Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome redirects to Funmoods and pop ups are everywhere CANNOT remove - Vista system


  • This topic is locked This topic is locked
33 replies to this topic

#1 chris1gill

chris1gill

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 26 September 2012 - 02:42 PM

I inadvertently posted that I was using Windows 7, I'm actually using Vista so I've been asked to re-post


I have tried various malware and spyware programs and I cannot get this off my computer. As a result I have pop up ads everywhere. I run Norton Antivirus on Windows 7, I desperately want this off my computer.

Funmoods is in Chrome (this all started when Funmoods got onto my computer), although I tried to get it off Firefox, whenever I bring up websites, I have the popups everywhere.

I did run combofix before reading not to run it (sorry.... )



Here is my log and I've attached the attach.txt and the ComboFix.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Chris at 12:03:47 on 2012-09-25
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nbc.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtDyBzyyC0F0AtBtA0B0EtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=645650849
uInternet Connection Wizard,ShellNext = hxxp://webmail.aol.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Akamai NetSession Interface] "C:\Users\Chris\AppData\Local\Akamai\netsession_win.exe"
uRun: [Facebook Update] "C:\Users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1228338813\ee\AOLSoftware.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\AOLDES~1.LNK - C:\Program Files (x86)\Common Files\aol\Launch\aollaunch.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Chris\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127589411709
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127589395787
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37320.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{51064D83-5BB4-4B0C-80F9-11FD0398BAF5} : DhcpNameServer = 75.75.75.75 75.75.76.76
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
BHO-X64: AOL Toolbar Loader - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO-X64: Browser Address Error Redirector - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\coIEPlg.dll
TB-X64: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1228338813\ee\AOLSoftware.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1jny0dss.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffaoldesktop-chromesbox-en-us&query=
FF - prefs.js: browser.startup.homepage - www.msnbc.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111126&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: C:\Users\Chris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtDyBzyyC0F0AtBtA0B0EtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=645650849
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtDyBzyyC0F0AtBtA0B0EtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=645650849
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtBtCzy0BtDyBzyyC0F0AtBtA0B0EtN0D0Tzu0CtByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=645650849&q=
FF - user.js: extensions.funmoods.id - 00219B0796FA23BE
FF - user.js: extensions.funmoods.instlDay - 15582
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.229:13:13
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - adknlg
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - adknlg
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-25 14:48:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-25 14:19:23 98816 ----a-w- C:\Windows\sed.exe
2012-09-25 14:19:23 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-25 14:19:23 256000 ----a-w- C:\Windows\PEV.exe
2012-09-25 14:19:23 208896 ----a-w- C:\Windows\MBR.exe
2012-09-07 02:19:51 91104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2012-08-30 14:13:57 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-08-30 13:58:06 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-08-30 13:58:06 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-08-30 13:57:38 -------- d-----w- C:\ProgramData\PC Tools
2012-08-30 13:57:37 -------- d-----w- C:\Users\Chris\AppData\Roaming\TestApp
2012-08-30 13:14:03 -------- d-----w- C:\Program Files (x86)\SMPlayer
2012-08-30 13:13:02 -------- d-----w- C:\Program Files (x86)\OApps
.
==================== Find3M ====================
.
2012-09-21 13:24:22 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 13:24:22 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-07-22 13:13:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 12:04:21.36 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 26 September 2012 - 03:22 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chris1gill

chris1gill
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 26 September 2012 - 08:32 PM

Here is the Checkup.txt and AdwCleanerS1 attached

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 26 September 2012 - 08:41 PM

Hello

did you run the rougekiller program?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chris1gill

chris1gill
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 26 September 2012 - 08:56 PM

RkReport.txt attached

Unfortunately all the adds and pop ups are still there

Attached Files


Edited by chris1gill, 26 September 2012 - 08:58 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 26 September 2012 - 08:58 PM

Hello Chris

Please do not attach the reports it will only make it harder for me later

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 chris1gill

chris1gill
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 27 September 2012 - 10:28 AM

Attached is the Combofix.txt report

Unfortunately I still have the ad's and pop ups

Attached Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 27 September 2012 - 01:07 PM

Greetings chris1gill

In my opening post I ask you not to attach the reports and explain why, In my signature I ask you to copy and paste the reports into the topic and not to attach the reports and in my last post I ask you again to please not to attach the reports

But you still keep on doing it - please do not attach the reports

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 chris1gill

chris1gill
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 27 September 2012 - 01:13 PM

Greetings chris1gill

In my opening post I ask you not to attach the reports and explain why, In my signature I ask you to copy and paste the reports into the topic and not to attach the reports and in my last post I ask you again to please not to attach the reports

But you still keep on doing it - please do not attach the reports

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo


Here are the results from the tdskiller.exe

14:11:18.0324 2172 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:11:18.0743 2172 ============================================================
14:11:18.0743 2172 Current date / time: 2012/09/27 14:11:18.0743
14:11:18.0743 2172 SystemInfo:
14:11:18.0743 2172
14:11:18.0743 2172 OS Version: 6.0.6002 ServicePack: 2.0
14:11:18.0743 2172 Product type: Workstation
14:11:18.0744 2172 ComputerName: GILLFAMILY-PC
14:11:18.0745 2172 UserName: Chris
14:11:18.0745 2172 Windows directory: C:\Windows
14:11:18.0745 2172 System windows directory: C:\Windows
14:11:18.0745 2172 Running under WOW64
14:11:18.0745 2172 Processor architecture: Intel x64
14:11:18.0745 2172 Number of processors: 2
14:11:18.0745 2172 Page size: 0x1000
14:11:18.0745 2172 Boot type: Normal boot
14:11:18.0745 2172 ============================================================
14:11:20.0390 2172 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:11:20.0395 2172 ============================================================
14:11:20.0395 2172 \Device\Harddisk0\DR0:
14:11:20.0399 2172 MBR partitions:
14:11:20.0399 2172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
14:11:20.0399 2172 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x4943C000
14:11:20.0399 2172 ============================================================
14:11:20.0439 2172 C: <-> \Device\Harddisk0\DR0\Partition2
14:11:20.0472 2172 D: <-> \Device\Harddisk0\DR0\Partition1
14:11:20.0472 2172 ============================================================
14:11:20.0473 2172 Initialize success
14:11:20.0473 2172 ============================================================
14:11:25.0161 4572 ============================================================
14:11:25.0161 4572 Scan started
14:11:25.0161 4572 Mode: Manual;
14:11:25.0161 4572 ============================================================
14:11:26.0571 4572 ================ Scan system memory ========================
14:11:26.0571 4572 System memory - ok
14:11:26.0571 4572 ================ Scan services =============================
14:11:26.0921 4572 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:11:26.0931 4572 ACPI - ok
14:11:27.0071 4572 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:11:27.0081 4572 AdobeFlashPlayerUpdateSvc - ok
14:11:27.0121 4572 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:11:27.0141 4572 adp94xx - ok
14:11:27.0181 4572 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:11:27.0201 4572 adpahci - ok
14:11:27.0221 4572 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:11:27.0231 4572 adpu160m - ok
14:11:27.0271 4572 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:11:27.0281 4572 adpu320 - ok
14:11:27.0321 4572 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:11:27.0321 4572 AeLookupSvc - ok
14:11:27.0411 4572 [ 0D7A11395C0A33D9E7587CDB9866EFAD ] AERTFilters C:\Windows\system32\AERTSr64.exe
14:11:27.0411 4572 AERTFilters - ok
14:11:27.0471 4572 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
14:11:27.0471 4572 AFD - ok
14:11:27.0491 4572 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:11:27.0501 4572 agp440 - ok
14:11:27.0521 4572 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:11:27.0551 4572 aic78xx - ok
14:11:27.0581 4572 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
14:11:27.0591 4572 ALG - ok
14:11:27.0601 4572 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys
14:11:27.0601 4572 aliide - ok
14:11:27.0611 4572 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
14:11:27.0621 4572 amdide - ok
14:11:27.0651 4572 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:11:27.0651 4572 AmdK8 - ok
14:11:27.0751 4572 [ 85180CF88C5EBAD73B452A43A004CA51 ] AOL ACS C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
14:11:27.0761 4572 AOL ACS - ok
14:11:27.0781 4572 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
14:11:27.0781 4572 Appinfo - ok
14:11:27.0841 4572 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:11:27.0841 4572 Apple Mobile Device - ok
14:11:27.0871 4572 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
14:11:27.0891 4572 arc - ok
14:11:27.0901 4572 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:11:27.0911 4572 arcsas - ok
14:11:28.0031 4572 [ 4EABF511B1AF176A971C3271E48FA3A8 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:11:28.0051 4572 aspnet_state - ok
14:11:28.0071 4572 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:11:28.0081 4572 AsyncMac - ok
14:11:28.0111 4572 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
14:11:28.0111 4572 atapi - ok
14:11:28.0151 4572 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:11:28.0151 4572 AudioEndpointBuilder - ok
14:11:28.0161 4572 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:11:28.0171 4572 AudioSrv - ok
14:11:28.0171 4572 Beep - ok
14:11:28.0201 4572 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
14:11:28.0211 4572 BFE - ok
14:11:28.0381 4572 [ A45BE4E091636F6C86D6E4FC945D5A26 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120919.001\BHDrvx64.sys
14:11:28.0391 4572 BHDrvx64 - ok
14:11:28.0461 4572 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
14:11:28.0481 4572 BITS - ok
14:11:28.0501 4572 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:11:28.0501 4572 blbdrive - ok
14:11:28.0581 4572 [ 1C87705CCB2F60172B0FC86B5D82F00D ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
14:11:28.0591 4572 Bonjour Service - ok
14:11:28.0621 4572 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:11:28.0621 4572 bowser - ok
14:11:28.0651 4572 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:11:28.0661 4572 BrFiltLo - ok
14:11:28.0671 4572 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:11:28.0681 4572 BrFiltUp - ok
14:11:28.0701 4572 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
14:11:28.0701 4572 Browser - ok
14:11:28.0721 4572 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
14:11:28.0731 4572 Brserid - ok
14:11:28.0751 4572 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:11:28.0751 4572 BrSerWdm - ok
14:11:28.0771 4572 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:11:28.0771 4572 BrUsbMdm - ok
14:11:28.0791 4572 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:11:28.0801 4572 BrUsbSer - ok
14:11:28.0801 4572 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:11:28.0811 4572 BTHMODEM - ok
14:11:28.0831 4572 catchme - ok
14:11:28.0851 4572 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:11:28.0851 4572 cdfs - ok
14:11:28.0881 4572 [ 89035A7AAB356954DC8CEF154740EA99 ] Cdr4_xp C:\Windows\system32\drivers\Cdr4_xp.sys
14:11:28.0881 4572 Cdr4_xp - ok
14:11:28.0881 4572 [ A47536655B9068586482FDB7AFFE1D56 ] Cdralw2k C:\Windows\system32\drivers\Cdralw2k.sys
14:11:28.0881 4572 Cdralw2k - ok
14:11:28.0901 4572 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:11:28.0901 4572 cdrom - ok
14:11:28.0921 4572 cdudf_xp - ok
14:11:28.0961 4572 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
14:11:28.0961 4572 CertPropSvc - ok
14:11:28.0981 4572 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
14:11:28.0991 4572 circlass - ok
14:11:29.0041 4572 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
14:11:29.0041 4572 CLFS - ok
14:11:29.0071 4572 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:11:29.0091 4572 clr_optimization_v2.0.50727_32 - ok
14:11:29.0151 4572 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:11:29.0161 4572 clr_optimization_v2.0.50727_64 - ok
14:11:29.0261 4572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:11:29.0271 4572 clr_optimization_v4.0.30319_32 - ok
14:11:29.0321 4572 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:11:29.0331 4572 clr_optimization_v4.0.30319_64 - ok
14:11:29.0361 4572 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:11:29.0361 4572 cmdide - ok
14:11:29.0371 4572 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:11:29.0401 4572 Compbatt - ok
14:11:29.0411 4572 COMSysApp - ok
14:11:29.0421 4572 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:11:29.0421 4572 crcdisk - ok
14:11:29.0471 4572 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:11:29.0471 4572 CryptSvc - ok
14:11:29.0521 4572 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:11:29.0531 4572 DcomLaunch - ok
14:11:29.0601 4572 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:11:29.0601 4572 DfsC - ok
14:11:29.0721 4572 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
14:11:29.0771 4572 DFSR - ok
14:11:29.0811 4572 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:11:29.0811 4572 Dhcp - ok
14:11:29.0851 4572 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
14:11:29.0851 4572 disk - ok
14:11:29.0891 4572 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:11:29.0891 4572 Dnscache - ok
14:11:29.0951 4572 [ DB29915209770D8B59654345EC2D943A ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
14:11:29.0951 4572 DockLoginService - ok
14:11:30.0001 4572 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
14:11:30.0011 4572 dot3svc - ok
14:11:30.0041 4572 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
14:11:30.0041 4572 DPS - ok
14:11:30.0061 4572 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:11:30.0071 4572 drmkaud - ok
14:11:30.0081 4572 dvd_2K - ok
14:11:30.0121 4572 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:11:30.0141 4572 DXGKrnl - ok
14:11:30.0181 4572 [ A458E7D986F51C827640F5D1F1E886E4 ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys
14:11:30.0181 4572 e1express - ok
14:11:30.0231 4572 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
14:11:30.0241 4572 E1G60 - ok
14:11:30.0271 4572 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
14:11:30.0291 4572 EapHost - ok
14:11:30.0301 4572 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
14:11:30.0311 4572 Ecache - ok
14:11:30.0361 4572 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
14:11:30.0371 4572 eeCtrl - ok
14:11:30.0431 4572 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:11:30.0461 4572 ehRecvr - ok
14:11:30.0471 4572 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
14:11:30.0481 4572 ehSched - ok
14:11:30.0501 4572 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
14:11:30.0501 4572 ehstart - ok
14:11:30.0531 4572 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:11:30.0531 4572 elxstor - ok
14:11:30.0571 4572 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:11:30.0571 4572 EMDMgmt - ok
14:11:30.0611 4572 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:11:30.0611 4572 EraserUtilRebootDrv - ok
14:11:30.0621 4572 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:11:30.0631 4572 ErrDev - ok
14:11:30.0671 4572 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
14:11:30.0671 4572 EventSystem - ok
14:11:30.0711 4572 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
14:11:30.0721 4572 exfat - ok
14:11:30.0751 4572 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:11:30.0751 4572 fastfat - ok
14:11:30.0781 4572 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:11:30.0781 4572 fdc - ok
14:11:30.0801 4572 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
14:11:30.0801 4572 fdPHost - ok
14:11:30.0821 4572 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
14:11:30.0821 4572 FDResPub - ok
14:11:30.0841 4572 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:11:30.0841 4572 FileInfo - ok
14:11:30.0851 4572 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:11:30.0861 4572 Filetrace - ok
14:11:30.0871 4572 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:11:30.0881 4572 flpydisk - ok
14:11:30.0891 4572 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:11:30.0901 4572 FltMgr - ok
14:11:30.0951 4572 [ DE67B1AFAB1DDB6CA0BBA89A776F26FA ] FontCache C:\Windows\system32\FntCache.dll
14:11:30.0951 4572 FontCache - ok
14:11:31.0001 4572 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:11:31.0011 4572 FontCache3.0.0.0 - ok
14:11:31.0031 4572 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:11:31.0031 4572 Fs_Rec - ok
14:11:31.0051 4572 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:11:31.0071 4572 gagp30kx - ok
14:11:31.0101 4572 [ AF4DEE5531395DEE72B35B36C9671FD0 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:11:31.0101 4572 GEARAspiWDM - ok
14:11:31.0161 4572 [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll
14:11:31.0171 4572 getPlusHelper - ok
14:11:31.0221 4572 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
14:11:31.0221 4572 gpsvc - ok
14:11:31.0311 4572 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:11:31.0311 4572 gupdate - ok
14:11:31.0321 4572 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:11:31.0331 4572 gupdatem - ok
14:11:31.0391 4572 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
14:11:31.0421 4572 gusvc - ok
14:11:31.0471 4572 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:11:31.0481 4572 HDAudBus - ok
14:11:31.0501 4572 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:11:31.0501 4572 HidBth - ok
14:11:31.0511 4572 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
14:11:31.0521 4572 HidIr - ok
14:11:31.0551 4572 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll
14:11:31.0561 4572 hidserv - ok
14:11:31.0611 4572 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:11:31.0621 4572 HidUsb - ok
14:11:31.0651 4572 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
14:11:31.0671 4572 hkmsvc - ok
14:11:31.0721 4572 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:11:31.0781 4572 HpCISSs - ok
14:11:31.0861 4572 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:11:31.0901 4572 HTTP - ok
14:11:31.0941 4572 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:11:31.0961 4572 i2omp - ok
14:11:32.0011 4572 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:11:32.0111 4572 i8042prt - ok
14:11:32.0211 4572 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:11:32.0261 4572 iaStorV - ok
14:11:32.0311 4572 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:11:32.0341 4572 idsvc - ok
14:11:32.0431 4572 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120926.001\IDSvia64.sys
14:11:32.0451 4572 IDSVia64 - ok
14:11:32.0801 4572 [ 50F15F9AEE2E7692DFE58917E2D40498 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
14:11:32.0911 4572 igfx - ok
14:11:32.0931 4572 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:11:32.0941 4572 iirsp - ok
14:11:33.0061 4572 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
14:11:33.0071 4572 IKEEXT - ok
14:11:33.0361 4572 [ B3FB479A7C0626499EB5989BC087CF8D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:11:33.0371 4572 IntcAzAudAddService - ok
14:11:33.0431 4572 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
14:11:33.0481 4572 intelide - ok
14:11:33.0501 4572 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:11:33.0501 4572 intelppm - ok
14:11:33.0791 4572 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
14:11:33.0791 4572 IntuitUpdateService - ok
14:11:33.0981 4572 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
14:11:33.0981 4572 IntuitUpdateServiceV4 - ok
14:11:34.0051 4572 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:11:34.0081 4572 IPBusEnum - ok
14:11:34.0121 4572 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:11:34.0131 4572 IpFilterDriver - ok
14:11:34.0181 4572 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:11:34.0181 4572 iphlpsvc - ok
14:11:34.0181 4572 IpInIp - ok
14:11:34.0221 4572 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:11:34.0251 4572 IPMIDRV - ok
14:11:34.0291 4572 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:11:34.0301 4572 IPNAT - ok
14:11:34.0371 4572 [ B7CB0B121962CD89F98C0DD89331B0C0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:11:34.0381 4572 iPod Service - ok
14:11:34.0421 4572 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:11:34.0431 4572 IRENUM - ok
14:11:34.0471 4572 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:11:34.0471 4572 isapnp - ok
14:11:34.0511 4572 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:11:34.0511 4572 iScsiPrt - ok
14:11:34.0531 4572 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:11:34.0531 4572 iteatapi - ok
14:11:34.0561 4572 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:11:34.0561 4572 iteraid - ok
14:11:34.0571 4572 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:11:34.0571 4572 kbdclass - ok
14:11:34.0601 4572 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:11:34.0601 4572 kbdhid - ok
14:11:34.0611 4572 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
14:11:34.0611 4572 KeyIso - ok
14:11:34.0641 4572 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:11:34.0651 4572 KSecDD - ok
14:11:34.0661 4572 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:11:34.0661 4572 ksthunk - ok
14:11:34.0691 4572 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
14:11:34.0691 4572 KtmRm - ok
14:11:34.0731 4572 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:11:34.0731 4572 LanmanServer - ok
14:11:34.0771 4572 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:11:34.0771 4572 LanmanWorkstation - ok
14:11:34.0791 4572 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:11:34.0801 4572 lltdio - ok
14:11:34.0841 4572 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:11:34.0851 4572 lltdsvc - ok
14:11:34.0871 4572 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:11:34.0871 4572 lmhosts - ok
14:11:34.0901 4572 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:11:34.0911 4572 LSI_FC - ok
14:11:34.0931 4572 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:11:34.0931 4572 LSI_SAS - ok
14:11:34.0951 4572 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:11:34.0971 4572 LSI_SCSI - ok
14:11:34.0991 4572 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
14:11:35.0001 4572 luafv - ok
14:11:35.0031 4572 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:11:35.0071 4572 Mcx2Svc - ok
14:11:35.0101 4572 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
14:11:35.0121 4572 megasas - ok
14:11:35.0181 4572 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:11:35.0211 4572 MegaSR - ok
14:11:35.0241 4572 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
14:11:35.0251 4572 MMCSS - ok
14:11:35.0251 4572 mmc_2K - ok
14:11:35.0281 4572 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
14:11:35.0291 4572 Modem - ok
14:11:35.0301 4572 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:11:35.0301 4572 monitor - ok
14:11:35.0351 4572 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:11:35.0351 4572 mouclass - ok
14:11:35.0421 4572 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:11:35.0421 4572 mouhid - ok
14:11:35.0441 4572 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:11:35.0451 4572 MountMgr - ok
14:11:35.0521 4572 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:11:35.0561 4572 MozillaMaintenance - ok
14:11:35.0591 4572 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
14:11:35.0611 4572 mpio - ok
14:11:35.0671 4572 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:11:35.0701 4572 mpsdrv - ok
14:11:35.0751 4572 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
14:11:35.0751 4572 MpsSvc - ok
14:11:35.0751 4572 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:11:35.0771 4572 Mraid35x - ok
14:11:35.0801 4572 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:11:35.0801 4572 MRxDAV - ok
14:11:35.0851 4572 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:11:35.0851 4572 mrxsmb - ok
14:11:35.0881 4572 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:11:35.0881 4572 mrxsmb10 - ok
14:11:35.0891 4572 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:11:35.0891 4572 mrxsmb20 - ok
14:11:35.0901 4572 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
14:11:35.0911 4572 msahci - ok
14:11:35.0931 4572 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:11:35.0951 4572 msdsm - ok
14:11:35.0981 4572 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
14:11:35.0981 4572 MSDTC - ok
14:11:36.0011 4572 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:11:36.0011 4572 Msfs - ok
14:11:36.0031 4572 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:11:36.0031 4572 msisadrv - ok
14:11:36.0071 4572 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:11:36.0081 4572 MSiSCSI - ok
14:11:36.0081 4572 msiserver - ok
14:11:36.0151 4572 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:11:36.0191 4572 MSKSSRV - ok
14:11:36.0221 4572 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:11:36.0271 4572 MSPCLOCK - ok
14:11:36.0301 4572 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:11:36.0311 4572 MSPQM - ok
14:11:36.0401 4572 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:11:36.0421 4572 MsRPC - ok
14:11:36.0451 4572 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:11:36.0461 4572 mssmbios - ok
14:11:36.0501 4572 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:11:36.0501 4572 MSTEE - ok
14:11:36.0521 4572 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
14:11:36.0521 4572 Mup - ok
14:11:36.0611 4572 [ E78A365CC3E0FBFC018A33DCE01909F8 ] N360 C:\Program Files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe
14:11:36.0611 4572 N360 - ok
14:11:36.0651 4572 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
14:11:36.0651 4572 napagent - ok
14:11:36.0721 4572 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:11:36.0741 4572 NativeWifiP - ok
14:11:36.0901 4572 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120927.002\ENG64.SYS
14:11:36.0921 4572 NAVENG - ok
14:11:36.0981 4572 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120927.002\EX64.SYS
14:11:37.0011 4572 NAVEX15 - ok
14:11:37.0061 4572 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:11:37.0081 4572 NDIS - ok
14:11:37.0091 4572 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:11:37.0091 4572 NdisTapi - ok
14:11:37.0111 4572 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:11:37.0121 4572 Ndisuio - ok
14:11:37.0141 4572 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:11:37.0151 4572 NdisWan - ok
14:11:37.0171 4572 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:11:37.0171 4572 NDProxy - ok
14:11:37.0211 4572 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:11:37.0211 4572 NetBIOS - ok
14:11:37.0331 4572 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:11:37.0341 4572 netbt - ok
14:11:37.0371 4572 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
14:11:37.0371 4572 Netlogon - ok
14:11:37.0421 4572 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
14:11:37.0421 4572 Netman - ok
14:11:37.0461 4572 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
14:11:37.0461 4572 netprofm - ok
14:11:37.0511 4572 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:11:37.0531 4572 NetTcpPortSharing - ok
14:11:37.0551 4572 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:11:37.0581 4572 nfrd960 - ok
14:11:37.0621 4572 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
14:11:37.0621 4572 NlaSvc - ok
14:11:37.0661 4572 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:11:37.0661 4572 Npfs - ok
14:11:37.0691 4572 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
14:11:37.0691 4572 nsi - ok
14:11:37.0691 4572 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:11:37.0701 4572 nsiproxy - ok
14:11:37.0791 4572 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:11:37.0801 4572 Ntfs - ok
14:11:37.0821 4572 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
14:11:37.0821 4572 Null - ok
14:11:37.0841 4572 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:11:37.0841 4572 nvraid - ok
14:11:37.0851 4572 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:11:37.0901 4572 nvstor - ok
14:11:37.0931 4572 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:11:37.0971 4572 nv_agp - ok
14:11:37.0981 4572 NwlnkFlt - ok
14:11:37.0981 4572 NwlnkFwd - ok
14:11:38.0121 4572 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:11:38.0281 4572 odserv - ok
14:11:38.0311 4572 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:11:38.0321 4572 ohci1394 - ok
14:11:38.0351 4572 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:11:38.0411 4572 ose - ok
14:11:38.0631 4572 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:11:38.0661 4572 p2pimsvc - ok
14:11:38.0671 4572 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
14:11:38.0681 4572 p2psvc - ok
14:11:38.0691 4572 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
14:11:38.0701 4572 Parport - ok
14:11:38.0731 4572 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:11:38.0731 4572 partmgr - ok
14:11:38.0771 4572 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
14:11:38.0771 4572 PcaSvc - ok
14:11:38.0801 4572 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
14:11:38.0801 4572 pci - ok
14:11:38.0821 4572 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
14:11:38.0821 4572 pciide - ok
14:11:38.0841 4572 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:11:38.0851 4572 pcmcia - ok
14:11:38.0871 4572 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:11:38.0881 4572 PEAUTH - ok
14:11:38.0961 4572 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:11:38.0981 4572 PerfHost - ok
14:11:39.0031 4572 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
14:11:39.0071 4572 pla - ok
14:11:39.0101 4572 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:11:39.0101 4572 PlugPlay - ok
14:11:39.0131 4572 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:11:39.0141 4572 PNRPAutoReg - ok
14:11:39.0151 4572 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:11:39.0151 4572 PNRPsvc - ok
14:11:39.0191 4572 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:11:39.0211 4572 PolicyAgent - ok
14:11:39.0251 4572 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:11:39.0271 4572 PptpMiniport - ok
14:11:39.0291 4572 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
14:11:39.0301 4572 Processor - ok
14:11:39.0331 4572 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
14:11:39.0331 4572 ProfSvc - ok
14:11:39.0341 4572 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
14:11:39.0341 4572 ProtectedStorage - ok
14:11:39.0391 4572 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:11:39.0391 4572 PSched - ok
14:11:39.0511 4572 [ 543A4EF0923BF70D126625B034EF25AF ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
14:11:39.0521 4572 PSI_SVC_2 - ok
14:11:39.0551 4572 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
14:11:39.0551 4572 PxHlpa64 - ok
14:11:39.0601 4572 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:11:39.0641 4572 ql2300 - ok
14:11:39.0681 4572 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:11:39.0691 4572 ql40xx - ok
14:11:39.0731 4572 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
14:11:39.0741 4572 QWAVE - ok
14:11:39.0771 4572 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:11:39.0781 4572 QWAVEdrv - ok
14:11:39.0901 4572 [ 2A09A6B271D1F50ADF5E33B37D460DE6 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
14:11:39.0951 4572 R300 - ok
14:11:39.0971 4572 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:11:39.0971 4572 RasAcd - ok
14:11:39.0991 4572 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
14:11:40.0001 4572 RasAuto - ok
14:11:40.0031 4572 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:11:40.0031 4572 Rasl2tp - ok
14:11:40.0051 4572 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
14:11:40.0051 4572 RasMan - ok
14:11:40.0081 4572 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:11:40.0091 4572 RasPppoe - ok
14:11:40.0121 4572 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:11:40.0121 4572 RasSstp - ok
14:11:40.0161 4572 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:11:40.0161 4572 rdbss - ok
14:11:40.0171 4572 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:11:40.0171 4572 RDPCDD - ok
14:11:40.0191 4572 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:11:40.0211 4572 rdpdr - ok
14:11:40.0211 4572 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:11:40.0211 4572 RDPENCDD - ok
14:11:40.0251 4572 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:11:40.0281 4572 RDPWD - ok
14:11:40.0301 4572 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:11:40.0311 4572 RemoteAccess - ok
14:11:40.0341 4572 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:11:40.0351 4572 RemoteRegistry - ok
14:11:40.0371 4572 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
14:11:40.0381 4572 RpcLocator - ok
14:11:40.0471 4572 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
14:11:40.0491 4572 RpcSs - ok
14:11:40.0511 4572 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:11:40.0511 4572 rspndr - ok
14:11:40.0521 4572 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
14:11:40.0521 4572 SamSs - ok
14:11:40.0551 4572 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:11:40.0561 4572 sbp2port - ok
14:11:40.0611 4572 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:11:40.0621 4572 SCardSvr - ok
14:11:40.0701 4572 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
14:11:40.0711 4572 Schedule - ok
14:11:40.0741 4572 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:11:40.0741 4572 SCPolicySvc - ok
14:11:40.0771 4572 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:11:40.0781 4572 SDRSVC - ok
14:11:40.0801 4572 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:11:40.0801 4572 secdrv - ok
14:11:40.0811 4572 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
14:11:40.0821 4572 seclogon - ok
14:11:40.0831 4572 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
14:11:40.0831 4572 SENS - ok
14:11:40.0851 4572 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:11:40.0851 4572 Serenum - ok
14:11:40.0871 4572 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
14:11:40.0901 4572 Serial - ok
14:11:40.0931 4572 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:11:40.0931 4572 sermouse - ok
14:11:40.0951 4572 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
14:11:40.0961 4572 SessionEnv - ok
14:11:40.0971 4572 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:11:40.0981 4572 sffdisk - ok
14:11:40.0991 4572 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:11:40.0991 4572 sffp_mmc - ok
14:11:41.0021 4572 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:11:41.0021 4572 sffp_sd - ok
14:11:41.0031 4572 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:11:41.0031 4572 sfloppy - ok
14:11:41.0061 4572 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:11:41.0071 4572 SharedAccess - ok
14:11:41.0111 4572 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:11:41.0111 4572 ShellHWDetection - ok
14:11:41.0131 4572 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:11:41.0131 4572 SiSRaid2 - ok
14:11:41.0141 4572 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:11:41.0151 4572 SiSRaid4 - ok
14:11:41.0331 4572 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
14:11:41.0361 4572 slsvc - ok
14:11:41.0401 4572 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:11:41.0411 4572 SLUINotify - ok
14:11:41.0441 4572 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:11:41.0441 4572 Smb - ok
14:11:41.0481 4572 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:11:41.0491 4572 SNMPTRAP - ok
14:11:41.0531 4572 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
14:11:41.0531 4572 spldr - ok
14:11:41.0561 4572 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
14:11:41.0561 4572 Spooler - ok
14:11:41.0631 4572 [ 90EF30C3867BCDE4579C01A6D6E75A7A ] SRTSP C:\Windows\System32\Drivers\N360x64\0502020.003\SRTSP64.SYS
14:11:41.0641 4572 SRTSP - ok
14:11:41.0661 4572 [ C513E8A5E7978DA49077F5484344EE1B ] SRTSPX C:\Windows\system32\drivers\N360x64\0502020.003\SRTSPX64.SYS
14:11:41.0661 4572 SRTSPX - ok
14:11:41.0701 4572 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
14:11:41.0701 4572 srv - ok
14:11:41.0721 4572 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:11:41.0721 4572 srv2 - ok
14:11:41.0741 4572 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:11:41.0741 4572 srvnet - ok
14:11:41.0771 4572 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:11:41.0781 4572 SSDPSRV - ok
14:11:41.0801 4572 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:11:41.0811 4572 SstpSvc - ok
14:11:42.0001 4572 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
14:11:42.0031 4572 stisvc - ok
14:11:42.0061 4572 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
14:11:42.0071 4572 stllssvr - ok
14:11:42.0091 4572 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:11:42.0091 4572 swenum - ok
14:11:42.0131 4572 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
14:11:42.0151 4572 swprv - ok
14:11:42.0161 4572 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:11:42.0171 4572 Symc8xx - ok
14:11:42.0201 4572 [ 6160145C7A87FC7672E8E3B886888176 ] SymDS C:\Windows\system32\drivers\N360x64\0502020.003\SYMDS64.SYS
14:11:42.0211 4572 SymDS - ok
14:11:42.0261 4572 [ 96AEED40D4D3521568B42027687E69E0 ] SymEFA C:\Windows\system32\drivers\N360x64\0502020.003\SYMEFA64.SYS
14:11:42.0271 4572 SymEFA - ok
14:11:42.0301 4572 [ 21A1C2D694C3CF962D31F5E873AB3D6F ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
14:11:42.0311 4572 SymEvent - ok
14:11:42.0321 4572 [ BD0D711D8CBFCAA19CA123306EAF53A5 ] SymIRON C:\Windows\system32\drivers\N360x64\0502020.003\Ironx64.SYS
14:11:42.0331 4572 SymIRON - ok
14:11:42.0351 4572 [ 61D06BE74FA23EBB7D816E4468EDD19E ] SYMTDIv C:\Windows\System32\Drivers\N360x64\0502020.003\SYMTDIV.SYS
14:11:42.0371 4572 SYMTDIv - ok
14:11:42.0401 4572 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:11:42.0411 4572 Sym_hi - ok
14:11:42.0421 4572 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:11:42.0471 4572 Sym_u3 - ok
14:11:42.0581 4572 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
14:11:42.0591 4572 SysMain - ok
14:11:42.0621 4572 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:11:42.0631 4572 TabletInputService - ok
14:11:42.0701 4572 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:11:42.0701 4572 TapiSrv - ok
14:11:42.0761 4572 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
14:11:42.0781 4572 TBS - ok
14:11:42.0851 4572 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:11:42.0861 4572 Tcpip - ok
14:11:42.0921 4572 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:11:42.0931 4572 Tcpip6 - ok
14:11:42.0971 4572 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:11:42.0991 4572 tcpipreg - ok
14:11:43.0001 4572 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:11:43.0011 4572 TDPIPE - ok
14:11:43.0021 4572 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:11:43.0031 4572 TDTCP - ok
14:11:43.0071 4572 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:11:43.0071 4572 tdx - ok
14:11:43.0091 4572 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:11:43.0091 4572 TermDD - ok
14:11:43.0121 4572 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
14:11:43.0131 4572 TermService - ok
14:11:43.0151 4572 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
14:11:43.0151 4572 Themes - ok
14:11:43.0181 4572 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
14:11:43.0191 4572 THREADORDER - ok
14:11:43.0201 4572 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
14:11:43.0211 4572 TrkWks - ok
14:11:43.0281 4572 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:11:43.0291 4572 TrustedInstaller - ok
14:11:43.0311 4572 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:11:43.0321 4572 tssecsrv - ok
14:11:43.0351 4572 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:11:43.0351 4572 tunmp - ok
14:11:43.0401 4572 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:11:43.0401 4572 tunnel - ok
14:11:43.0421 4572 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:11:43.0481 4572 uagp35 - ok
14:11:43.0511 4572 UdfReadr_xp - ok
14:11:43.0551 4572 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:11:43.0571 4572 udfs - ok
14:11:43.0601 4572 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:11:43.0611 4572 UI0Detect - ok
14:11:43.0631 4572 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:11:43.0661 4572 uliagpkx - ok
14:11:43.0701 4572 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:11:43.0711 4572 uliahci - ok
14:11:43.0721 4572 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:11:43.0741 4572 UlSata - ok
14:11:43.0751 4572 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:11:43.0761 4572 ulsata2 - ok
14:11:43.0781 4572 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:11:43.0791 4572 umbus - ok
14:11:43.0811 4572 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
14:11:43.0811 4572 upnphost - ok
14:11:43.0931 4572 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:11:43.0971 4572 USBAAPL64 - ok
14:11:44.0001 4572 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:11:44.0001 4572 usbccgp - ok
14:11:44.0011 4572 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:11:44.0021 4572 usbcir - ok
14:11:44.0051 4572 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:11:44.0051 4572 usbehci - ok
14:11:44.0071 4572 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:11:44.0081 4572 usbhub - ok
14:11:44.0091 4572 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:11:44.0091 4572 usbohci - ok
14:11:44.0131 4572 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:11:44.0131 4572 usbprint - ok
14:11:44.0171 4572 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:11:44.0181 4572 USBSTOR - ok
14:11:44.0211 4572 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:11:44.0211 4572 usbuhci - ok
14:11:44.0231 4572 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
14:11:44.0231 4572 UxSms - ok
14:11:44.0361 4572 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
14:11:44.0421 4572 vds - ok
14:11:44.0441 4572 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:11:44.0461 4572 vga - ok
14:11:44.0491 4572 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
14:11:44.0491 4572 VgaSave - ok
14:11:44.0511 4572 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
14:11:44.0551 4572 viaide - ok
14:11:44.0571 4572 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:11:44.0571 4572 volmgr - ok
14:11:44.0601 4572 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:11:44.0601 4572 volmgrx - ok
14:11:44.0631 4572 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:11:44.0641 4572 volsnap - ok
14:11:44.0651 4572 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:11:44.0671 4572 vsmraid - ok
14:11:44.0741 4572 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
14:11:44.0801 4572 VSS - ok
14:11:44.0841 4572 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
14:11:44.0851 4572 W32Time - ok
14:11:44.0871 4572 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:11:44.0871 4572 WacomPen - ok
14:11:44.0901 4572 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:11:44.0901 4572 Wanarp - ok
14:11:44.0901 4572 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:11:44.0911 4572 Wanarpv6 - ok
14:11:44.0931 4572 [ ECEB715BECE47E101DDEC06B11126066 ] wanatw C:\Windows\system32\DRIVERS\wanatw64.sys
14:11:44.0941 4572 wanatw - ok
14:11:44.0971 4572 [ 909F2DC0DA7F57D229A05EE90647B2C3 ] WANMiniportService C:\Windows\wanmpsvc.exe
14:11:44.0981 4572 WANMiniportService - ok
14:11:45.0001 4572 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:11:45.0031 4572 wcncsvc - ok
14:11:45.0061 4572 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:11:45.0071 4572 WcsPlugInService - ok
14:11:45.0081 4572 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
14:11:45.0091 4572 Wd - ok
14:11:45.0111 4572 [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:11:45.0121 4572 Wdf01000 - ok
14:11:45.0141 4572 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:11:45.0141 4572 WdiServiceHost - ok
14:11:45.0141 4572 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:11:45.0141 4572 WdiSystemHost - ok
14:11:45.0161 4572 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
14:11:45.0161 4572 WebClient - ok
14:11:45.0191 4572 [ BD9A749F36710FFA02E0E530F7451936 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:11:45.0201 4572 Wecsvc - ok
14:11:45.0221 4572 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:11:45.0231 4572 wercplsupport - ok
14:11:45.0241 4572 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
14:11:45.0241 4572 WerSvc - ok
14:11:45.0261 4572 WinDefend - ok
14:11:45.0261 4572 WinHttpAutoProxySvc - ok
14:11:45.0311 4572 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:11:45.0311 4572 Winmgmt - ok
14:11:45.0411 4572 [ 42717DB2BE3A075D0F0CD5C927C27A43 ] WinRM C:\Windows\system32\WsmSvc.dll
14:11:45.0461 4572 WinRM - ok
14:11:45.0511 4572 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb C:\Windows\system32\DRIVERS\WinUSB.SYS
14:11:45.0521 4572 winusb - ok
14:11:45.0661 4572 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:11:45.0681 4572 Wlansvc - ok
14:11:45.0701 4572 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:11:45.0711 4572 WmiAcpi - ok
14:11:45.0741 4572 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:11:45.0751 4572 wmiApSrv - ok
14:11:45.0761 4572 WMPNetworkSvc - ok
14:11:45.0801 4572 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:11:45.0811 4572 WPCSvc - ok
14:11:45.0821 4572 [ A27C8F92D84E2DDC151978E4692C978E ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:11:45.0821 4572 WPDBusEnum - ok
14:11:45.0861 4572 [ 6329D1990DB931073B86AB5946D8E317 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:11:45.0871 4572 WpdUsb - ok
14:11:46.0041 4572 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:11:46.0081 4572 WPFFontCache_v0400 - ok
14:11:46.0091 4572 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:11:46.0091 4572 ws2ifsl - ok
14:11:46.0121 4572 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\system32\wscsvc.dll
14:11:46.0121 4572 wscsvc - ok
14:11:46.0121 4572 WSearch - ok
14:11:46.0361 4572 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:11:46.0501 4572 wuauserv - ok
14:11:46.0541 4572 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:11:46.0561 4572 WUDFRd - ok
14:11:46.0591 4572 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:11:46.0591 4572 wudfsvc - ok
14:11:46.0601 4572 ================ Scan global ===============================
14:11:46.0621 4572 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
14:11:46.0721 4572 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:11:46.0761 4572 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
14:11:46.0891 4572 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
14:11:46.0891 4572 [Global] - ok
14:11:46.0891 4572 ================ Scan MBR ==================================
14:11:46.0901 4572 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:11:47.0421 4572 \Device\Harddisk0\DR0 - ok
14:11:47.0421 4572 ================ Scan VBR ==================================
14:11:47.0441 4572 [ F2C35CFBA1856AE4FB941B88B3BC5218 ] \Device\Harddisk0\DR0\Partition1
14:11:47.0441 4572 \Device\Harddisk0\DR0\Partition1 - ok
14:11:47.0451 4572 [ 5C82433FC1313FE023B9D840C4B0E4F8 ] \Device\Harddisk0\DR0\Partition2
14:11:47.0451 4572 \Device\Harddisk0\DR0\Partition2 - ok
14:11:47.0451 4572 ============================================================
14:11:47.0451 4572 Scan finished
14:11:47.0451 4572 ============================================================
14:11:47.0461 5820 Detected object count: 0
14:11:47.0461 5820 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 27 September 2012 - 01:16 PM

Thank you and I will be waiting for the aswMBR report


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 chris1gill

chris1gill
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 27 September 2012 - 01:29 PM

Here are the results from the aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-27 14:14:41
-----------------------------
14:14:41.663 OS Version: Windows x64 6.0.6002 Service Pack 2
14:14:41.663 Number of processors: 2 586 0x1706
14:14:41.664 ComputerName: GILLFAMILY-PC UserName: Chris
14:14:43.521 Initialize success
14:16:29.787 AVAST engine defs: 12092700
14:17:04.038 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:17:04.041 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01113 Size: 610480MB BusType: 3
14:17:04.089 Disk 0 MBR read successfully
14:17:04.092 Disk 0 MBR scan
14:17:04.098 Disk 0 Windows VISTA default MBR code
14:17:04.113 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
14:17:04.131 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
14:17:04.149 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 600184 MB offset 21084160
14:17:04.200 Disk 0 scanning C:\Windows\system32\drivers
14:17:13.545 Service scanning
14:17:32.647 Modules scanning
14:17:32.655 Disk 0 trace - called modules:
14:17:32.682 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:17:32.688 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800582b790]
14:17:32.693 3 CLASSPNP.SYS[fffffa6000d32c33] -> nt!IofCallDriver -> [0xfffffa80048609b0]
14:17:32.698 5 acpi.sys[fffffa6000901fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004869060]
14:17:34.511 AVAST engine scan C:\Windows
14:17:42.323 AVAST engine scan C:\Windows\system32
14:23:05.093 AVAST engine scan C:\Windows\system32\drivers
14:23:19.121 AVAST engine scan C:\Users\Chris
14:27:01.081 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Documents\MBR.dat"
14:27:01.091 The log file has been saved successfully to "C:\Users\Chris\Documents\aswMBR.txt"

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 27 September 2012 - 02:35 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 chris1gill

chris1gill
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 27 September 2012 - 02:47 PM

[quote name='gringo_pr' timestamp='1348774507' post='2853293']

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

When I click on CFScript nothing downloads?

Thanks.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:44 PM

Posted 28 September 2012 - 02:46 AM

thee is nothing to download


please follow the steps starting by Open Notepad and copy/paste the text in the box into the window:

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 chris1gill

chris1gill
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 28 September 2012 - 08:28 AM

Here is the ComboFix report

ComboFix 12-09-27.02 - Chris 09/28/2012 8:57.4.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.2004 [GMT -4:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\cfscript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 13:06 . 2012-09-28 13:06 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2012-09-28 13:06 . 2012-09-28 13:06 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2012-09-28 13:06 . 2012-09-28 13:06 -------- d-----w- c:\users\Marty\AppData\Local\temp
2012-09-28 13:06 . 2012-09-28 13:06 -------- d-----w- c:\users\Gill Family\AppData\Local\temp
2012-09-28 13:06 . 2012-09-28 13:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 13:06 . 2012-09-28 13:06 -------- d-----w- c:\users\Andrew\AppData\Local\temp
2012-08-30 14:13 . 2012-09-06 00:35 -------- d-----w- c:\program files (x86)\PC Tools
2012-08-30 13:58 . 2012-09-06 00:35 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-08-30 13:58 . 2012-06-22 19:35 251560 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-08-30 13:57 . 2012-08-30 17:41 -------- d-----w- c:\programdata\PC Tools
2012-08-30 13:57 . 2012-08-30 13:57 -------- d-----w- c:\users\Chris\AppData\Roaming\TestApp
2012-08-30 13:14 . 2012-08-30 13:14 -------- d-----w- c:\program files (x86)\SMPlayer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 13:24 . 2012-04-27 00:00 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 13:24 . 2011-06-15 10:19 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-07-22 13:13 . 2010-05-08 12:18 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-16 06:40 . 2012-08-14 05:54 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1E068297-94C6-4D84-9688-7F453507A689}\mpengine.dll
2012-07-04 14:33 . 2012-08-16 07:08 2769408 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-30 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Chris\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"Facebook Update"="c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files (x86)\Common Files\AOL\1228338813\ee\AOLSoftware.exe" [2010-03-08 41800]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Gill Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Marty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AOL Desktop.lnk - c:\program files (x86)\Common Files\aol\Launch\aollaunch.exe [2010-3-8 41800]
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-11-27 292240]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2008-07-18 86016]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 86481542
*NewlyCreated* - ASWMBR
*Deregistered* - 86481542
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 13:24]
.
2012-09-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-331885996-993441621-104746560-1005Core.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-27 21:06]
.
2012-09-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-331885996-993441621-104746560-1005UA.job
- c:\users\Chris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-27 21:06]
.
2010-12-06 c:\windows\Tasks\FileTask.job
- c:\program files\FileTask\FileTask.exe [2010-08-27 19:55]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 01:57]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-22 01:57]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-331885996-993441621-104746560-1005Core.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 11:04]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-331885996-993441621-104746560-1005UA.job
- c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 11:04]
.
2010-12-06 c:\windows\Tasks\Update_FileTask.job
- c:\program files\FileTask\FileTask.exe [2010-08-27 19:55]
.
2012-09-28 c:\windows\Tasks\User_Feed_Synchronization-{4E3D1454-5BC2-4090-BB61-4C146E0DD36E}.job
- c:\windows\system32\msfeedssync.exe [2011-06-30 10:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-18 6453760]
"Skytel"="Skytel.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-05 137240]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-05 202264]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-05 165400]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.nbc.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Connection Wizard,ShellNext = hxxp://webmail.aol.com/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} - hxxp://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37320.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\1jny0dss.default\
FF - prefs.js: browser.startup.homepage - www.msnbc.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20111126&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-vfd-adk - c:\program files (x86)\OApps\vfd-adk_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2012-09-28 09:08:27
ComboFix-quarantined-files.txt 2012-09-28 13:08
ComboFix2.txt 2012-09-28 12:44
ComboFix3.txt 2012-09-27 15:24
ComboFix4.txt 2012-09-25 15:12
.
Pre-Run: 399,612,293,120 bytes free
Post-Run: 399,629,467,648 bytes free
.
- - End Of File - - 2AC3D58587CB233644EADEE423C1A99B


Google Chrome and Internet Explorer are free of the adds and pop ups. Firefox still has outside links in high lighted words and Google Ad Choices in web pages, it does not have the store coupons that were popping up before, that part of Firefox seems to be fixed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users