b3c53ee9c21f3b5c80d18a
[BSP] ab55c5fedf8326ac7158139edb8bf539 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294358 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 605919232 | Size: 9386 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 440d6057250c71bb14e7dab4c451f189
[BSP] ab55c5fedf8326ac7158139edb8bf539 : Windows Vista MBR Code
Partition table:
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294358 Mo
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 605919232 | Size: 9386 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 24 September 2012 - 01:02 PM

Greetings Millene

Good job!!

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Millene

Millene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 24 September 2012 - 02:05 PM

14:13:58.0596 3712 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:13:59.0110 3712 ============================================================
14:13:59.0110 3712 Current date / time: 2012/09/24 14:13:59.0110
14:13:59.0110 3712 SystemInfo:
14:13:59.0110 3712
14:13:59.0110 3712 OS Version: 6.1.7600 ServicePack: 0.0
14:13:59.0110 3712 Product type: Workstation
14:13:59.0110 3712 ComputerName: KOTAROPC
14:13:59.0110 3712 UserName: Kotaro
14:13:59.0110 3712 Windows directory: C:\windows
14:13:59.0110 3712 System windows directory: C:\windows
14:13:59.0110 3712 Running under WOW64
14:13:59.0110 3712 Processor architecture: Intel x64
14:13:59.0110 3712 Number of processors: 2
14:13:59.0110 3712 Page size: 0x1000
14:13:59.0110 3712 Boot type: Normal boot
14:13:59.0110 3712 ============================================================
14:14:00.0296 3712 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:14:00.0343 3712 ============================================================
14:14:00.0343 3712 \Device\Harddisk0\DR0:
14:14:00.0343 3712 MBR partitions:
14:14:00.0343 3712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23EEB000
14:14:00.0343 3712 ============================================================
14:14:00.0374 3712 C: <-> \Device\Harddisk0\DR0\Partition1
14:14:00.0374 3712 ============================================================
14:14:00.0374 3712 Initialize success
14:14:00.0374 3712 ============================================================
14:14:05.0818 2252 ============================================================
14:14:05.0818 2252 Scan started
14:14:05.0818 2252 Mode: Manual;
14:14:05.0818 2252 ============================================================
14:14:06.0957 2252 ================ Scan system memory ========================
14:14:06.0957 2252 System memory - ok
14:14:06.0957 2252 ================ Scan services =============================
14:14:07.0129 2252 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
14:14:07.0144 2252 1394ohci - ok
14:14:07.0191 2252 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
14:14:07.0191 2252 ACPI - ok
14:14:07.0238 2252 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
14:14:07.0238 2252 AcpiPmi - ok
14:14:07.0300 2252 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
14:14:07.0316 2252 adp94xx - ok
14:14:07.0347 2252 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
14:14:07.0347 2252 adpahci - ok
14:14:07.0394 2252 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
14:14:07.0394 2252 adpu320 - ok
14:14:07.0425 2252 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
14:14:07.0425 2252 AeLookupSvc - ok
14:14:07.0488 2252 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\windows\system32\drivers\afd.sys
14:14:07.0503 2252 AFD - ok
14:14:07.0566 2252 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
14:14:07.0566 2252 agp440 - ok
14:14:07.0612 2252 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
14:14:07.0628 2252 ALG - ok
14:14:07.0659 2252 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
14:14:07.0659 2252 aliide - ok
14:14:07.0706 2252 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
14:14:07.0706 2252 AMD External Events Utility - ok
14:14:07.0737 2252 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
14:14:07.0737 2252 amdide - ok
14:14:07.0768 2252 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
14:14:07.0768 2252 AmdK8 - ok
14:14:07.0940 2252 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\windows\system32\DRIVERS\atipmdag.sys
14:14:08.0096 2252 amdkmdag - ok
14:14:08.0143 2252 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
14:14:08.0143 2252 amdkmdap - ok
14:14:08.0190 2252 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
14:14:08.0190 2252 AmdPPM - ok
14:14:08.0299 2252 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\windows\system32\drivers\amdsata.sys
14:14:08.0346 2252 amdsata - ok
14:14:08.0470 2252 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
14:14:08.0486 2252 amdsbs - ok
14:14:08.0502 2252 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\windows\system32\drivers\amdxata.sys
14:14:08.0502 2252 amdxata - ok
14:14:08.0564 2252 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
14:14:08.0564 2252 AppID - ok
14:14:08.0611 2252 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
14:14:08.0611 2252 AppIDSvc - ok
14:14:08.0642 2252 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
14:14:08.0642 2252 Appinfo - ok
14:14:08.0673 2252 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
14:14:08.0689 2252 arc - ok
14:14:08.0704 2252 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
14:14:08.0704 2252 arcsas - ok
14:14:08.0751 2252 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
14:14:08.0751 2252 aswFsBlk - ok
14:14:08.0798 2252 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
14:14:08.0814 2252 aswMonFlt - ok
14:14:08.0860 2252 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
14:14:08.0860 2252 aswRdr - ok
14:14:08.0938 2252 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\windows\system32\drivers\aswSnx.sys
14:14:08.0954 2252 aswSnx - ok
14:14:09.0032 2252 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\windows\system32\drivers\aswSP.sys
14:14:09.0032 2252 aswSP - ok
14:14:09.0094 2252 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\windows\system32\drivers\aswTdi.sys
14:14:09.0094 2252 aswTdi - ok
14:14:09.0141 2252 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
14:14:09.0141 2252 AsyncMac - ok
14:14:09.0188 2252 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
14:14:09.0188 2252 atapi - ok
14:14:09.0313 2252 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\windows\system32\DRIVERS\athrx.sys
14:14:09.0344 2252 athr - ok
14:14:09.0406 2252 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
14:14:09.0406 2252 AtiPcie - ok
14:14:09.0469 2252 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
14:14:09.0484 2252 AudioEndpointBuilder - ok
14:14:09.0500 2252 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
14:14:09.0516 2252 AudioSrv - ok
14:14:09.0687 2252 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:14:09.0703 2252 avast! Antivirus - ok
14:14:09.0750 2252 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
14:14:09.0750 2252 AxInstSV - ok
14:14:09.0812 2252 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
14:14:09.0828 2252 b06bdrv - ok
14:14:09.0874 2252 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
14:14:09.0874 2252 b57nd60a - ok
14:14:09.0937 2252 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
14:14:09.0952 2252 BDESVC - ok
14:14:09.0968 2252 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
14:14:09.0968 2252 Beep - ok
14:14:10.0062 2252 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
14:14:10.0077 2252 BFE - ok
14:14:10.0108 2252 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\System32\qmgr.dll
14:14:10.0124 2252 BITS - ok
14:14:10.0186 2252 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
14:14:10.0186 2252 blbdrive - ok
14:14:10.0233 2252 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
14:14:10.0233 2252 bowser - ok
14:14:10.0280 2252 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
14:14:10.0280 2252 BrFiltLo - ok
14:14:10.0311 2252 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
14:14:10.0311 2252 BrFiltUp - ok
14:14:10.0358 2252 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\windows\System32\browser.dll
14:14:10.0358 2252 Browser - ok
14:14:10.0389 2252 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
14:14:10.0405 2252 Brserid - ok
14:14:10.0420 2252 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
14:14:10.0420 2252 BrSerWdm - ok
14:14:10.0436 2252 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
14:14:10.0436 2252 BrUsbMdm - ok
14:14:10.0467 2252 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
14:14:10.0467 2252 BrUsbSer - ok
14:14:10.0498 2252 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
14:14:10.0498 2252 BTHMODEM - ok
14:14:10.0545 2252 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
14:14:10.0545 2252 bthserv - ok
14:14:10.0592 2252 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
14:14:10.0592 2252 cdfs - ok
14:14:10.0654 2252 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
14:14:10.0670 2252 cdrom - ok
14:14:10.0717 2252 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
14:14:10.0717 2252 CertPropSvc - ok
14:14:10.0764 2252 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
14:14:10.0764 2252 circlass - ok
14:14:10.0795 2252 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
14:14:10.0795 2252 CLFS - ok
14:14:10.0857 2252 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:10.0857 2252 clr_optimization_v2.0.50727_32 - ok
14:14:10.0920 2252 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:14:10.0920 2252 clr_optimization_v2.0.50727_64 - ok
14:14:11.0013 2252 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:14:11.0013 2252 clr_optimization_v4.0.30319_32 - ok
14:14:11.0107 2252 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:14:11.0107 2252 clr_optimization_v4.0.30319_64 - ok
14:14:11.0154 2252 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
14:14:11.0169 2252 CmBatt - ok
14:14:11.0200 2252 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
14:14:11.0200 2252 cmdide - ok
14:14:11.0247 2252 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\windows\system32\Drivers\cng.sys
14:14:11.0263 2252 CNG - ok
14:14:11.0341 2252 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
14:14:11.0356 2252 CnxtHdAudService - ok
14:14:11.0388 2252 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
14:14:11.0403 2252 Compbatt - ok
14:14:11.0434 2252 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
14:14:11.0434 2252 CompositeBus - ok
14:14:11.0450 2252 COMSysApp - ok
14:14:11.0481 2252 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
14:14:11.0481 2252 crcdisk - ok
14:14:11.0528 2252 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\windows\system32\cryptsvc.dll
14:14:11.0528 2252 CryptSvc - ok
14:14:11.0590 2252 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
14:14:11.0606 2252 DcomLaunch - ok
14:14:11.0653 2252 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
14:14:11.0653 2252 defragsvc - ok
14:14:11.0715 2252 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
14:14:11.0715 2252 DfsC - ok
14:14:11.0778 2252 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
14:14:11.0778 2252 Dhcp - ok
14:14:11.0809 2252 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
14:14:11.0809 2252 discache - ok
14:14:11.0871 2252 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
14:14:11.0871 2252 Disk - ok
14:14:11.0918 2252 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
14:14:11.0934 2252 Dnscache - ok
14:14:11.0965 2252 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
14:14:11.0965 2252 dot3svc - ok
14:14:11.0996 2252 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
14:14:11.0996 2252 DPS - ok
14:14:12.0043 2252 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
14:14:12.0043 2252 drmkaud - ok
14:14:12.0090 2252 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
14:14:12.0105 2252 DXGKrnl - ok
14:14:12.0168 2252 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
14:14:12.0168 2252 EapHost - ok
14:14:12.0277 2252 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
14:14:12.0355 2252 ebdrv - ok
14:14:12.0386 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\windows\System32\lsass.exe
14:14:12.0386 2252 EFS - ok
14:14:12.0464 2252 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\windows\ehome\ehRecvr.exe
14:14:12.0480 2252 ehRecvr - ok
14:14:12.0511 2252 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
14:14:12.0511 2252 ehSched - ok
14:14:12.0573 2252 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
14:14:12.0573 2252 elxstor - ok
14:14:12.0589 2252 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
14:14:12.0604 2252 ErrDev - ok
14:14:12.0667 2252 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
14:14:12.0682 2252 EventSystem - ok
14:14:12.0698 2252 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
14:14:12.0714 2252 exfat - ok
14:14:12.0729 2252 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
14:14:12.0729 2252 fastfat - ok
14:14:12.0792 2252 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
14:14:12.0807 2252 Fax - ok
14:14:12.0854 2252 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
14:14:12.0854 2252 fdc - ok
14:14:12.0885 2252 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
14:14:12.0885 2252 fdPHost - ok
14:14:12.0901 2252 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
14:14:12.0901 2252 FDResPub - ok
14:14:12.0916 2252 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
14:14:12.0932 2252 FileInfo - ok
14:14:12.0932 2252 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
14:14:12.0948 2252 Filetrace - ok
14:14:12.0963 2252 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
14:14:12.0963 2252 flpydisk - ok
14:14:12.0994 2252 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
14:14:12.0994 2252 FltMgr - ok
14:14:13.0057 2252 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
14:14:13.0088 2252 FontCache - ok
14:14:13.0119 2252 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:14:13.0119 2252 FontCache3.0.0.0 - ok
14:14:13.0166 2252 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
14:14:13.0166 2252 FsDepends - ok
14:14:13.0213 2252 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
14:14:13.0213 2252 Fs_Rec - ok
14:14:13.0260 2252 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
14:14:13.0275 2252 fvevol - ok
14:14:13.0322 2252 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
14:14:13.0322 2252 FwLnk - ok
14:14:13.0369 2252 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
14:14:13.0369 2252 gagp30kx - ok
14:14:13.0416 2252 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
14:14:13.0447 2252 gpsvc - ok
14:14:13.0556 2252 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:14:13.0556 2252 gupdate - ok
14:14:13.0587 2252 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:14:13.0587 2252 gupdatem - ok
14:14:13.0665 2252 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:14:13.0665 2252 gusvc - ok
14:14:13.0790 2252 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\windows\system32\DRIVERS\hamachi.sys
14:14:13.0837 2252 hamachi - ok
14:14:14.0008 2252 [ CE77BC37BDD36C9DC50C3591EBAC3FA3 ] Hamachi2Svc C:\Program Files (x86)\Hamachi\hamachi-2.exe
14:14:14.0024 2252 Hamachi2Svc - ok
14:14:14.0055 2252 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
14:14:14.0055 2252 hcw85cir - ok
14:14:14.0102 2252 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
14:14:14.0118 2252 HdAudAddService - ok
14:14:14.0149 2252 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
14:14:14.0149 2252 HDAudBus - ok
14:14:14.0164 2252 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
14:14:14.0164 2252 HidBatt - ok
14:14:14.0180 2252 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
14:14:14.0180 2252 HidBth - ok
14:14:14.0211 2252 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
14:14:14.0211 2252 HidIr - ok
14:14:14.0242 2252 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
14:14:14.0242 2252 hidserv - ok
14:14:14.0305 2252 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
14:14:14.0305 2252 HidUsb - ok
14:14:14.0336 2252 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
14:14:14.0352 2252 hkmsvc - ok
14:14:14.0367 2252 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
14:14:14.0367 2252 HomeGroupListener - ok
14:14:14.0398 2252 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
14:14:14.0398 2252 HomeGroupProvider - ok
14:14:14.0461 2252 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
14:14:14.0461 2252 HpSAMD - ok
14:14:14.0508 2252 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
14:14:14.0523 2252 HTTP - ok
14:14:14.0554 2252 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
14:14:14.0554 2252 hwpolicy - ok
14:14:14.0617 2252 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
14:14:14.0617 2252 i8042prt - ok
14:14:14.0664 2252 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\windows\system32\drivers\iaStorV.sys
14:14:14.0679 2252 iaStorV - ok
14:14:14.0757 2252 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:14:14.0773 2252 idsvc - ok
14:14:14.0820 2252 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
14:14:14.0820 2252 iirsp - ok
14:14:14.0882 2252 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
14:14:14.0913 2252 IKEEXT - ok
14:14:14.0929 2252 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
14:14:14.0929 2252 intelide - ok
14:14:14.0944 2252 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
14:14:14.0944 2252 intelppm - ok
14:14:14.0976 2252 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
14:14:14.0976 2252 IPBusEnum - ok
14:14:15.0007 2252 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
14:14:15.0007 2252 IpFilterDriver - ok
14:14:15.0038 2252 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
14:14:15.0038 2252 iphlpsvc - ok
14:14:15.0069 2252 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
14:14:15.0069 2252 IPMIDRV - ok
14:14:15.0100 2252 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
14:14:15.0100 2252 IPNAT - ok
14:14:15.0132 2252 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
14:14:15.0132 2252 IRENUM - ok
14:14:15.0147 2252 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
14:14:15.0147 2252 isapnp - ok
14:14:15.0178 2252 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
14:14:15.0178 2252 iScsiPrt - ok
14:14:15.0225 2252 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
14:14:15.0225 2252 kbdclass - ok
14:14:15.0256 2252 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
14:14:15.0272 2252 kbdhid - ok
14:14:15.0288 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\windows\system32\lsass.exe
14:14:15.0303 2252 KeyIso - ok
14:14:15.0350 2252 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
14:14:15.0350 2252 KSecDD - ok
14:14:15.0366 2252 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
14:14:15.0366 2252 KSecPkg - ok
14:14:15.0412 2252 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
14:14:15.0412 2252 ksthunk - ok
14:14:15.0428 2252 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
14:14:15.0444 2252 KtmRm - ok
14:14:15.0506 2252 [ 48686C29856F46443952A831424F8D6F ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
14:14:15.0506 2252 L1C - ok
14:14:15.0568 2252 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\system32\srvsvc.dll
14:14:15.0568 2252 LanmanServer - ok
14:14:15.0615 2252 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
14:14:15.0615 2252 LanmanWorkstation - ok
14:14:15.0678 2252 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
14:14:15.0678 2252 lltdio - ok
14:14:15.0724 2252 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
14:14:15.0724 2252 lltdsvc - ok
14:14:15.0787 2252 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
14:14:15.0787 2252 lmhosts - ok
14:14:15.0849 2252 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
14:14:15.0849 2252 LSI_FC - ok
14:14:15.0865 2252 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
14:14:15.0865 2252 LSI_SAS - ok
14:14:15.0880 2252 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
14:14:15.0880 2252 LSI_SAS2 - ok
14:14:15.0927 2252 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
14:14:15.0927 2252 LSI_SCSI - ok
14:14:15.0990 2252 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
14:14:15.0990 2252 luafv - ok
14:14:16.0005 2252 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
14:14:16.0021 2252 Mcx2Svc - ok
14:14:16.0036 2252 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
14:14:16.0036 2252 megasas - ok
14:14:16.0068 2252 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
14:14:16.0068 2252 MegaSR - ok
14:14:16.0130 2252 [ 20574909FDD7843618BF03F95B61303D ] Mkd2Bthf C:\windows\system32\drivers\Mkd2Bthf.sys
14:14:16.0130 2252 Mkd2Bthf - ok
14:14:16.0146 2252 [ 131D429AF08E90CD16B36C68EDF56226 ] Mkd2Nadr C:\windows\system32\drivers\Mkd2Nadr.sys
14:14:16.0161 2252 Mkd2Nadr - ok
14:14:16.0208 2252 [ 8719AA5B8FAABACC5F12239F3D9572A2 ] Mkd3kfNt C:\windows\system32\drivers\Mkd3kfNt.sys
14:14:16.0208 2252 Mkd3kfNt - ok
14:14:16.0255 2252 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
14:14:16.0255 2252 MMCSS - ok
14:14:16.0286 2252 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
14:14:16.0286 2252 Modem - ok
14:14:16.0333 2252 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
14:14:16.0333 2252 monitor - ok
14:14:16.0364 2252 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
14:14:16.0380 2252 mouclass - ok
14:14:16.0426 2252 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
14:14:16.0442 2252 mouhid - ok
14:14:16.0458 2252 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
14:14:16.0458 2252 mountmgr - ok
14:14:16.0551 2252 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:14:16.0551 2252 MozillaMaintenance - ok
14:14:16.0582 2252 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
14:14:16.0598 2252 mpio - ok
14:14:16.0614 2252 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
14:14:16.0614 2252 mpsdrv - ok
14:14:16.0660 2252 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
14:14:16.0676 2252 MpsSvc - ok
14:14:16.0692 2252 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
14:14:16.0692 2252 MRxDAV - ok
14:14:16.0754 2252 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
14:14:16.0754 2252 mrxsmb - ok
14:14:16.0801 2252 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
14:14:16.0816 2252 mrxsmb10 - ok
14:14:16.0863 2252 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
14:14:16.0863 2252 mrxsmb20 - ok
14:14:16.0894 2252 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
14:14:16.0894 2252 msahci - ok
14:14:16.0910 2252 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
14:14:16.0910 2252 msdsm - ok
14:14:16.0941 2252 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
14:14:16.0957 2252 MSDTC - ok
14:14:16.0972 2252 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
14:14:16.0972 2252 Msfs - ok
14:14:17.0004 2252 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
14:14:17.0004 2252 mshidkmdf - ok
14:14:17.0019 2252 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
14:14:17.0019 2252 msisadrv - ok
14:14:17.0066 2252 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
14:14:17.0066 2252 MSiSCSI - ok
14:14:17.0082 2252 msiserver - ok
14:14:17.0113 2252 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
14:14:17.0113 2252 MSKSSRV - ok
14:14:17.0144 2252 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
14:14:17.0144 2252 MSPCLOCK - ok
14:14:17.0175 2252 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
14:14:17.0175 2252 MSPQM - ok
14:14:17.0206 2252 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
14:14:17.0206 2252 MsRPC - ok
14:14:17.0222 2252 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
14:14:17.0238 2252 mssmbios - ok
14:14:17.0269 2252 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
14:14:17.0269 2252 MSTEE - ok
14:14:17.0300 2252 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
14:14:17.0300 2252 MTConfig - ok
14:14:17.0347 2252 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
14:14:17.0347 2252 Mup - ok
14:14:17.0409 2252 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
14:14:17.0425 2252 napagent - ok
14:14:17.0487 2252 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
14:14:17.0503 2252 NativeWifiP - ok
14:14:17.0534 2252 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
14:14:17.0550 2252 NDIS - ok
14:14:17.0581 2252 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
14:14:17.0596 2252 NdisCap - ok
14:14:17.0628 2252 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
14:14:17.0643 2252 NdisTapi - ok
14:14:17.0706 2252 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
14:14:17.0706 2252 Ndisuio - ok
14:14:17.0721 2252 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
14:14:17.0721 2252 NdisWan - ok
14:14:17.0752 2252 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
14:14:17.0752 2252 NDProxy - ok
14:14:17.0799 2252 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
14:14:17.0799 2252 NetBIOS - ok
14:14:17.0830 2252 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
14:14:17.0846 2252 NetBT - ok
14:14:17.0862 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
14:14:17.0862 2252 Netlogon - ok
14:14:17.0924 2252 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
14:14:17.0940 2252 Netman - ok
14:14:17.0955 2252 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
14:14:17.0971 2252 netprofm - ok
14:14:18.0002 2252 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:14:18.0018 2252 NetTcpPortSharing - ok
14:14:18.0049 2252 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
14:14:18.0049 2252 nfrd960 - ok
14:14:18.0096 2252 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
14:14:18.0111 2252 NlaSvc - ok
14:14:18.0158 2252 Norton PC Checkup Application Launcher - ok
14:14:18.0189 2252 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
14:14:18.0189 2252 Npfs - ok
14:14:18.0236 2252 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
14:14:18.0236 2252 nsi - ok
14:14:18.0252 2252 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
14:14:18.0252 2252 nsiproxy - ok
14:14:18.0345 2252 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\windows\system32\drivers\Ntfs.sys
14:14:18.0376 2252 Ntfs - ok
14:14:18.0408 2252 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
14:14:18.0408 2252 Null - ok
14:14:18.0439 2252 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
14:14:18.0439 2252 nvraid - ok
14:14:18.0454 2252 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\windows\system32\drivers\nvstor.sys
14:14:18.0454 2252 nvstor - ok
14:14:18.0470 2252 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
14:14:18.0470 2252 nv_agp - ok
14:14:18.0486 2252 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
14:14:18.0486 2252 ohci1394 - ok
14:14:18.0626 2252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
14:14:18.0673 2252 p2pimsvc - ok
14:14:18.0766 2252 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
14:14:18.0782 2252 p2psvc - ok
14:14:18.0813 2252 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
14:14:18.0813 2252 Parport - ok
14:14:18.0876 2252 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
14:14:18.0876 2252 partmgr - ok
14:14:18.0907 2252 Partner Service - ok
14:14:18.0954 2252 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
14:14:18.0954 2252 PcaSvc - ok
14:14:18.0985 2252 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
14:14:18.0985 2252 PCCUJobMgr - ok
14:14:19.0032 2252 [ 5AAB2B170536885DE70A6CBA8D7CE52B ] pci C:\windows\system32\DRIVERS\pci.sys
14:14:19.0032 2252 pci - ok
14:14:19.0047 2252 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
14:14:19.0047 2252 pciide - ok
14:14:19.0078 2252 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
14:14:19.0078 2252 pcmcia - ok
14:14:19.0094 2252 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
14:14:19.0094 2252 pcw - ok
14:14:19.0141 2252 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
14:14:19.0156 2252 PEAUTH - ok
14:14:19.0250 2252 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
14:14:19.0250 2252 PerfHost - ok
14:14:19.0312 2252 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
14:14:19.0344 2252 pla - ok
14:14:19.0375 2252 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
14:14:19.0390 2252 PlugPlay - ok
14:14:19.0406 2252 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
14:14:19.0422 2252 PNRPAutoReg - ok
14:14:19.0437 2252 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
14:14:19.0437 2252 PNRPsvc - ok
14:14:19.0468 2252 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
14:14:19.0484 2252 PolicyAgent - ok
14:14:19.0515 2252 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
14:14:19.0515 2252 Power - ok
14:14:19.0562 2252 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
14:14:19.0562 2252 PptpMiniport - ok
14:14:19.0593 2252 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
14:14:19.0593 2252 Processor - ok
14:14:19.0656 2252 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\windows\system32\profsvc.dll
14:14:19.0656 2252 ProfSvc - ok
14:14:19.0687 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
14:14:19.0687 2252 ProtectedStorage - ok
14:14:19.0718 2252 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
14:14:19.0734 2252 Psched - ok
14:14:19.0780 2252 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
14:14:19.0796 2252 ql2300 - ok
14:14:19.0827 2252 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
14:14:19.0827 2252 ql40xx - ok
14:14:19.0858 2252 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
14:14:19.0858 2252 QWAVE - ok
14:14:19.0874 2252 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
14:14:19.0890 2252 QWAVEdrv - ok
14:14:19.0905 2252 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
14:14:19.0905 2252 RasAcd - ok
14:14:19.0952 2252 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
14:14:19.0952 2252 RasAgileVpn - ok
14:14:19.0983 2252 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
14:14:19.0999 2252 RasAuto - ok
14:14:20.0046 2252 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
14:14:20.0061 2252 Rasl2tp - ok
14:14:20.0092 2252 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
14:14:20.0108 2252 RasMan - ok
14:14:20.0170 2252 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
14:14:20.0170 2252 RasPppoe - ok
14:14:20.0186 2252 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
14:14:20.0186 2252 RasSstp - ok
14:14:20.0217 2252 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
14:14:20.0233 2252 rdbss - ok
14:14:20.0233 2252 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
14:14:20.0248 2252 rdpbus - ok
14:14:20.0264 2252 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
14:14:20.0264 2252 RDPCDD - ok
14:14:20.0295 2252 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
14:14:20.0295 2252 RDPENCDD - ok
14:14:20.0311 2252 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
14:14:20.0311 2252 RDPREFMP - ok
14:14:20.0358 2252 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
14:14:20.0373 2252 RDPWD - ok
14:14:20.0420 2252 [ E5DC9BA9E439D6DBDD79F8CAACB5BF01 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
14:14:20.0436 2252 rdyboost - ok
14:14:20.0482 2252 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
14:14:20.0482 2252 RemoteAccess - ok
14:14:20.0529 2252 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
14:14:20.0529 2252 RemoteRegistry - ok
14:14:20.0560 2252 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
14:14:20.0560 2252 RpcEptMapper - ok
14:14:20.0592 2252 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
14:14:20.0592 2252 RpcLocator - ok
14:14:20.0638 2252 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
14:14:20.0654 2252 RpcSs - ok
14:14:20.0701 2252 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
14:14:20.0716 2252 rspndr - ok
14:14:20.0794 2252 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
14:14:20.0794 2252 RSUSBSTOR - ok
14:14:20.0810 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
14:14:20.0826 2252 SamSs - ok
14:14:20.0841 2252 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
14:14:20.0841 2252 sbp2port - ok
14:14:20.0888 2252 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
14:14:20.0904 2252 SCardSvr - ok
14:14:20.0919 2252 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
14:14:20.0935 2252 scfilter - ok
14:14:20.0982 2252 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
14:14:20.0997 2252 Schedule - ok
14:14:21.0028 2252 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
14:14:21.0028 2252 SCPolicySvc - ok
14:14:21.0060 2252 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
14:14:21.0060 2252 SDRSVC - ok
14:14:21.0138 2252 [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
14:14:21.0138 2252 SeagateDashboardService - ok
14:14:21.0184 2252 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
14:14:21.0184 2252 secdrv - ok
14:14:21.0200 2252 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
14:14:21.0216 2252 seclogon - ok
14:14:21.0216 2252 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
14:14:21.0231 2252 SENS - ok
14:14:21.0247 2252 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
14:14:21.0247 2252 SensrSvc - ok
14:14:21.0262 2252 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
14:14:21.0262 2252 Serenum - ok
14:14:21.0294 2252 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
14:14:21.0294 2252 Serial - ok
14:14:21.0309 2252 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
14:14:21.0309 2252 sermouse - ok
14:14:21.0325 2252 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
14:14:21.0340 2252 SessionEnv - ok
14:14:21.0340 2252 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
14:14:21.0340 2252 sffdisk - ok
14:14:21.0340 2252 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
14:14:21.0340 2252 sffp_mmc - ok
14:14:21.0356 2252 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
14:14:21.0356 2252 sffp_sd - ok
14:14:21.0356 2252 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
14:14:21.0356 2252 sfloppy - ok
14:14:21.0403 2252 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
14:14:21.0403 2252 SharedAccess - ok
14:14:21.0434 2252 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
14:14:21.0434 2252 ShellHWDetection - ok
14:14:21.0465 2252 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
14:14:21.0465 2252 SiSRaid2 - ok
14:14:21.0465 2252 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
14:14:21.0481 2252 SiSRaid4 - ok
14:14:21.0528 2252 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:14:21.0528 2252 SkypeUpdate - ok
14:14:21.0574 2252 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
14:14:21.0590 2252 Smb - ok
14:14:21.0637 2252 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
14:14:21.0652 2252 SNMPTRAP - ok
14:14:21.0684 2252 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\windows\syswow64\speedfan.sys
14:14:21.0684 2252 speedfan - ok
14:14:21.0715 2252 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
14:14:21.0715 2252 spldr - ok
14:14:21.0746 2252 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\windows\System32\spoolsv.exe
14:14:21.0762 2252 Spooler - ok
14:14:21.0855 2252 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
14:14:21.0918 2252 sppsvc - ok
14:14:21.0964 2252 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
14:14:21.0980 2252 sppuinotify - ok
14:14:22.0027 2252 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
14:14:22.0042 2252 srv - ok
14:14:22.0074 2252 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
14:14:22.0074 2252 srv2 - ok
14:14:22.0089 2252 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
14:14:22.0089 2252 srvnet - ok
14:14:22.0136 2252 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
14:14:22.0152 2252 SSDPSRV - ok
14:14:22.0198 2252 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
14:14:22.0198 2252 SstpSvc - ok
14:14:22.0308 2252 Steam Client Service - ok
14:14:22.0354 2252 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
14:14:22.0354 2252 stexstor - ok
14:14:22.0417 2252 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
14:14:22.0448 2252 stisvc - ok
14:14:22.0464 2252 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
14:14:22.0464 2252 swenum - ok
14:14:22.0510 2252 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
14:14:22.0526 2252 swprv - ok
14:14:22.0588 2252 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
14:14:22.0588 2252 SynTP - ok
14:14:22.0666 2252 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
14:14:22.0698 2252 SysMain - ok
14:14:22.0713 2252 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
14:14:22.0729 2252 TabletInputService - ok
14:14:22.0744 2252 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
14:14:22.0760 2252 TapiSrv - ok
14:14:22.0760 2252 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
14:14:22.0776 2252 TBS - ok
14:14:22.0854 2252 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
14:14:22.0885 2252 Tcpip - ok
14:14:22.0994 2252 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
14:14:23.0010 2252 TCPIP6 - ok
14:14:23.0041 2252 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
14:14:23.0041 2252 tcpipreg - ok
14:14:23.0088 2252 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
14:14:23.0088 2252 tdcmdpst - ok
14:14:23.0103 2252 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
14:14:23.0103 2252 TDPIPE - ok
14:14:23.0150 2252 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
14:14:23.0150 2252 TDTCP - ok
14:14:23.0181 2252 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
14:14:23.0181 2252 tdx - ok
14:14:23.0212 2252 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
14:14:23.0212 2252 TermDD - ok
14:14:23.0244 2252 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
14:14:23.0259 2252 TermService - ok
14:14:23.0275 2252 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
14:14:23.0290 2252 Themes - ok
14:14:23.0306 2252 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
14:14:23.0306 2252 THREADORDER - ok
14:14:23.0384 2252 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:14:23.0400 2252 TMachInfo - ok
14:14:23.0431 2252 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
14:14:23.0446 2252 TODDSrv - ok
14:14:23.0556 2252 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:14:23.0556 2252 TosCoSrv - ok
14:14:23.0649 2252 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:14:23.0649 2252 TOSHIBA HDD SSD Alert Service - ok
14:14:23.0696 2252 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
14:14:23.0696 2252 TrkWks - ok
14:14:23.0805 2252 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
14:14:23.0868 2252 TrustedInstaller - ok
14:14:23.0899 2252 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
14:14:23.0992 2252 tssecsrv - ok
14:14:24.0086 2252 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
14:14:24.0086 2252 tunnel - ok
14:14:24.0148 2252 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
14:14:24.0148 2252 TVALZ - ok
14:14:24.0180 2252 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
14:14:24.0180 2252 uagp35 - ok
14:14:24.0242 2252 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
14:14:24.0258 2252 udfs - ok
14:14:24.0304 2252 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
14:14:24.0304 2252 UI0Detect - ok
14:14:24.0336 2252 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
14:14:24.0336 2252 uliagpkx - ok
14:14:24.0351 2252 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
14:14:24.0351 2252 umbus - ok
14:14:24.0367 2252 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
14:14:24.0367 2252 UmPass - ok
14:14:24.0414 2252 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
14:14:24.0414 2252 upnphost - ok
14:14:24.0476 2252 [ 77B01BC848298223A95D4EC23E1785A1 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
14:14:24.0476 2252 usbaudio - ok
14:14:24.0507 2252 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
14:14:24.0507 2252 usbccgp - ok
14:14:24.0570 2252 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
14:14:24.0570 2252 usbcir - ok
14:14:24.0601 2252 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
14:14:24.0601 2252 usbehci - ok
14:14:24.0648 2252 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
14:14:24.0663 2252 usbhub - ok
14:14:24.0679 2252 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
14:14:24.0679 2252 usbohci - ok
14:14:24.0741 2252 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
14:14:24.0741 2252 usbprint - ok
14:14:24.0788 2252 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
14:14:24.0788 2252 usbscan - ok
14:14:24.0850 2252 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
14:14:24.0850 2252 USBSTOR - ok
14:14:24.0882 2252 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
14:14:24.0882 2252 usbuhci - ok
14:14:24.0928 2252 [ D501E12614B00A3252073101D6A1A74B ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
14:14:24.0944 2252 usbvideo - ok
14:14:24.0991 2252 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
14:14:24.0991 2252 UxSms - ok
14:14:25.0022 2252 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
14:14:25.0022 2252 VaultSvc - ok
14:14:25.0084 2252 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
14:14:25.0084 2252 vdrvroot - ok
14:14:25.0131 2252 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
14:14:25.0147 2252 vds - ok
14:14:25.0194 2252 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
14:14:25.0194 2252 vga - ok
14:14:25.0209 2252 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
14:14:25.0209 2252 VgaSave - ok
14:14:25.0225 2252 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
14:14:25.0225 2252 vhdmp - ok
14:14:25.0256 2252 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
14:14:25.0256 2252 viaide - ok
14:14:25.0287 2252 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
14:14:25.0287 2252 volmgr - ok
14:14:25.0303 2252 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
14:14:25.0318 2252 volmgrx - ok
14:14:25.0334 2252 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
14:14:25.0334 2252 volsnap - ok
14:14:25.0365 2252 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
14:14:25.0365 2252 vsmraid - ok
14:14:25.0428 2252 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
14:14:25.0459 2252 VSS - ok
14:14:25.0490 2252 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
14:14:25.0490 2252 vwifibus - ok
14:14:25.0506 2252 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
14:14:25.0506 2252 vwififlt - ok
14:14:25.0552 2252 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
14:14:25.0552 2252 vwifimp - ok
14:14:25.0599 2252 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
14:14:25.0615 2252 W32Time - ok
14:14:25.0646 2252 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
14:14:25.0646 2252 WacomPen - ok
14:14:25.0677 2252 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
14:14:25.0693 2252 WANARP - ok
14:14:25.0693 2252 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
14:14:25.0693 2252 Wanarpv6 - ok
14:14:25.0786 2252 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
14:14:25.0802 2252 WatAdminSvc - ok
14:14:25.0880 2252 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
14:14:25.0896 2252 wbengine - ok
14:14:25.0927 2252 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
14:14:25.0927 2252 WbioSrvc - ok
14:14:25.0958 2252 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
14:14:25.0974 2252 wcncsvc - ok
14:14:26.0005 2252 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
14:14:26.0005 2252 WcsPlugInService - ok
14:14:26.0036 2252 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
14:14:26.0052 2252 Wd - ok
14:14:26.0083 2252 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
14:14:26.0083 2252 Wdf01000 - ok
14:14:26.0114 2252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
14:14:26.0130 2252 WdiServiceHost - ok
14:14:26.0130 2252 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
14:14:26.0130 2252 WdiSystemHost - ok
14:14:26.0161 2252 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
14:14:26.0176 2252 WebClient - ok
14:14:26.0223 2252 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
14:14:26.0239 2252 Wecsvc - ok
14:14:26.0286 2252 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
14:14:26.0301 2252 wercplsupport - ok
14:14:26.0348 2252 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
14:14:26.0364 2252 WerSvc - ok
14:14:26.0410 2252 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
14:14:26.0410 2252 WfpLwf - ok
14:14:26.0442 2252 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
14:14:26.0442 2252 WIMMount - ok
14:14:26.0457 2252 WinDefend - ok
14:14:26.0473 2252 WinHttpAutoProxySvc - ok
14:14:26.0551 2252 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
14:14:26.0551 2252 Winmgmt - ok
14:14:26.0629 2252 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
14:14:26.0660 2252 WinRM - ok
14:14:26.0738 2252 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
14:14:26.0738 2252 WinUsb - ok
14:14:26.0816 2252 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
14:14:26.0832 2252 Wlansvc - ok
14:14:27.0003 2252 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:14:27.0050 2252 wlidsvc - ok
14:14:27.0081 2252 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
14:14:27.0081 2252 WmiAcpi - ok
14:14:27.0112 2252 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
14:14:27.0112 2252 wmiApSrv - ok
14:14:27.0159 2252 WMPNetworkSvc - ok
14:14:27.0190 2252 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
14:14:27.0206 2252 WPCSvc - ok
14:14:27.0237 2252 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
14:14:27.0237 2252 WPDBusEnum - ok
14:14:27.0253 2252 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
14:14:27.0253 2252 ws2ifsl - ok
14:14:27.0284 2252 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\System32\wscsvc.dll
14:14:27.0284 2252 wscsvc - ok
14:14:27.0300 2252 WSearch - ok
14:14:27.0393 2252 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
14:14:27.0440 2252 wuauserv - ok
14:14:27.0456 2252 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
14:14:27.0456 2252 WudfPf - ok
14:14:27.0471 2252 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
14:14:27.0487 2252 wudfsvc - ok
14:14:27.0518 2252 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
14:14:27.0534 2252 WwanSvc - ok
14:14:27.0580 2252 ================ Scan global ===============================
14:14:27.0596 2252 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
14:14:27.0658 2252 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\windows\system32\winsrv.dll
14:14:27.0690 2252 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\windows\system32\winsrv.dll
14:14:27.0721 2252 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
14:14:27.0752 2252 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
14:14:27.0752 2252 [Global] - ok
14:14:27.0752 2252 ================ Scan MBR ==================================
14:14:27.0768 2252 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
14:14:27.0846 2252 Suspicious mbr (Forged): \Device\Harddisk0\DR0
14:14:27.0908 2252 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
14:14:27.0908 2252 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
14:14:27.0908 2252 ================ Scan VBR ==================================
14:14:27.0924 2252 [ 8F97CAF375B2B0AFA027714D70A14A3A ] \Device\Harddisk0\DR0\Partition1
14:14:27.0924 2252 \Device\Harddisk0\DR0\Partition1 - ok
14:14:27.0924 2252 ============================================================
14:14:27.0924 2252 Scan finished
14:14:27.0924 2252 ============================================================
14:14:27.0955 2972 Detected object count: 1
14:14:27.0955 2972 Actual detected object count: 1
14:14:43.0914 2972 \Device\Harddisk0\DR0\# - copied to quarantine
14:14:43.0914 2972 \Device\Harddisk0\DR0 - copied to quarantine
14:14:45.0037 2972 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
14:14:47.0814 2972 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
14:14:47.0845 2972 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
14:14:47.0892 2972 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
14:14:48.0001 2972 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
14:14:48.0016 2972 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
14:14:48.0016 2972 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
14:14:48.0016 2972 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
14:14:48.0048 2972 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
14:14:48.0094 2972 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
14:14:48.0094 2972 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
14:14:48.0094 2972 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
14:14:48.0188 2972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
14:14:48.0188 2972 \Device\Harddisk0\DR0 - ok
14:14:48.0687 2972 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
14:14:59.0264 3264 Deinitialize success


After reboot it asked to run again, no threats found














Did not ask to download extra definitions

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-24 14:20:17
-----------------------------
14:20:17.228 OS Version: Windows x64 6.1.7600
14:20:17.228 Number of processors: 2 586 0x603
14:20:17.228 ComputerName: KOTAROPC UserName: Kotaro
14:20:18.430 Initialize success
14:20:18.539 AVAST engine defs: 12092400
14:20:37.586 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:20:37.586 Disk 0 Vendor: TOSHIBA_MK3265GSXN GH101M Size: 305245MB BusType: 11
14:20:37.696 Disk 0 MBR read successfully
14:20:37.711 Disk 0 MBR scan
14:20:37.711 Disk 0 Windows VISTA default MBR code
14:20:37.727 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
14:20:37.742 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294358 MB offset 3074048
14:20:37.789 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9386 MB offset 605919232
14:20:37.836 Disk 0 scanning C:\windows\system32\drivers
14:20:52.781 Service scanning
14:21:32.982 Modules scanning
14:21:32.998 Disk 0 trace - called modules:
14:21:33.029 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:21:33.544 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004309490]
14:21:33.559 3 CLASSPNP.SYS[fffff8800185243f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004288060]
14:21:34.246 AVAST engine scan C:\windows
14:21:36.648 AVAST engine scan C:\windows\system32
14:25:53.237 AVAST engine scan C:\windows\system32\drivers
14:26:18.525 AVAST engine scan C:\Users\Kotaro
15:26:40.615 AVAST engine scan C:\ProgramData
15:29:10.750 Scan finished successfully

Edited by Millene, 24 September 2012 - 02:33 PM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 24 September 2012 - 04:09 PM

Hello Millene

I Would like to know how things are doing after you run the next scan so take a few min and check things out for me

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Millene

Millene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 24 September 2012 - 06:24 PM

ComboFix 12-09-24.02 - Kotaro 09/24/2012 18:32:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2384 [GMT -4:00]
Running from: c:\users\Kotaro\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 22:43 . 2012-09-24 22:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 18:14 . 2012-09-24 18:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 21:32 . 2012-09-23 21:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{311673DE-9D5E-49DB-B68E-98C2C34DD8B0}\offreg.dll
2012-09-23 00:11 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-23 00:11 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-23 00:11 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-23 00:11 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-23 00:11 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-23 00:11 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-23 00:11 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-23 00:10 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-23 00:10 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-23 00:09 . 2012-09-23 00:09 -------- d-----w- c:\programdata\AVAST Software
2012-09-23 00:09 . 2012-09-23 00:09 -------- d-----w- c:\program files\AVAST Software
2012-09-22 23:49 . 2012-09-22 23:49 -------- d-----w- c:\users\Kotaro\AppData\Roaming\Malwarebytes
2012-09-22 23:49 . 2012-09-22 23:49 -------- d-----w- c:\programdata\Malwarebytes
2012-09-22 23:49 . 2012-09-22 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-22 23:49 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 16:56 . 2012-09-22 16:56 -------- d-----w- c:\users\Kotaro\AppData\Roaming\Seagate
2012-09-22 16:56 . 2012-09-22 16:56 -------- d-----w- c:\program files (x86)\Seagate
2012-09-22 16:36 . 2012-09-22 16:36 -------- d-----w- c:\users\Kotaro\AppData\Roaming\Leadertech
2012-09-21 18:32 . 2012-09-19 04:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{311673DE-9D5E-49DB-B68E-98C2C34DD8B0}\mpengine.dll
2012-09-20 22:20 . 2012-09-20 22:20 -------- d-----r- c:\program files (x86)\Skype
2012-09-20 21:43 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-20 21:43 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-14 20:17 . 2012-09-20 21:34 -------- d-----w- c:\users\Kotaro\AppData\Roaming\uTorrent
2012-09-13 07:01 . 2012-09-20 22:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-09 16:46 . 2012-09-09 16:46 77824 ----a-w- c:\windows\zipexe_r.exe
2012-09-03 01:39 . 2012-09-13 01:40 -------- d-----w- c:\users\Kotaro\AppData\Roaming\vlc
2012-09-03 01:38 . 2012-09-03 01:38 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-30 07:33 . 2012-09-04 21:16 -------- d-----w- c:\users\Kotaro\AppData\Roaming\DVD Flick
2012-08-30 07:00 . 2003-01-26 17:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll
2012-08-30 07:00 . 2008-08-31 17:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
2012-08-30 07:00 . 2007-08-31 22:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx
2012-08-30 07:00 . 2004-03-09 04:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-08-30 07:00 . 2004-03-09 04:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2012-08-30 07:00 . 1998-06-24 04:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx
2012-08-30 07:00 . 2012-08-30 07:00 -------- d-----w- c:\program files (x86)\DVD Flick
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 22:21 . 2011-06-17 17:34 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 17:31 . 2012-08-16 04:35 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 02:06 . 2012-08-17 04:04 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-04-22 05:50 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:04 . 2012-08-16 05:10 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:01 . 2012-08-16 05:10 58880 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:01 . 2012-08-16 05:10 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:23 . 2012-08-16 05:10 41472 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\Hamachi\hamachi-2.exe [2011-08-15 2329480]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2010-03-08 97368]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-11-19 107096]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2010-09-13 182872]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-03-18 250984]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-05-26 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 71.3.0.116 76.2.127.122
TCP: Interfaces\{620A531E-124D-4794-B4DC-CE00011AF19F}\B696E67646F6D60A865616274737: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.co.jp/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-11916559.sys
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-7-Zip - c:\program files (x86)\7-Zip\Uninstall.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Super Mario Fusion Revival - c:\users\Kotaro\games\Mushroom Kingdom Fusion\Super Mario Fusion Revival\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-533522485-1636020723-3929417293-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-533522485-1636020723-3929417293-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-09-24 19:02:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 23:02
.
Pre-Run: 70,843,215,872 bytes free
Post-Run: 71,054,774,272 bytes free
.
- - End Of File - - 13D0020E27CE61EC353A2036D52CAD22

#10 Millene

Millene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 24 September 2012 - 06:35 PM

The computer seems better (winrscmde is gone) but several processes I try to shut off still won't go away. I don't think they are infected, but how can I make them stop? Especially Symantec/Norton processes when I was sure I had fully uninstalled all Norton products.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 24 September 2012 - 11:28 PM

Hello Millene

lets run nortons removal tool to completely remove it. - https://www-secure.symantec.com/norton-support/jsp/help-solutions.jsp?docid=kb20080710133834EN_EndUserProfile_en_us&product=home&pvid=f-home&version=1&lg=en&ct=us


At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Millene

Millene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 25 September 2012 - 01:04 AM

I had already run Norton's removal tool before. I ran it again and "Symantec Service Framework" (ccSvcHst.exe *32) and "Norton PC Checkup Launcher Service" (SymcPCCULaunchSvc.exe *32) are still appearing in my processes.

And a lot of times when I google something the link will instead redirect me to an ad related to what I googled.

I also changed my computer settings to only boot necessary programs on startup but I still catch useless things running in my processes.

And I now see rundll32.exe running in processes when I didn't before.

These are still happening after the latest ComboFix run.





ComboFix 12-09-24.03 - Kotaro 09/25/2012 1:25.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2814 [GMT -4:00]
Running from: c:\users\Kotaro\Desktop\ComboFix.exe
Command switches used :: c:\users\Kotaro\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-25 to 2012-09-25 )))))))))))))))))))))))))))))))
.
.
2012-09-25 05:36 . 2012-09-25 05:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 18:14 . 2012-09-24 18:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-23 21:32 . 2012-09-23 21:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{311673DE-9D5E-49DB-B68E-98C2C34DD8B0}\offreg.dll
2012-09-23 00:11 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-09-23 00:11 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-09-23 00:11 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-09-23 00:11 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-09-23 00:11 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-09-23 00:11 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-09-23 00:11 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-09-23 00:10 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-09-23 00:10 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-09-23 00:09 . 2012-09-23 00:09 -------- d-----w- c:\programdata\AVAST Software
2012-09-23 00:09 . 2012-09-23 00:09 -------- d-----w- c:\program files\AVAST Software
2012-09-22 23:49 . 2012-09-22 23:49 -------- d-----w- c:\users\Kotaro\AppData\Roaming\Malwarebytes
2012-09-22 23:49 . 2012-09-22 23:49 -------- d-----w- c:\programdata\Malwarebytes
2012-09-22 23:49 . 2012-09-22 23:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-22 23:49 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 16:56 . 2012-09-22 16:56 -------- d-----w- c:\users\Kotaro\AppData\Roaming\Seagate
2012-09-22 16:56 . 2012-09-22 16:56 -------- d-----w- c:\program files (x86)\Seagate
2012-09-22 16:36 . 2012-09-22 16:36 -------- d-----w- c:\users\Kotaro\AppData\Roaming\Leadertech
2012-09-21 18:32 . 2012-09-19 04:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{311673DE-9D5E-49DB-B68E-98C2C34DD8B0}\mpengine.dll
2012-09-20 22:20 . 2012-09-20 22:20 -------- d-----r- c:\program files (x86)\Skype
2012-09-20 21:43 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-20 21:43 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-14 20:17 . 2012-09-20 21:34 -------- d-----w- c:\users\Kotaro\AppData\Roaming\uTorrent
2012-09-13 07:01 . 2012-09-20 22:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-09 16:46 . 2012-09-09 16:46 77824 ----a-w- c:\windows\zipexe_r.exe
2012-09-03 01:39 . 2012-09-13 01:40 -------- d-----w- c:\users\Kotaro\AppData\Roaming\vlc
2012-09-03 01:38 . 2012-09-03 01:38 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-30 07:33 . 2012-09-04 21:16 -------- d-----w- c:\users\Kotaro\AppData\Roaming\DVD Flick
2012-08-30 07:00 . 2003-01-26 17:41 40960 ----a-w- c:\windows\SysWow64\ssubtmr6.dll
2012-08-30 07:00 . 2008-08-31 17:27 28672 ----a-w- c:\windows\SysWow64\mousewheel.ocx
2012-08-30 07:00 . 2007-08-31 22:36 36864 ----a-w- c:\windows\SysWow64\trayicon_handler.ocx
2012-08-30 07:00 . 2004-03-09 04:00 662288 ----a-w- c:\windows\SysWow64\mscomct2.ocx
2012-08-30 07:00 . 2004-03-09 04:00 212240 ----a-w- c:\windows\SysWow64\richtx32.ocx
2012-08-30 07:00 . 1998-06-24 04:00 164144 ----a-w- c:\windows\SysWow64\comct232.ocx
2012-08-30 07:00 . 2012-08-30 07:00 -------- d-----w- c:\program files (x86)\DVD Flick
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-20 22:21 . 2011-06-17 17:34 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 17:31 . 2012-08-16 04:35 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-06 02:06 . 2012-08-17 04:04 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-06 02:06 . 2011-04-22 05:50 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-04 22:04 . 2012-08-16 05:10 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:01 . 2012-08-16 05:10 58880 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:01 . 2012-08-16 05:10 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:23 . 2012-08-16 05:10 41472 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 136176]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\Hamachi\hamachi-2.exe [2011-08-15 2329480]
R3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2Bthf.sys [2010-03-08 97368]
R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-11-19 107096]
R3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\Mkd3kfNt.sys [2010-09-13 182872]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-03-18 250984]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-05-26 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 71.3.0.116 76.2.127.122
TCP: Interfaces\{620A531E-124D-4794-B4DC-CE00011AF19F}\B696E67646F6D60A865616274737: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.co.jp/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-533522485-1636020723-3929417293-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-533522485-1636020723-3929417293-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-09-25 01:54:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-25 05:54
ComboFix2.txt 2012-09-24 23:02
.
Pre-Run: 71,167,037,440 bytes free
Post-Run: 80,688,668,672 bytes free
.
- - End Of File - - 295D2F9313E10310D12572E782FCF727

Edited by Millene, 25 September 2012 - 01:04 AM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 25 September 2012 - 01:44 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Millene

Millene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 25 September 2012 - 12:28 PM

OTL logfile created on: 9/25/2012 12:43:33 PM - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Kotaro\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.66 Gb Available Physical Memory | 71.05% Memory free
7.49 Gb Paging File | 6.41 Gb Available in Paging File | 85.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.46 Gb Total Space | 75.12 Gb Free Space | 26.13% Space Free | Partition Type: NTFS

Computer Name: KOTAROPC | User Name: Kotaro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kotaro\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Mkd2Nadr) -- C:\Windows\SysNative\drivers\Mkd2Nadr.sys (AhnLab, Inc.)
DRV:64bit: - (Mkd3kfNt) -- C:\Windows\SysNative\drivers\mkd3kfnt.sys (AhnLab, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (Mkd2Bthf) -- C:\Windows\SysNative\drivers\Mkd2BthF.sys (AhnLab, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0C945FCB-48A3-4FDB-8C24-1CB88197C7BF}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{F8C3E227-1B59-4252-87B1-998B85E81205}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\..\SearchScopes\{7D2F93B3-FF25-45B5-A4D3-71DFE0408976}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND_enUS423
IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=16705&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=2R&apn_dtid=get001YYUS&apn_uid=4C3491A5-1CA9-4354-8717-F9E9236F47F3&apn_sauid=7F06CC20-4000-4C63-8607-295DE846A1B2
IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\..\SearchScopes\{F8C3E227-1B59-4252-87B1-998B85E81205}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSND
IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.co.jp/"
FF - prefs.js..extensions.enabledAddons: {E6C93316-271E-4b3d-8D7E-FE11B4350AEB}:2.1.25
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16
FF - prefs.js..extensions.enabledAddons: nvfzmxbodl@nvfzmxbodl.org:2.5
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..extensions.enabledItems: {CD9C099F-29A2-41B8-BBDE-E8013DD8CF50}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.95
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npaosmgr.1: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\npaosmgr.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@ahnlab.com/asp/npmkd25sp: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll (AhnLab, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2011/04/19 22:22:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/22 20:10:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/06 22:29:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CD9C099F-29A2-41B8-BBDE-E8013DD8CF50}: C:\Users\Kotaro\AppData\Local\{CD9C099F-29A2-41B8-BBDE-E8013DD8CF50}\ [2011/04/05 00:55:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/06 22:29:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/06 22:29:56 | 000,000,000 | ---D | M]

[2011/03/17 01:02:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kotaro\AppData\Roaming\Mozilla\Extensions
[2012/08/30 17:50:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\extensions
[2012/08/30 17:50:00 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[1832/11/29 00:37:17 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\extensions\nvfzmxbodl@nvfzmxbodl.org.xpi
[2012/03/23 00:04:52 | 000,009,489 | ---- | M] () (No name found) -- C:\Users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi
[2012/09/06 22:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/22 20:10:31 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/06 22:29:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

========== Chrome ==========

CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND

O1 HOSTS File: ([2012/09/25 01:38:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {063F7D71-5E0B-48F2-87D5-F63C5917947E} http://ahnlabdownload.nefficient.co.kr/aos/plugin/aosmgr.cab (Aosmgr Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.3.0.116 76.2.127.122
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{620A531E-124D-4794-B4DC-CE00011AF19F}: DhcpNameServer = 71.3.0.116 76.2.127.122
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/25 12:39:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kotaro\Desktop\OTL.exe
[2012/09/25 01:54:27 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/25 01:38:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/24 18:30:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/24 18:30:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/09/24 18:30:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/24 18:29:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/24 18:29:28 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/09/24 18:18:10 | 004,757,278 | R--- | C] (Swearware) -- C:\Users\Kotaro\Desktop\ComboFix.exe
[2012/09/24 14:14:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/24 14:05:36 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kotaro\Desktop\aswMBR.exe
[2012/09/24 14:05:15 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kotaro\Desktop\tdsskiller.exe
[2012/09/24 13:56:17 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\Desktop\RK_Quarantine
[2012/09/24 10:01:00 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kotaro\Desktop\dds.scr
[2012/09/22 20:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/09/22 20:11:21 | 000,025,232 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2012/09/22 20:11:20 | 000,359,464 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2012/09/22 20:11:15 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2012/09/22 20:11:13 | 000,059,728 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2012/09/22 20:11:12 | 000,969,200 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2012/09/22 20:11:04 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2012/09/22 20:11:03 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2012/09/22 20:10:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2012/09/22 20:10:01 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2012/09/22 20:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/09/22 20:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/09/22 19:49:47 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\AppData\Roaming\Malwarebytes
[2012/09/22 19:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/22 19:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/22 19:49:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/09/22 19:49:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/22 19:26:57 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/09/22 17:46:27 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/09/22 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\AppData\Roaming\Seagate
[2012/09/22 12:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2012/09/22 12:56:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012/09/22 12:36:14 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\AppData\Roaming\Leadertech
[2012/09/21 14:35:35 | 000,736,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/09/21 14:35:30 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2012/09/21 14:35:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/09/21 14:35:30 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2012/09/21 14:35:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/09/21 14:35:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/09/21 14:35:30 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/09/21 14:35:29 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2012/09/21 14:35:29 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2012/09/21 14:35:29 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/09/21 14:35:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/09/21 14:35:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2012/09/21 14:35:29 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2012/09/21 14:35:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2012/09/21 14:35:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2012/09/20 18:20:45 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/20 17:43:17 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2012/09/14 16:17:40 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\AppData\Roaming\uTorrent
[2012/09/13 03:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/06 22:29:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/02 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\AppData\Roaming\vlc
[2012/09/02 21:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/08/30 03:44:33 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\Documents\dvd
[2012/08/30 03:33:31 | 000,000,000 | ---D | C] -- C:\Users\Kotaro\AppData\Roaming\DVD Flick
[2012/08/30 03:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick
[2012/08/30 03:00:16 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\windows\SysWow64\ssubtmr6.dll
[2012/08/30 03:00:15 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscomct2.ocx
[2012/08/30 03:00:15 | 000,212,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\richtx32.ocx
[2012/08/30 03:00:15 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\comct232.ocx
[2012/08/30 03:00:15 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\windows\SysWow64\trayicon_handler.ocx
[2012/08/30 03:00:15 | 000,028,672 | ---- | C] (-) -- C:\windows\SysWow64\mousewheel.ocx
[2012/08/30 03:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Flick
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/25 12:44:51 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 12:44:51 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/25 12:39:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kotaro\Desktop\OTL.exe
[2012/09/25 12:36:51 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/25 12:36:31 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/25 12:36:25 | 3015,884,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/25 02:03:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/25 01:42:52 | 000,738,832 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/09/25 01:42:52 | 000,632,696 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/09/25 01:42:52 | 000,110,644 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/09/25 01:38:43 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/09/25 01:21:33 | 004,757,278 | R--- | M] (Swearware) -- C:\Users\Kotaro\Desktop\ComboFix.exe
[2012/09/25 00:46:04 | 002,171,154 | ---- | M] () -- C:\Users\Kotaro\Desktop\2012-09-24_21.56.27.png
[2012/09/24 19:48:33 | 001,466,339 | ---- | M] () -- C:\Users\Kotaro\Desktop\2012-09-24_17.29.22.png
[2012/09/24 17:20:03 | 001,415,444 | ---- | M] () -- C:\Users\Kotaro\Desktop\2012-09-24_16.18.01.png
[2012/09/24 15:29:36 | 000,000,512 | ---- | M] () -- C:\Users\Kotaro\Desktop\MBR.dat
[2012/09/24 14:07:46 | 000,000,000 | ---- | M] () -- C:\Users\Kotaro\defogger_reenable
[2012/09/24 14:06:04 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kotaro\Desktop\aswMBR.exe
[2012/09/24 14:05:26 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kotaro\Desktop\tdsskiller.exe
[2012/09/24 13:49:42 | 001,391,616 | ---- | M] () -- C:\Users\Kotaro\Desktop\RogueKiller.exe
[2012/09/24 13:49:27 | 000,513,501 | ---- | M] () -- C:\Users\Kotaro\Desktop\adwcleaner.exe
[2012/09/24 10:01:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kotaro\Desktop\dds.scr
[2012/09/24 10:00:36 | 000,881,724 | ---- | M] () -- C:\Users\Kotaro\Desktop\SecurityCheck.exe
[2012/09/24 10:00:15 | 000,050,477 | ---- | M] () -- C:\Users\Kotaro\Desktop\Defogger.exe
[2012/09/22 20:11:22 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/22 20:11:04 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012/09/22 18:14:43 | 000,001,301 | ---- | M] () -- C:\Users\Kotaro\Desktop\Norton Installation Files.lnk
[2012/09/22 12:56:25 | 000,001,252 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/09/21 23:54:06 | 000,033,301 | ---- | M] () -- C:\Users\Kotaro\Desktop\lotus-tattoo-designs.jpg
[2012/09/21 01:50:35 | 001,235,959 | ---- | M] () -- C:\Users\Kotaro\Desktop\flag old.png
[2012/09/20 18:23:12 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2012/09/20 00:22:03 | 000,052,714 | ---- | M] () -- C:\Users\Kotaro\Desktop\Sonic.jpg
[2012/09/19 01:32:56 | 000,002,202 | ---- | M] () -- C:\Users\Kotaro\Desktop\801731.gif
[2012/09/15 21:10:34 | 001,292,535 | ---- | M] () -- C:\Users\Kotaro\Desktop\IMG_15092012_211032.png
[2012/09/14 03:00:31 | 000,105,228 | ---- | M] () -- C:\Users\Kotaro\Desktop\zonicic.jpg
[2012/09/09 21:32:56 | 000,195,729 | ---- | M] () -- C:\Users\Kotaro\Desktop\tumblr_m9w2aa6DeW1qhwuczo1_r1_500.png
[2012/09/09 12:46:06 | 000,077,824 | ---- | M] () -- C:\windows\zipexe_r.exe
[2012/09/09 12:44:31 | 003,459,493 | ---- | M] () -- C:\Users\Kotaro\Desktop\UpgradeTool_340ACZ8D0UPG_V01.exe
[2012/09/08 23:40:35 | 000,003,125 | ---- | M] () -- C:\Users\Kotaro\Desktop\brock.gif
[2012/09/08 23:35:54 | 000,001,204 | ---- | M] () -- C:\Users\Kotaro\Desktop\aa8e25.gif
[2012/09/08 20:37:42 | 000,028,991 | ---- | M] () -- C:\Users\Kotaro\Desktop\flames.png
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/09/07 11:08:00 | 000,002,055 | ---- | M] () -- C:\Users\Kotaro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/03 20:23:03 | 003,680,958 | ---- | M] () -- C:\Users\Kotaro\Documents\clip1.gif
[2012/09/01 14:09:23 | 000,068,432 | ---- | M] () -- C:\Users\Kotaro\Desktop\nyuubiv2.png
[2012/08/30 13:29:19 | 000,067,960 | ---- | M] () -- C:\Users\Kotaro\Desktop\littlerota.png
[2012/08/30 13:26:12 | 000,056,399 | ---- | M] () -- C:\Users\Kotaro\Desktop\millene2.png
[2012/08/30 13:23:35 | 000,097,205 | ---- | M] () -- C:\Users\Kotaro\Desktop\edward.png
[2012/08/30 13:23:18 | 000,060,587 | ---- | M] () -- C:\Users\Kotaro\Desktop\maye.png
[2012/08/30 03:27:14 | 000,060,080 | ---- | M] () -- C:\Users\Kotaro\Desktop\luinai.png
[2012/08/30 03:23:58 | 000,068,025 | ---- | M] () -- C:\Users\Kotaro\Desktop\siphrose.png
[2012/08/30 03:21:31 | 000,103,642 | ---- | M] () -- C:\Users\Kotaro\Desktop\kukule.png
[2012/08/30 03:18:48 | 000,071,730 | ---- | M] () -- C:\Users\Kotaro\Desktop\martels.png
[2012/08/30 03:17:22 | 000,067,052 | ---- | M] () -- C:\Users\Kotaro\Desktop\millene.png
[2012/08/29 01:34:05 | 000,020,196 | ---- | M] () -- C:\Users\Kotaro\Desktop\rospr.png
[2012/08/27 23:05:17 | 000,040,876 | ---- | M] () -- C:\Users\Kotaro\Desktop\sprites.png
[2012/08/27 19:01:53 | 000,012,421 | ---- | M] () -- C:\Users\Kotaro\Desktop\sassygayshecil.png
[2012/08/26 13:15:17 | 000,008,472 | ---- | M] () -- C:\Users\Kotaro\Desktop\iv-mew2.png
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/25 00:44:49 | 002,171,154 | ---- | C] () -- C:\Users\Kotaro\Desktop\2012-09-24_21.56.27.png
[2012/09/24 19:47:45 | 001,466,339 | ---- | C] () -- C:\Users\Kotaro\Desktop\2012-09-24_17.29.22.png
[2012/09/24 18:30:01 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/24 18:30:01 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/24 18:30:01 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/24 18:30:01 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/24 18:30:01 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/24 17:19:16 | 001,415,444 | ---- | C] () -- C:\Users\Kotaro\Desktop\2012-09-24_16.18.01.png
[2012/09/24 15:29:36 | 000,000,512 | ---- | C] () -- C:\Users\Kotaro\Desktop\MBR.dat
[2012/09/24 14:07:46 | 000,000,000 | ---- | C] () -- C:\Users\Kotaro\defogger_reenable
[2012/09/24 13:49:37 | 001,391,616 | ---- | C] () -- C:\Users\Kotaro\Desktop\RogueKiller.exe
[2012/09/24 13:49:19 | 000,513,501 | ---- | C] () -- C:\Users\Kotaro\Desktop\adwcleaner.exe
[2012/09/24 10:00:30 | 000,881,724 | ---- | C] () -- C:\Users\Kotaro\Desktop\SecurityCheck.exe
[2012/09/24 10:00:12 | 000,050,477 | ---- | C] () -- C:\Users\Kotaro\Desktop\Defogger.exe
[2012/09/22 20:11:22 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/22 20:11:03 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2012/09/22 17:46:27 | 000,001,301 | ---- | C] () -- C:\Users\Kotaro\Desktop\Norton Installation Files.lnk
[2012/09/22 12:56:25 | 000,001,252 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/09/21 23:54:03 | 000,033,301 | ---- | C] () -- C:\Users\Kotaro\Desktop\lotus-tattoo-designs.jpg
[2012/09/21 01:46:57 | 001,235,959 | ---- | C] () -- C:\Users\Kotaro\Desktop\flag old.png
[2012/09/20 18:23:12 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/09/20 00:22:02 | 000,052,714 | ---- | C] () -- C:\Users\Kotaro\Desktop\Sonic.jpg
[2012/09/19 01:32:55 | 000,002,202 | ---- | C] () -- C:\Users\Kotaro\Desktop\801731.gif
[2012/09/15 21:10:25 | 001,292,535 | ---- | C] () -- C:\Users\Kotaro\Desktop\IMG_15092012_211032.png
[2012/09/14 03:00:31 | 000,105,228 | ---- | C] () -- C:\Users\Kotaro\Desktop\zonicic.jpg
[2012/09/09 21:32:55 | 000,195,729 | ---- | C] () -- C:\Users\Kotaro\Desktop\tumblr_m9w2aa6DeW1qhwuczo1_r1_500.png
[2012/09/09 12:46:06 | 000,077,824 | ---- | C] () -- C:\windows\zipexe_r.exe
[2012/09/09 12:44:17 | 003,459,493 | ---- | C] () -- C:\Users\Kotaro\Desktop\UpgradeTool_340ACZ8D0UPG_V01.exe
[2012/09/08 23:40:34 | 000,003,125 | ---- | C] () -- C:\Users\Kotaro\Desktop\brock.gif
[2012/09/08 23:35:52 | 000,001,204 | ---- | C] () -- C:\Users\Kotaro\Desktop\aa8e25.gif
[2012/09/08 20:37:42 | 000,028,991 | ---- | C] () -- C:\Users\Kotaro\Desktop\flames.png
[2012/09/03 20:22:47 | 003,680,958 | ---- | C] () -- C:\Users\Kotaro\Documents\clip1.gif
[2012/08/30 18:42:20 | 000,068,432 | ---- | C] () -- C:\Users\Kotaro\Desktop\nyuubiv2.png
[2012/08/30 13:29:19 | 000,067,960 | ---- | C] () -- C:\Users\Kotaro\Desktop\littlerota.png
[2012/08/30 13:26:12 | 000,056,399 | ---- | C] () -- C:\Users\Kotaro\Desktop\millene2.png
[2012/08/30 13:23:35 | 000,097,205 | ---- | C] () -- C:\Users\Kotaro\Desktop\edward.png
[2012/08/30 13:23:18 | 000,060,587 | ---- | C] () -- C:\Users\Kotaro\Desktop\maye.png
[2012/08/30 03:27:14 | 000,060,080 | ---- | C] () -- C:\Users\Kotaro\Desktop\luinai.png
[2012/08/30 03:23:57 | 000,068,025 | ---- | C] () -- C:\Users\Kotaro\Desktop\siphrose.png
[2012/08/30 03:21:31 | 000,103,642 | ---- | C] () -- C:\Users\Kotaro\Desktop\kukule.png
[2012/08/30 03:18:47 | 000,071,730 | ---- | C] () -- C:\Users\Kotaro\Desktop\martels.png
[2012/08/30 03:17:22 | 000,067,052 | ---- | C] () -- C:\Users\Kotaro\Desktop\millene.png
[2012/08/29 01:34:05 | 000,020,196 | ---- | C] () -- C:\Users\Kotaro\Desktop\rospr.png
[2012/08/27 23:05:17 | 000,040,876 | ---- | C] () -- C:\Users\Kotaro\Desktop\sprites.png
[2012/08/26 13:15:17 | 000,008,472 | ---- | C] () -- C:\Users\Kotaro\Desktop\iv-mew2.png
[2012/01/10 17:56:27 | 000,001,133 | ---- | C] () -- C:\windows\ODBCINST.INI
[2011/10/30 18:36:16 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/06/30 21:07:38 | 000,012,398 | -HS- | C] () -- C:\Users\Kotaro\AppData\Local\43amg0t2ihe520p034qj2450ufpjkok7812v64x40
[2011/06/30 21:07:38 | 000,012,398 | -HS- | C] () -- C:\ProgramData\43amg0t2ihe520p034qj2450ufpjkok7812v64x40
[2011/04/05 00:55:12 | 000,000,120 | ---- | C] () -- C:\Users\Kotaro\AppData\Local\Vqirilesoqaxala.dat
[2011/04/05 00:55:12 | 000,000,000 | ---- | C] () -- C:\Users\Kotaro\AppData\Local\Wtexadebirita.bin
[2011/04/04 21:12:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/31 19:44:54 | 001,036,288 | ---- | C] () -- C:\windows\SysWow64\lxdudrs.dll
[2011/03/31 19:44:54 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\lxducaps.dll
[2011/03/31 19:44:54 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\lxducnv4.dll
[2011/03/22 18:27:49 | 000,750,094 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/01/04 21:57:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/01/04 21:55:23 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

< End of report >

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:56 AM

Posted 25 September 2012 - 03:15 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    IE - HKU\S-1-5-21-533522485-1636020723-3929417293-1000\..\SearchScopes\{C7576B9D-B442-46bc-AF74-080A9E723E01}: "URL" = http://websearch.search-results.com/redirect?client=ie&tb=GET-SRS&o=16705&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=2R&apn_dtid=get001YYUS&apn_uid=4C3491A5-1CA9-4354-8717-F9E9236F47F3&apn_sauid=7F06CC20-4000-4C63-8607-295DE846A1B2
    FF - prefs.js..extensions.enabledAddons: nvfzmxbodl@nvfzmxbodl.org:2.5
    FF - prefs.js..extensions.enabledItems: {CD9C099F-29A2-41B8-BBDE-E8013DD8CF50}:1.9.1
    [1832/11/29 00:37:17 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\Kotaro\AppData\Roaming\Mozilla\Firefox\Profiles\63d1ahgr.default\extensions\nvfzmxbodl@nvfzmxbodl.org.xpi
    [2011/06/30 21:07:38 | 000,012,398 | -HS- | C] () -- C:\Users\Kotaro\AppData\Local\43amg0t2ihe520p034qj2450ufpjkok7812v64x40
    [2011/06/30 21:07:38 | 000,012,398 | -HS- | C] () -- C:\ProgramData\43amg0t2ihe520p034qj2450ufpjkok7812v64x40
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users