Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SCOUR VIRUS??


  • This topic is locked This topic is locked
16 replies to this topic

#1 Heidi2176

Heidi2176

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 21 October 2012 - 07:04 PM

After reading the most recently posted forum on this topic, I downloaded the Security Check and DDS. Reports below. Afterwards, my Norton indicated there was a trojan virus, but that it has been quarantined, so I assumed it was fixed...rebooted and the problem hasn't been resolved. Please help!! Thank you.


Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 18
Java™ 6 Update 2
Java version out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

I downloaded DDS. Here is my first report:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2008 1:52:13 AM
System Uptime: 10/21/2012 9:35:54 AM (8 hours ago)
.
Motherboard: Quanta | | 30CC
Processor: Intel® Core™2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1333/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 118.362 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.035 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0017
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #6
PNP Device ID: ROOT\*6TO4MP\0017
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0010
Manufacturer: Microsoft
Name: isatap.{C787F5EC-0475-4F9F-AD2B-6E069DE0F96F}
PNP Device ID: ROOT\*ISATAP\0010
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\*ISATAP\0076
Manufacturer:
Name:
PNP Device ID: ROOT\*ISATAP\0076
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description:
Device ID: ROOT\*ISATAP\0095
Manufacturer:
Name:
PNP Device ID: ROOT\*ISATAP\0095
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Airfoil
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
BufferChm
CCleaner
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
CyberLink YouCam
D3DX10
D4300
D4300_Help
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DJ_SF_03_D4300_ProductContext
DJ_SF_03_D4300_Software
DJ_SF_03_D4300_Software_Min
DVD Suite
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Chrome
Google Chrome Frame
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet D4300 Printer Driver Software 10.0 Rel .3
HP Doc Viewer
HP QuickTouch 1.00 C4
HP Update
HP User Guides 0087
HPAsset component for HP Active Support Library
Intel® Graphics Media Accelerator Driver
iTunes
Java™ 6 Update 18
Java™ 6 Update 2
Junk Mail filter update
LabelPrint
Linksys Dual-Band Wireless-N USB Network Adapter
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola SM56 Speakerphone Modem
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
Norton Security Suite
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Segoe UI
Skype Click to Call
Skype™ 5.10
Smart Defrag 2
Sonos Controller
Spotify
Synaptics Pointing Device Driver
System Requirements Lab
The Sims™ Life Stories
Toolbox
Unity Web Player
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Viewpoint Media Player
Visual C++ 8.0 CRT (x86) WinSXS MSM
WeatherBug Gadget
WebReg
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================

OTHER REPORT:
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421
Run by Heidi at 17:27:22 on 2012-10-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1055 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Heidi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2PHELBJC\Defogger.exe
C:\Users\Heidi\Desktop\SecurityCheck.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60516
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uProxyServer = :0
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\4.4.0.12\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:\program files\google\chrome\application\22.0.1229.94\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\4.4.0.12\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Spotify] "c:\users\heidi\appdata\roaming\spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "c:\users\heidi\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [CrashDumps] rundll32.exe "c:\users\heidi\appdata\local\deployment\crashdumps\wvsbpify.dll",DllRegisterServerW
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdSync.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\heidi\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
TCP: NameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{0373F05A-4DBB-48B7-B5E1-6D67DCE05126} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{0C187B1F-FC4B-45FF-8753-2264EA38E7AD} : DHCPNameServer = 4.2.2.1
TCP: Interfaces\{C787F5EC-0475-4F9F-AD2B-6E069DE0F96F} : DHCPNameServer = 192.168.2.1 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\22.0.1229.94\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-8-27 15672]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0404000.00c\symds.sys [2011-10-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0404000.00c\symefa.sys [2011-10-31 173176]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20120928.001\BHDrvx86.sys [2012-10-1 995488]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0404000.00c\cchpx86.sys [2011-10-31 485512]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20121019.001\IDSvix86.sys [2012-10-19 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0404000.00c\ironx86.sys [2011-10-31 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0404000.00c\symtdiv.sys [2011-10-31 340088]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.4.0.12\ccsvchst.exe [2011-10-31 126400]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-8 106656]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c4996ec227de;Google Update Service (gupdate1c9c4996ec227de);c:\program files\google\update\GoogleUpdate.exe [2009-4-23 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-18 250808]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-23 133104]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 netr28u;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-12-14 570880]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-10-10 15:10:57 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 15:10:57 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 15:10:57 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 15:10:45 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 15:10:40 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 15:10:24 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 15:10:23 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-28 17:49:23 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 17:46:59 -------- d-----w- c:\program files\iPod
2012-09-28 17:46:56 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-28 17:46:56 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-10-16 04:58:25 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 04:58:22 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 19:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 17:28:31.63 ===============

Ran security check again and report was:

Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 18
Java™ 6 Update 2
Java version out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 21 October 2012 - 11:49 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Heidi2176

Heidi2176
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 22 October 2012 - 12:31 PM

Results of screen317's Security Check version 0.99.53
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Java™ 6 Update 18
Java™ 6 Update 2
Java version out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````

Results of AdwCleaner-
# AdwCleaner v2.005 - Logfile created 10/22/2012 at 11:05:22
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Heidi - HEIDI-PC
# Boot Mode : Normal
# Running from : C:\Users\Heidi\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Windows iLivid Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\Heidi\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\Bandoo
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\imeshbandmltbpi
Folder Deleted : C:\Users\Heidi\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Heidi\AppData\Roaming\Bandoo

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467E-B8D4-7786EDA79AE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60516 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [6169 octets] - [22/10/2012 11:05:22]

########## EOF - C:\AdwCleaner[S1].txt - [6229 octets] ##########

Results of --RogueKiller—wasn’t able to scan due to the following:

[00:00:0000] ***** Global Init *****
[00:00:0015] Has crashed before : Yes
[00:00:0015] Create mutex : RogueKiller
[00:00:0015] Mutex Created : 0x108
[00:00:0015] Fill lists
[00:00:0031] OS Language : English
[00:00:0031] Take Privileges
[00:00:0031] Modify Token
[00:00:0047] Set priority to HIGH
[00:00:0047] Getting Operating System
[00:00:0047] Os Getted : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
[00:00:0047] ***** Global Init OK *****
[00:00:0047] ***** GUI Init *****
[00:00:0062] Get build number
[00:00:0062] build number : RogueKiller (by Tigzy) -- v8.1.1
[00:00:0187] ***** GUI Init OK *****
[00:00:0203] ***** PreScan *****
[00:00:0203] Clear ListViews
[00:00:0203] Clear Objects : 0x0
[00:00:0218] Enum Windows
[00:00:0249] [Check Window] Eula - Please read
[00:00:0265] [Check Window] Debug log sending
[00:00:0265] [Check Window] Task Switching
[00:00:0265] [Check Window] Start
[00:00:0265] [Check Window] shutdown
[00:00:0281] [Check Window] Network Flyout
[00:00:0281] [Check Window] CiceroUIWndFrame
[00:00:0281] [Check Window] TF_FloatingLangBar_WndTitle
[00:00:0281] [Check Window] RogueKiller (by Tigzy) -- v8.1.1
[00:00:0296] [Check Window] Perfdisk PNP Window
[00:00:0296] [Check Window] Task Schedule
[00:00:0296] [Check Window] Latest News
[00:00:0312] [Check Window] Settings
[00:00:0312] [Check Window] About Smart Defrag
[00:00:0312] [Check Window] FormDisable
[00:00:0327] [Check Window] Smart Defrag 2
[00:00:0327] [Check Window] FormHint
[00:00:0327] [Check Window] MMDEVAPI Device Window
[00:00:0327] [Check Window] Skype™ - heidi2176
[00:00:0343] [Check Window] DeviceManager
[00:00:0343] [Check Window] DDE Server Window
[00:00:0343] [Check Window] C:\Users\Heidi\AppData\Roaming\Skype
[00:00:0343] [Check Window] TouchPad object helper window
[00:00:0359] [Check Window] MMDEVAPI Device Window
[00:00:0359] [Check Window] {A7E495BF-9589-4a6e-8479-DDA2D8D3C05F}
[00:00:0359] [Check Window] WinAMRestoreWnd
[00:00:0359] [Check Window] AppBar Bullet
[00:00:0374] [Check Window] Windows Sidebar
[00:00:0374] [Check Window] SidebarBroadcastWatcher
[00:00:0374] [Check Window] Realtek HD Audio CPL for Vista
[00:00:0374] [Check Window] HP Keyboard Utility
[00:00:0390] [Check Window] Touchpad driver tray icon window
[00:00:0390] [Check Window] TouchPad object helper window
[00:00:0390] [Check Window] Touchpad driver backward compatibility window
[00:00:0405] [Check Window] Touchpad driver helper window
[00:00:0405] [Check Window] Motorola SM56 Modem Helper
[00:00:0405] [Check Window] Motorola SM56 Modem Helper
[00:00:0405] [Check Window] HelperMsgListenerWnd
[00:00:0421] [Check Window] Motorola SM56 Modem Helper_hidingWindow
[00:00:0421] [Check Window] Motorola SM56 Modem Helper_hidingWindow
[00:00:0421] [Check Window] Microsoft OneNote 2010 - Windows taskbar
[00:00:0421] [Check Window] HkWndName
[00:00:0437] [Check Window] igfxtrayWindow
[00:00:0437] [Check Window] Start Menu
[00:00:0437] [Check Window] WindowsMobileDeviceWatcher
[00:00:0452] [Check Window] Windows Media Center
[00:00:0452] [Check Window] Windows Media Player Network Sharing Service
[00:00:0452] [Check Window] PersistWndName
[00:00:0452] [Check Window] HPWU
[00:00:0468] [Check Window] BluetoothNotificationAreaIconWindowClass
[00:00:0468] [Check Window] MS_WebcheckMonitor
[00:00:0468] [Check Window] MMDEVAPI Device Window
[00:00:0468] [Check Window] Battery Meter
[00:00:0468] [Check Window] Norton Security Suite
[00:00:0483] [Check Window] FWSesAlWndTitle
[00:00:0483] [Check Window] MCI command handling window
[00:00:0483] [Check Window] SYM_AVPAPP_WINDOW_NAME_{1BE293D4-E7AD-4314-B8C9-C088A7CC1E69}
[00:00:0483] [Check Window] Volume Notification Hidden Window
[00:00:0499] [Check Window] HotStartUAWindowClass
[00:00:0499] [Check Window] TaskEng - Task Scheduler Engine Process
[00:00:0499] [Check Window] TaskEng - Task Scheduler Engine Process
[00:00:0499] [Check Window] ccSvcHst
[00:00:0515] [Check Window] DWM Notification Window
[00:00:0515] [Check Window] GDI+ Window
[00:00:0515] [Check Window] Heidi
[00:00:0515] [Check Window] GDI+ Window
[00:00:0530] [Check Window] GDI+ Window
[00:00:0530] [Check Window] GDI+ Window
[00:00:0530] [Check Window] GDI+ Window
[00:00:0530] [Check Window] Program Manager
[00:00:0546] [Check Window] Default IME
[00:00:0546] [Check Window] MSCTFIME UI
[00:00:0546] [Check Window] Default IME
[00:00:0546] [Check Window] MSCTFIME UI
[00:00:0561] [Check Window] Default IME
[00:00:0561] [Check Window] Default IME
[00:00:0561] [Check Window] Default IME
[00:00:0561] [Check Window] Default IME
[00:00:0561] [Check Window] Default IME
[00:00:0577] [Check Window] Default IME
[00:00:0577] [Check Window] Default IME
[00:00:0577] [Check Window] Default IME
[00:00:0593] [Check Window] Default IME
[00:00:0593] [Check Window] Default IME
[00:00:0593] [Check Window] MSCTFIME UI
[00:00:0593] [Check Window] Default IME
[00:00:0608] [Check Window] Default IME
[00:00:0608] [Check Window] Default IME
[00:00:0608] [Check Window] Default IME
[00:00:0608] [Check Window] Default IME
[00:00:0624] [Check Window] Default IME
[00:00:0624] [Check Window] MSCTFIME UI
[00:00:0624] [Check Window] Default IME
[00:00:0624] [Check Window] Default IME
[00:00:0639] [Check Window] Default IME
[00:00:0639] [Check Window] Default IME
[00:00:0639] [Check Window] Default IME
[00:00:0639] [Check Window] Default IME
[00:00:0655] [Check Window] Default IME
[00:00:0655] [Check Window] Default IME
[00:00:0655] [Check Window] Default IME
[00:00:0655] [Check Window] Default IME
[00:00:0671] [Check Window] Default IME
[00:00:0671] [Check Window] Default IME
[00:00:0671] [Check Window] Default IME
[00:00:0671] [Check Window] Default IME
[00:00:0671] [Check Window] Default IME
[00:00:0686] [Check Window] Default IME
[00:00:0686] [Check Window] Default IME
[00:00:0686] [Check Window] MSCTFIME UI
[00:00:0686] [Check Window] Default IME
[00:00:0702] [Check Window] Default IME
[00:00:0702] [Check Window] Default IME
[00:00:0702] [Check Window] MSCTFIME UI
[00:00:0702] [Check Window] Default IME
[00:00:0717] [Check Window] Default IME
[00:00:0717] [Check Window] Default IME
[00:00:0717] [Check Window] Default IME
[00:00:0717] [Check Window] Default IME
[00:00:0733] [Check Window] Default IME
[00:00:0733] [Check Window] Default IME
[00:00:0733] [Check Window] Default IME
[00:00:0733] [Check Window] Default IME
[00:00:0749] [Check Window] Default IME
[00:00:0749] [Check Window] Default IME
[00:00:0749] [Check Window] MSCTFIME UI
[00:00:0749] [Check Window] Default IME
[00:00:0764] [Check Processes] Service PID : 672

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 22 October 2012 - 12:44 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Heidi2176

Heidi2176
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 22 October 2012 - 01:55 PM

Log from Combofix
ComboFix 12-10-22.02 - Heidi 10/22/2012 12:29:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1515 [GMT -6:00]
Running from: c:\users\Heidi\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\16EA.tmp
c:\users\Heidi\AppData\Local\Deployment\CrashDumps\wvsbpify.dll
c:\users\Heidi\g2mdlhlpx.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-09-22 to 2012-10-22 )))))))))))))))))))))))))))))))
.
.
2012-10-22 18:41 . 2012-10-22 18:42 -------- d-----w- c:\users\Heidi\AppData\Local\temp
2012-10-22 18:41 . 2012-10-22 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 15:10 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 15:10 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 15:10 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 15:10 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 15:10 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 15:10 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-10 15:10 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-09-28 17:49 . 2012-08-21 19:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-28 17:46 . 2012-09-28 17:46 -------- d-----w- c:\program files\iPod
2012-09-28 17:46 . 2012-09-28 17:49 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-28 17:46 . 2012-09-28 17:49 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 04:58 . 2012-04-18 20:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-16 04:58 . 2012-01-07 17:33 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 19:01 . 2010-06-12 21:19 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Spotify"="c:\users\Heidi\AppData\Roaming\Spotify\Spotify.exe" [2012-08-25 5576408]
"Spotify Web Helper"="c:\users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-25 1193176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 04:58]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 04:58]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 04:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
Trusted Zone: innovativemerchantsystems.com\remote
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-CrashDumps - c:\users\Heidi\AppData\Local\Deployment\CrashDumps\wvsbpify.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-22 12:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Heidi\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e289a40]
"imagepath"="\??\c:\windows\TEMP\3E7F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-10-22 12:44:56
ComboFix-quarantined-files.txt 2012-10-22 18:44
.
Pre-Run: 126,641,692,672 bytes free
Post-Run: 126,648,598,528 bytes free
.
- - End Of File - - C4FACC2B2F3D8F5E52E8D30547B97F24
• let me know of any problems you may have had
I had to temporarily disable additional features of the Norton Security Suite in order for the ComboFix to work properly.
• How is the computer doing now?
I’ve tried google a few times and don’t seem to have any issues. Should I make any other changes at this time?
Thank you very much!!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 22 October 2012 - 02:57 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Heidi2176

Heidi2176
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 22 October 2012 - 07:52 PM

Tdsskiller report:

14:14:52.0913 4948 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
14:14:54.0872 4948 ============================================================
14:14:54.0872 4948 Current date / time: 2012/10/22 14:14:54.0872
14:14:54.0872 4948 SystemInfo:
14:14:54.0872 4948
14:14:54.0872 4948 OS Version: 6.0.6002 ServicePack: 2.0
14:14:54.0872 4948 Product type: Workstation
14:14:54.0872 4948 ComputerName: HEIDI-PC
14:14:54.0872 4948 UserName: Heidi
14:14:54.0872 4948 Windows directory: C:\Windows
14:14:54.0872 4948 System windows directory: C:\Windows
14:14:54.0872 4948 Processor architecture: Intel x86
14:14:54.0872 4948 Number of processors: 2
14:14:54.0872 4948 Page size: 0x1000
14:14:54.0872 4948 Boot type: Normal boot
14:14:54.0873 4948 ============================================================
14:14:59.0109 4948 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:14:59.0111 4948 ============================================================
14:14:59.0111 4948 \Device\Harddisk0\DR0:
14:14:59.0112 4948 MBR partitions:
14:14:59.0112 4948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BA57689
14:14:59.0112 4948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BA576C8, BlocksNum 0x176CEB9
14:14:59.0112 4948 ============================================================
14:14:59.0138 4948 C: <-> \Device\Harddisk0\DR0\Partition1
14:14:59.0257 4948 D: <-> \Device\Harddisk0\DR0\Partition2
14:14:59.0257 4948 ============================================================
14:14:59.0257 4948 Initialize success
14:14:59.0257 4948 ============================================================
14:15:53.0119 0572 ============================================================
14:15:53.0119 0572 Scan started
14:15:53.0119 0572 Mode: Manual;
14:15:53.0119 0572 ============================================================
14:15:56.0630 0572 ================ Scan system memory ========================
14:15:56.0630 0572 System memory - ok
14:15:56.0631 0572 ================ Scan services =============================
14:15:57.0478 0572 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:15:57.0856 0572 ACPI - ok
14:15:58.0257 0572 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
14:15:58.0335 0572 AdobeARMservice - ok
14:15:58.0556 0572 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:15:58.0768 0572 AdobeFlashPlayerUpdateSvc - ok
14:15:58.0919 0572 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:15:59.0007 0572 adp94xx - ok
14:15:59.0156 0572 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:15:59.0204 0572 adpahci - ok
14:15:59.0289 0572 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:15:59.0590 0572 adpu160m - ok
14:15:59.0765 0572 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:16:00.0176 0572 adpu320 - ok
14:16:00.0261 0572 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:16:00.0264 0572 AeLookupSvc - ok
14:16:00.0590 0572 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:16:00.0631 0572 AFD - ok
14:16:00.0804 0572 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:16:00.0876 0572 agp440 - ok
14:16:01.0029 0572 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:16:01.0163 0572 aic78xx - ok
14:16:01.0214 0572 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:16:01.0348 0572 ALG - ok
14:16:01.0462 0572 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:16:01.0573 0572 aliide - ok
14:16:01.0678 0572 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:16:01.0900 0572 amdagp - ok
14:16:01.0991 0572 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:16:02.0413 0572 amdide - ok
14:16:02.0547 0572 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:16:02.0769 0572 AmdK7 - ok
14:16:02.0888 0572 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:16:03.0089 0572 AmdK8 - ok
14:16:03.0243 0572 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
14:16:03.0246 0572 Appinfo - ok
14:16:03.0524 0572 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:16:03.0528 0572 Apple Mobile Device - ok
14:16:03.0772 0572 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:16:03.0830 0572 arc - ok
14:16:04.0005 0572 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:16:04.0283 0572 arcsas - ok
14:16:04.0378 0572 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:16:04.0523 0572 AsyncMac - ok
14:16:04.0659 0572 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:16:04.0660 0572 atapi - ok
14:16:04.0766 0572 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:16:04.0967 0572 AudioEndpointBuilder - ok
14:16:05.0099 0572 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:16:05.0104 0572 Audiosrv - ok
14:16:05.0916 0572 [ 34A0A6386256080F52C74076C6157026 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys
14:16:06.0443 0572 BCM43XV - ok
14:16:07.0077 0572 [ 34A0A6386256080F52C74076C6157026 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
14:16:07.0087 0572 BCM43XX - ok
14:16:07.0214 0572 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:16:07.0325 0572 Beep - ok
14:16:07.0702 0572 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
14:16:07.0914 0572 BFE - ok
14:16:08.0865 0572 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120928.001\BHDrvx86.sys
14:16:09.0164 0572 BHDrvx86 - ok
14:16:09.0375 0572 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
14:16:09.0807 0572 BITS - ok
14:16:09.0909 0572 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:16:09.0959 0572 blbdrive - ok
14:16:10.0168 0572 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:16:10.0197 0572 Bonjour Service - ok
14:16:10.0360 0572 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:16:10.0571 0572 bowser - ok
14:16:10.0673 0572 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:16:10.0725 0572 BrFiltLo - ok
14:16:10.0800 0572 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:16:10.0967 0572 BrFiltUp - ok
14:16:11.0068 0572 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:16:11.0102 0572 Browser - ok
14:16:11.0175 0572 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:16:11.0563 0572 Brserid - ok
14:16:11.0626 0572 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:16:11.0815 0572 BrSerWdm - ok
14:16:11.0900 0572 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:16:11.0952 0572 BrUsbMdm - ok
14:16:12.0051 0572 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:16:12.0151 0572 BrUsbSer - ok
14:16:12.0195 0572 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:16:12.0473 0572 BTHMODEM - ok
14:16:13.0217 0572 catchme - ok
14:16:13.0635 0572 [ 1FA1C0E73ECA849BED29A47C508F7F17 ] ccHP C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys
14:16:13.0969 0572 ccHP - ok
14:16:14.0031 0572 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:16:14.0309 0572 cdfs - ok
14:16:14.0422 0572 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:16:14.0461 0572 cdrom - ok
14:16:14.0673 0572 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:16:14.0728 0572 CertPropSvc - ok
14:16:14.0787 0572 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:16:15.0054 0572 circlass - ok
14:16:15.0297 0572 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:16:15.0542 0572 CLFS - ok
14:16:15.0936 0572 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:16:15.0979 0572 clr_optimization_v2.0.50727_32 - ok
14:16:16.0218 0572 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:16:16.0817 0572 clr_optimization_v4.0.30319_32 - ok
14:16:16.0983 0572 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:16:17.0128 0572 CmBatt - ok
14:16:17.0221 0572 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:16:17.0499 0572 cmdide - ok
14:16:17.0706 0572 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:16:17.0837 0572 Compbatt - ok
14:16:17.0844 0572 COMSysApp - ok
14:16:17.0931 0572 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:16:18.0064 0572 crcdisk - ok
14:16:18.0153 0572 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:16:18.0309 0572 Crusoe - ok
14:16:18.0498 0572 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:16:18.0521 0572 CryptSvc - ok
14:16:18.0901 0572 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:16:19.0034 0572 DcomLaunch - ok
14:16:19.0098 0572 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:16:19.0254 0572 DfsC - ok
14:16:19.0641 0572 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:16:20.0039 0572 DFSR - ok
14:16:20.0266 0572 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:16:20.0272 0572 Dhcp - ok
14:16:20.0330 0572 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:16:20.0406 0572 disk - ok
14:16:20.0582 0572 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:16:20.0683 0572 Dnscache - ok
14:16:20.0725 0572 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:16:20.0759 0572 dot3svc - ok
14:16:20.0893 0572 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:16:20.0904 0572 DPS - ok
14:16:21.0016 0572 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:16:21.0127 0572 drmkaud - ok
14:16:21.0328 0572 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:16:21.0662 0572 DXGKrnl - ok
14:16:21.0836 0572 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:16:21.0888 0572 E1G60 - ok
14:16:22.0001 0572 e289a40 - ok
14:16:22.0058 0572 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:16:22.0060 0572 EapHost - ok
14:16:22.0420 0572 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:16:22.0709 0572 Ecache - ok
14:16:23.0039 0572 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
14:16:23.0351 0572 eeCtrl - ok
14:16:23.0883 0572 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:16:23.0970 0572 ehRecvr - ok
14:16:24.0065 0572 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
14:16:24.0232 0572 ehSched - ok
14:16:24.0342 0572 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
14:16:24.0454 0572 ehstart - ok
14:16:24.0662 0572 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:16:24.0727 0572 elxstor - ok
14:16:24.0931 0572 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:16:24.0976 0572 EMDMgmt - ok
14:16:25.0116 0572 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
14:16:25.0438 0572 EraserUtilRebootDrv - ok
14:16:25.0551 0572 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:16:25.0609 0572 ErrDev - ok
14:16:25.0786 0572 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:16:25.0818 0572 EventSystem - ok
14:16:25.0938 0572 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:16:26.0183 0572 exfat - ok
14:16:26.0330 0572 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:16:26.0781 0572 fastfat - ok
14:16:26.0869 0572 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:16:26.0898 0572 fdc - ok
14:16:27.0077 0572 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:16:27.0122 0572 fdPHost - ok
14:16:27.0147 0572 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:16:27.0151 0572 FDResPub - ok
14:16:27.0208 0572 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:16:27.0464 0572 FileInfo - ok
14:16:27.0615 0572 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:16:27.0716 0572 Filetrace - ok
14:16:27.0780 0572 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:16:27.0913 0572 flpydisk - ok
14:16:28.0093 0572 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:16:28.0216 0572 FltMgr - ok
14:16:28.0539 0572 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
14:16:28.0926 0572 FontCache - ok
14:16:29.0099 0572 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:16:29.0299 0572 FontCache3.0.0.0 - ok
14:16:29.0446 0572 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
14:16:29.0624 0572 fssfltr - ok
14:16:30.0079 0572 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
14:16:30.0356 0572 fsssvc - ok
14:16:30.0399 0572 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:16:30.0678 0572 Fs_Rec - ok
14:16:30.0866 0572 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:16:30.0955 0572 gagp30kx - ok
14:16:31.0075 0572 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:16:31.0197 0572 GEARAspiWDM - ok
14:16:31.0454 0572 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:16:31.0688 0572 gpsvc - ok
14:16:31.0950 0572 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9c4996ec227de C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:31.0955 0572 gupdate1c9c4996ec227de - ok
14:16:32.0094 0572 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:16:32.0096 0572 gupdatem - ok
14:16:32.0219 0572 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:16:32.0261 0572 gusvc - ok
14:16:32.0508 0572 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:16:32.0819 0572 HdAudAddService - ok
14:16:33.0074 0572 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:16:33.0287 0572 HDAudBus - ok
14:16:33.0322 0572 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:16:33.0353 0572 HidBth - ok
14:16:33.0477 0572 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:16:33.0632 0572 HidIr - ok
14:16:33.0829 0572 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
14:16:33.0922 0572 hidserv - ok
14:16:34.0020 0572 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:16:34.0307 0572 HidUsb - ok
14:16:34.0401 0572 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:16:34.0512 0572 hkmsvc - ok
14:16:34.0559 0572 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:16:34.0628 0572 HpCISSs - ok
14:16:34.0786 0572 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
14:16:34.0985 0572 HpqKbFiltr - ok
14:16:35.0168 0572 [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
14:16:35.0324 0572 HpqRemHid - ok
14:16:35.0465 0572 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
14:16:35.0537 0572 HSFHWAZL - ok
14:16:36.0016 0572 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
14:16:36.0851 0572 HSF_DPV - ok
14:16:37.0189 0572 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:16:37.0631 0572 HTTP - ok
14:16:37.0745 0572 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:16:37.0923 0572 i2omp - ok
14:16:38.0084 0572 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:16:38.0139 0572 i8042prt - ok
14:16:38.0163 0572 iaStor - ok
14:16:38.0328 0572 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:16:38.0717 0572 iaStorV - ok
14:16:38.0966 0572 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:16:39.0310 0572 IDriverT - ok
14:16:39.0806 0572 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:16:40.0186 0572 idsvc - ok
14:16:40.0464 0572 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20121019.001\IDSvix86.sys
14:16:40.0518 0572 IDSVix86 - ok
14:16:41.0088 0572 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
14:16:41.0647 0572 igfx - ok
14:16:41.0719 0572 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:16:41.0897 0572 iirsp - ok
14:16:42.0122 0572 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:16:42.0345 0572 IKEEXT - ok
14:16:42.0977 0572 [ 1F10ED6F98C57EFB4E7FB9972B2DBB71 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:16:43.0344 0572 IntcAzAudAddService - ok
14:16:43.0442 0572 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:16:43.0654 0572 intelide - ok
14:16:43.0740 0572 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:16:43.0873 0572 intelppm - ok
14:16:43.0991 0572 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:16:44.0213 0572 IPBusEnum - ok
14:16:44.0309 0572 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:16:44.0339 0572 IpFilterDriver - ok
14:16:44.0424 0572 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:16:44.0570 0572 iphlpsvc - ok
14:16:44.0578 0572 IpInIp - ok
14:16:44.0610 0572 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:16:44.0921 0572 IPMIDRV - ok
14:16:45.0047 0572 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:16:45.0214 0572 IPNAT - ok
14:16:45.0364 0572 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:16:45.0379 0572 iPod Service - ok
14:16:45.0408 0572 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:16:45.0664 0572 IRENUM - ok
14:16:45.0764 0572 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:16:45.0909 0572 isapnp - ok
14:16:46.0072 0572 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:16:46.0461 0572 iScsiPrt - ok
14:16:46.0537 0572 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:16:46.0567 0572 iteatapi - ok
14:16:46.0660 0572 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:16:46.0827 0572 iteraid - ok
14:16:46.0915 0572 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:16:47.0004 0572 kbdclass - ok
14:16:47.0114 0572 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:16:47.0214 0572 kbdhid - ok
14:16:47.0310 0572 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:16:47.0366 0572 KeyIso - ok
14:16:47.0661 0572 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:16:47.0951 0572 KSecDD - ok
14:16:48.0021 0572 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:16:48.0034 0572 KtmRm - ok
14:16:48.0205 0572 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
14:16:48.0293 0572 LanmanServer - ok
14:16:48.0462 0572 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:16:48.0497 0572 LanmanWorkstation - ok
14:16:48.0739 0572 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:16:48.0872 0572 lltdio - ok
14:16:49.0022 0572 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:16:49.0221 0572 lltdsvc - ok
14:16:49.0285 0572 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:16:49.0290 0572 lmhosts - ok
14:16:49.0417 0572 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:16:49.0706 0572 LSI_FC - ok
14:16:49.0759 0572 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:16:50.0126 0572 LSI_SAS - ok
14:16:50.0235 0572 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:16:50.0263 0572 LSI_SCSI - ok
14:16:50.0292 0572 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:16:50.0502 0572 luafv - ok
14:16:50.0632 0572 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:16:50.0705 0572 Mcx2Svc - ok
14:16:50.0816 0572 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:16:50.0983 0572 megasas - ok
14:16:51.0214 0572 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:16:51.0247 0572 MegaSR - ok
14:16:51.0386 0572 Microsoft SharePoint Workspace Audit Service - ok
14:16:51.0417 0572 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:16:51.0422 0572 MMCSS - ok
14:16:51.0458 0572 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:16:51.0636 0572 Modem - ok
14:16:51.0749 0572 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
14:16:51.0883 0572 MODEMCSA - ok
14:16:52.0001 0572 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:16:52.0213 0572 monitor - ok
14:16:52.0276 0572 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:16:52.0466 0572 mouclass - ok
14:16:52.0620 0572 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:16:52.0765 0572 mouhid - ok
14:16:52.0868 0572 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:16:53.0046 0572 MountMgr - ok
14:16:53.0210 0572 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:16:53.0287 0572 mpio - ok
14:16:53.0391 0572 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:16:53.0602 0572 mpsdrv - ok
14:16:53.0871 0572 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
14:16:53.0903 0572 MpsSvc - ok
14:16:53.0933 0572 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:16:54.0003 0572 Mraid35x - ok
14:16:54.0175 0572 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:16:54.0386 0572 MRxDAV - ok
14:16:54.0543 0572 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:16:54.0942 0572 mrxsmb - ok
14:16:55.0105 0572 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:16:55.0350 0572 mrxsmb10 - ok
14:16:55.0400 0572 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:16:55.0711 0572 mrxsmb20 - ok
14:16:55.0808 0572 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
14:16:55.0867 0572 msahci - ok
14:16:55.0998 0572 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:16:56.0176 0572 msdsm - ok
14:16:56.0226 0572 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:16:56.0427 0572 MSDTC - ok
14:16:56.0490 0572 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:16:56.0712 0572 Msfs - ok
14:16:56.0932 0572 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:16:56.0991 0572 msisadrv - ok
14:16:57.0031 0572 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:16:57.0072 0572 MSiSCSI - ok
14:16:57.0080 0572 msiserver - ok
14:16:57.0249 0572 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:16:57.0292 0572 MSKSSRV - ok
14:16:57.0369 0572 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:16:57.0591 0572 MSPCLOCK - ok
14:16:57.0755 0572 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:16:57.0900 0572 MSPQM - ok
14:16:58.0121 0572 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:16:58.0299 0572 MsRPC - ok
14:16:58.0348 0572 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:16:58.0404 0572 mssmbios - ok
14:16:58.0493 0572 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:16:58.0615 0572 MSTEE - ok
14:16:58.0752 0572 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:16:58.0864 0572 Mup - ok
14:16:59.0371 0572 [ B4187346F54E362DAFFE647B25A58D50 ] N360 C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
14:16:59.0373 0572 N360 - ok
14:16:59.0477 0572 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:16:59.0489 0572 napagent - ok
14:16:59.0701 0572 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:16:59.0879 0572 NativeWifiP - ok
14:17:00.0035 0572 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121021.008\NAVENG.SYS
14:17:00.0357 0572 NAVENG - ok
14:17:00.0926 0572 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20121021.008\NAVEX15.SYS
14:17:01.0396 0572 NAVEX15 - ok
14:17:01.0679 0572 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:17:01.0913 0572 NDIS - ok
14:17:01.0997 0572 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:17:02.0253 0572 NdisTapi - ok
14:17:02.0371 0572 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:17:02.0582 0572 Ndisuio - ok
14:17:02.0836 0572 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:17:02.0905 0572 NdisWan - ok
14:17:02.0997 0572 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:17:03.0142 0572 NDProxy - ok
14:17:03.0269 0572 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:17:03.0391 0572 NetBIOS - ok
14:17:03.0675 0572 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:17:03.0876 0572 netbt - ok
14:17:03.0922 0572 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:17:03.0925 0572 Netlogon - ok
14:17:04.0107 0572 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
14:17:04.0197 0572 Netman - ok
14:17:04.0384 0572 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
14:17:04.0440 0572 netprofm - ok
14:17:04.0548 0572 [ 0DA6B9A40EEF9F3EEDE12BC634FACAB7 ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
14:17:05.0215 0572 netr28u - ok
14:17:05.0341 0572 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:17:05.0808 0572 NetTcpPortSharing - ok
14:17:05.0947 0572 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:17:06.0049 0572 nfrd960 - ok
14:17:06.0238 0572 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:17:06.0261 0572 NlaSvc - ok
14:17:06.0350 0572 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:17:06.0495 0572 Npfs - ok
14:17:06.0687 0572 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
14:17:06.0693 0572 nsi - ok
14:17:06.0716 0572 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:17:06.0759 0572 nsiproxy - ok
14:17:06.0998 0572 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:17:07.0231 0572 Ntfs - ok
14:17:07.0337 0572 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:17:07.0559 0572 ntrigdigi - ok
14:17:07.0716 0572 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:17:07.0949 0572 Null - ok
14:17:08.0138 0572 [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD C:\Windows\system32\DRIVERS\nvm60x32.sys
14:17:08.0195 0572 NVENETFD - ok
14:17:08.0256 0572 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:17:08.0434 0572 nvraid - ok
14:17:08.0551 0572 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:17:08.0807 0572 nvstor - ok
14:17:08.0936 0572 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:17:09.0225 0572 nv_agp - ok
14:17:09.0233 0572 NwlnkFlt - ok
14:17:09.0247 0572 NwlnkFwd - ok
14:17:09.0345 0572 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
14:17:09.0403 0572 ohci1394 - ok
14:17:09.0674 0572 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:17:09.0718 0572 ose - ok
14:17:10.0843 0572 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:17:11.0056 0572 osppsvc - ok
14:17:11.0258 0572 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:17:11.0457 0572 p2pimsvc - ok
14:17:11.0857 0572 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:17:11.0864 0572 p2psvc - ok
14:17:11.0953 0572 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:17:12.0198 0572 Parport - ok
14:17:12.0242 0572 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:17:12.0542 0572 partmgr - ok
14:17:12.0648 0572 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:17:12.0722 0572 Parvdm - ok
14:17:12.0899 0572 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:17:12.0944 0572 PcaSvc - ok
14:17:13.0025 0572 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:17:13.0369 0572 pci - ok
14:17:13.0500 0572 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
14:17:13.0577 0572 pciide - ok
14:17:13.0824 0572 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:17:14.0036 0572 pcmcia - ok
14:17:14.0355 0572 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:17:14.0600 0572 PEAUTH - ok
14:17:14.0978 0572 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:17:15.0188 0572 pla - ok
14:17:15.0310 0572 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:17:15.0444 0572 PlugPlay - ok
14:17:15.0549 0572 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:17:15.0560 0572 PNRPAutoReg - ok
14:17:15.0583 0572 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:17:15.0595 0572 PNRPsvc - ok
14:17:15.0875 0572 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:17:16.0287 0572 PolicyAgent - ok
14:17:16.0375 0572 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:17:16.0497 0572 PptpMiniport - ok
14:17:16.0662 0572 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:17:16.0726 0572 Processor - ok
14:17:16.0928 0572 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:17:16.0951 0572 ProfSvc - ok
14:17:17.0001 0572 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:17:17.0004 0572 ProtectedStorage - ok
14:17:17.0131 0572 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:17:17.0298 0572 PSched - ok
14:17:17.0800 0572 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:17:18.0429 0572 ql2300 - ok
14:17:18.0459 0572 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:17:18.0792 0572 ql40xx - ok
14:17:18.0892 0572 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
14:17:18.0954 0572 QWAVE - ok
14:17:19.0045 0572 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:17:19.0123 0572 QWAVEdrv - ok
14:17:19.0395 0572 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
14:17:19.0463 0572 RapiMgr - ok
14:17:19.0520 0572 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:17:19.0709 0572 RasAcd - ok
14:17:19.0821 0572 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:17:19.0943 0572 RasAuto - ok
14:17:19.0987 0572 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:17:20.0209 0572 Rasl2tp - ok
14:17:20.0331 0572 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:17:20.0342 0572 RasMan - ok
14:17:20.0395 0572 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:17:20.0595 0572 RasPppoe - ok
14:17:20.0683 0572 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:17:20.0861 0572 RasSstp - ok
14:17:20.0975 0572 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:17:21.0218 0572 rdbss - ok
14:17:21.0318 0572 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:17:21.0607 0572 RDPCDD - ok
14:17:21.0804 0572 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:17:22.0304 0572 rdpdr - ok
14:17:22.0341 0572 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:17:22.0530 0572 RDPENCDD - ok
14:17:22.0747 0572 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:17:23.0103 0572 RDPWD - ok
14:17:23.0168 0572 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:17:23.0221 0572 RemoteAccess - ok
14:17:23.0386 0572 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:17:23.0641 0572 RemoteRegistry - ok
14:17:23.0996 0572 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
14:17:24.0164 0572 RichVideo - ok
14:17:24.0276 0572 [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
14:17:24.0363 0572 rimmptsk - ok
14:17:24.0529 0572 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
14:17:24.0929 0572 rimsptsk - ok
14:17:25.0027 0572 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
14:17:25.0150 0572 rismxdp - ok
14:17:25.0255 0572 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:17:25.0355 0572 RpcLocator - ok
14:17:25.0560 0572 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:17:25.0571 0572 RpcSs - ok
14:17:25.0604 0572 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:17:25.0638 0572 rspndr - ok
14:17:25.0909 0572 [ CB0BD9E10E3E244D312C106DEE1BBB93 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
14:17:25.0985 0572 RTL8169 - ok
14:17:26.0012 0572 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:17:26.0016 0572 SamSs - ok
14:17:26.0086 0572 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:17:26.0319 0572 sbp2port - ok
14:17:26.0427 0572 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:17:26.0499 0572 SCardSvr - ok
14:17:26.0843 0572 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:17:26.0908 0572 Schedule - ok
14:17:26.0999 0572 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:17:27.0000 0572 SCPolicySvc - ok
14:17:27.0129 0572 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
14:17:27.0171 0572 sdbus - ok
14:17:27.0256 0572 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:17:27.0601 0572 SDRSVC - ok
14:17:27.0816 0572 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:17:27.0824 0572 SeaPort - ok
14:17:27.0968 0572 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:17:28.0313 0572 secdrv - ok
14:17:28.0435 0572 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
14:17:28.0502 0572 seclogon - ok
14:17:28.0571 0572 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
14:17:28.0576 0572 SENS - ok
14:17:28.0635 0572 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
14:17:28.0835 0572 Serenum - ok
14:17:29.0001 0572 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:17:29.0234 0572 Serial - ok
14:17:29.0307 0572 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:17:29.0382 0572 sermouse - ok
14:17:29.0517 0572 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
14:17:29.0584 0572 SessionEnv - ok
14:17:29.0646 0572 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
14:17:29.0902 0572 sffdisk - ok
14:17:29.0966 0572 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:17:30.0133 0572 sffp_mmc - ok
14:17:30.0206 0572 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
14:17:30.0306 0572 sffp_sd - ok
14:17:30.0342 0572 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:17:30.0520 0572 sfloppy - ok
14:17:30.0681 0572 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:17:30.0804 0572 SharedAccess - ok
14:17:30.0962 0572 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:17:31.0029 0572 ShellHWDetection - ok
14:17:31.0057 0572 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:17:31.0091 0572 sisagp - ok
14:17:31.0147 0572 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:17:31.0314 0572 SiSRaid2 - ok
14:17:31.0467 0572 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:17:31.0689 0572 SiSRaid4 - ok
14:17:32.0185 0572 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
14:17:32.0386 0572 SkypeUpdate - ok
14:17:33.0445 0572 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:17:33.0756 0572 slsvc - ok
14:17:33.0948 0572 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
14:17:34.0071 0572 SLUINotify - ok
14:17:34.0199 0572 [ 46B40982AF166BF89C3F51FB13E60D6D ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
14:17:34.0578 0572 SmartDefragDriver - ok
14:17:34.0626 0572 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:17:34.0892 0572 Smb - ok
14:17:35.0050 0572 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
14:17:36.0194 0572 smserial - ok
14:17:36.0351 0572 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:17:36.0418 0572 SNMPTRAP - ok
14:17:36.0570 0572 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:17:36.0848 0572 spldr - ok
14:17:37.0045 0572 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:17:37.0145 0572 Spooler - ok
14:17:37.0433 0572 [ EC5C3C6260F4019B03DFAA03EC8CBF6A ] SRTSP C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS
14:17:37.0923 0572 SRTSP - ok
14:17:38.0073 0572 [ 55D5C37ED41231E3AC2063D16DF50840 ] SRTSPX C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS
14:17:38.0185 0572 SRTSPX - ok
14:17:38.0406 0572 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:17:38.0729 0572 srv - ok
14:17:38.0809 0572 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:17:38.0856 0572 srv2 - ok
14:17:38.0986 0572 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:17:39.0075 0572 srvnet - ok
14:17:39.0165 0572 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:17:39.0276 0572 SSDPSRV - ok
14:17:39.0341 0572 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:17:39.0450 0572 SstpSvc - ok
14:17:39.0582 0572 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:17:39.0601 0572 stisvc - ok
14:17:39.0703 0572 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:17:39.0870 0572 swenum - ok
14:17:40.0124 0572 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:17:40.0190 0572 swprv - ok
14:17:40.0232 0572 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:17:40.0377 0572 Symc8xx - ok
14:17:40.0553 0572 [ 56890BF9D9204B93042089D4B45AE671 ] SymDS C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS
14:17:40.0765 0572 SymDS - ok
14:17:40.0832 0572 [ 10BA64273FEFF4DF0A7CCB0FF3B9B26B ] SymEFA C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS
14:17:41.0121 0572 SymEFA - ok
14:17:41.0196 0572 [ 961B48B86F94D4CC8CEB483F8AA89374 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
14:17:41.0257 0572 SymEvent - ok
14:17:41.0303 0572 SymIMMP - ok
14:17:41.0383 0572 [ DC80FBF0A348E54853EF82EED4E11E35 ] SymIRON C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS
14:17:41.0439 0572 SymIRON - ok
14:17:41.0636 0572 [ B501D61792D8355EAE7EB4F7449A9D99 ] SYMTDIv C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS
14:17:41.0681 0572 SYMTDIv - ok
14:17:41.0768 0572 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:17:41.0980 0572 Sym_hi - ok
14:17:42.0043 0572 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:17:42.0177 0572 Sym_u3 - ok
14:17:42.0335 0572 [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
14:17:42.0402 0572 SynTP - ok
14:17:42.0466 0572 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
14:17:42.0710 0572 SysMain - ok
14:17:42.0782 0572 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:17:42.0791 0572 TabletInputService - ok
14:17:43.0002 0572 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:17:43.0225 0572 TapiSrv - ok
14:17:43.0335 0572 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:17:43.0380 0572 TBS - ok
14:17:43.0468 0572 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:17:43.0529 0572 Tcpip - ok
14:17:43.0562 0572 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:17:43.0574 0572 Tcpip6 - ok
14:17:43.0703 0572 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:17:43.0871 0572 tcpipreg - ok
14:17:44.0025 0572 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:17:44.0136 0572 TDPIPE - ok
14:17:44.0167 0572 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:17:44.0322 0572 TDTCP - ok
14:17:44.0421 0572 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:17:44.0643 0572 tdx - ok
14:17:44.0712 0572 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:17:44.0753 0572 TermDD - ok
14:17:45.0002 0572 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:17:45.0091 0572 TermService - ok
14:17:45.0161 0572 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:17:45.0165 0572 Themes - ok
14:17:45.0208 0572 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:17:45.0210 0572 THREADORDER - ok
14:17:45.0267 0572 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:17:45.0272 0572 TrkWks - ok
14:17:45.0401 0572 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:17:45.0568 0572 TrustedInstaller - ok
14:17:45.0743 0572 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:17:45.0899 0572 tssecsrv - ok
14:17:45.0998 0572 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:17:46.0121 0572 tunmp - ok
14:17:46.0217 0572 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:17:46.0340 0572 tunnel - ok
14:17:46.0433 0572 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:17:46.0556 0572 uagp35 - ok
14:17:46.0764 0572 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:17:47.0076 0572 udfs - ok
14:17:47.0134 0572 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:17:47.0356 0572 UI0Detect - ok
14:17:47.0452 0572 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:17:47.0564 0572 uliagpkx - ok
14:17:47.0753 0572 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:17:48.0120 0572 uliahci - ok
14:17:48.0149 0572 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:17:48.0338 0572 UlSata - ok
14:17:48.0387 0572 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:17:48.0687 0572 ulsata2 - ok
14:17:48.0785 0572 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:17:48.0887 0572 umbus - ok
14:17:49.0143 0572 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
14:17:49.0243 0572 upnphost - ok
14:17:49.0337 0572 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
14:17:49.0693 0572 USBAAPL - ok
14:17:49.0860 0572 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:17:50.0028 0572 usbccgp - ok
14:17:50.0202 0572 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:17:50.0446 0572 usbcir - ok
14:17:50.0555 0572 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:17:50.0609 0572 usbehci - ok
14:17:50.0765 0572 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:17:50.0988 0572 usbhub - ok
14:17:51.0050 0572 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:17:51.0087 0572 usbohci - ok
14:17:51.0181 0572 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:17:51.0314 0572 usbprint - ok
14:17:51.0420 0572 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:17:51.0576 0572 USBSTOR - ok
14:17:51.0674 0572 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:17:51.0819 0572 usbuhci - ok
14:17:51.0992 0572 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:17:52.0023 0572 usbvideo - ok
14:17:52.0164 0572 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
14:17:52.0286 0572 usb_rndisx - ok
14:17:52.0408 0572 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:17:52.0453 0572 UxSms - ok
14:17:52.0648 0572 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:17:52.0960 0572 vds - ok
14:17:53.0032 0572 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:17:53.0061 0572 vga - ok
14:17:53.0189 0572 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:17:53.0367 0572 VgaSave - ok
14:17:53.0441 0572 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:17:53.0652 0572 viaagp - ok
14:17:53.0724 0572 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:17:53.0902 0572 ViaC7 - ok
14:17:53.0969 0572 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:17:54.0125 0572 viaide - ok
14:17:54.0206 0572 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:17:54.0384 0572 volmgr - ok
14:17:54.0532 0572 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:17:54.0799 0572 volmgrx - ok
14:17:54.0929 0572 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:17:55.0229 0572 volsnap - ok
14:17:55.0283 0572 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:17:55.0329 0572 vsmraid - ok
14:17:55.0553 0572 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:17:55.0964 0572 VSS - ok
14:17:56.0027 0572 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:17:56.0039 0572 W32Time - ok
14:17:56.0091 0572 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:17:56.0141 0572 WacomPen - ok
14:17:56.0235 0572 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:17:56.0335 0572 Wanarp - ok
14:17:56.0379 0572 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:17:56.0381 0572 Wanarpv6 - ok
14:17:56.0504 0572 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
14:17:56.0514 0572 WcesComm - ok
14:17:56.0681 0572 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:17:57.0060 0572 wcncsvc - ok
14:17:57.0096 0572 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:17:57.0330 0572 WcsPlugInService - ok
14:17:57.0371 0572 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:17:57.0571 0572 Wd - ok
14:17:57.0753 0572 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:17:58.0042 0572 Wdf01000 - ok
14:17:58.0074 0572 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:17:58.0082 0572 WdiServiceHost - ok
14:17:58.0118 0572 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:17:58.0124 0572 WdiSystemHost - ok
14:17:58.0276 0572 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
14:17:58.0521 0572 WebClient - ok
14:17:58.0597 0572 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:17:58.0875 0572 Wecsvc - ok
14:17:58.0990 0572 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:17:59.0146 0572 wercplsupport - ok
14:17:59.0187 0572 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:17:59.0265 0572 WerSvc - ok
14:17:59.0346 0572 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
14:17:59.0401 0572 winachsf - ok
14:17:59.0708 0572 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
14:18:00.0064 0572 WinDefend - ok
14:18:00.0080 0572 WinHttpAutoProxySvc - ok
14:18:00.0281 0572 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:18:00.0287 0572 Winmgmt - ok
14:18:00.0539 0572 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:18:00.0978 0572 WinRM - ok
14:18:01.0217 0572 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:18:01.0247 0572 Wlansvc - ok
14:18:01.0455 0572 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:18:01.0667 0572 wlcrasvc - ok
14:18:02.0178 0572 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:18:02.0273 0572 wlidsvc - ok
14:18:02.0305 0572 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:18:02.0530 0572 WmiAcpi - ok
14:18:02.0580 0572 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:18:02.0623 0572 wmiApSrv - ok
14:18:02.0960 0572 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:18:03.0218 0572 WMPNetworkSvc - ok
14:18:03.0269 0572 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:18:03.0892 0572 WPCSvc - ok
14:18:04.0020 0572 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:18:04.0026 0572 WPDBusEnum - ok
14:18:04.0056 0572 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:18:04.0096 0572 WpdUsb - ok
14:18:04.0905 0572 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:18:05.0872 0572 WPFFontCache_v0400 - ok
14:18:06.0095 0572 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:18:06.0284 0572 ws2ifsl - ok
14:18:06.0327 0572 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
14:18:06.0334 0572 wscsvc - ok
14:18:06.0344 0572 WSearch - ok
14:18:06.0861 0572 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
14:18:07.0105 0572 wuauserv - ok
14:18:07.0194 0572 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:18:07.0449 0572 WUDFRd - ok
14:18:07.0554 0572 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:18:07.0562 0572 wudfsvc - ok
14:18:07.0643 0572 ================ Scan global ===============================
14:18:07.0700 0572 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:18:07.0888 0572 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:18:07.0960 0572 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:18:08.0186 0572 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:18:08.0217 0572 [Global] - ok
14:18:08.0218 0572 ================ Scan MBR ==================================
14:18:08.0254 0572 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
14:18:09.0833 0572 \Device\Harddisk0\DR0 - ok
14:18:09.0834 0572 ================ Scan VBR ==================================
14:18:09.0854 0572 [ CDFC19AB2B52440D5054C289FCC5B598 ] \Device\Harddisk0\DR0\Partition1
14:18:09.0857 0572 \Device\Harddisk0\DR0\Partition1 - ok
14:18:09.0911 0572 [ 4221CBBC10F3D96378E7CE3CF95FC8C0 ] \Device\Harddisk0\DR0\Partition2
14:18:10.0091 0572 \Device\Harddisk0\DR0\Partition2 - ok
14:18:10.0092 0572 ============================================================
14:18:10.0092 0572 Scan finished
14:18:10.0092 0572 ============================================================
14:18:10.0287 4356 Detected object count: 0
14:18:10.0287 4356 Actual detected object count: 0




aswMBR report:


If you have any problems running either one come back and let me know
The aswMBR caused my computer to crash. I’m going to attempt to run it again…
It ran successfully. Here is the aswMBR report:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-22 16:16:56
-----------------------------
16:16:56.963 OS Version: Windows 6.0.6002 Service Pack 2
16:16:56.964 Number of processors: 2 586 0xF0D
16:16:56.965 ComputerName: HEIDI-PC UserName: Heidi
16:17:33.408 Initialize success
16:17:50.273 AVAST engine defs: 12102201
16:18:28.651 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:18:28.656 Disk 0 Vendor: TOSHIBA_MK2552GSX LV011C Size: 238475MB BusType: 3
16:18:28.685 Disk 0 MBR read successfully
16:18:28.689 Disk 0 MBR scan
16:18:28.703 Disk 0 unknown MBR code
16:18:28.709 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226478 MB offset 63
16:18:28.786 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11993 MB offset 463828680
16:18:28.805 Disk 0 scanning sectors +488392065
16:18:29.069 Disk 0 scanning C:\Windows\system32\drivers
16:19:02.966 Service scanning
16:20:17.493 Modules scanning
16:20:58.952 Disk 0 trace - called modules:
16:20:58.981 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
16:20:58.987 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d7f120]
16:20:58.991 3 CLASSPNP.SYS[8a7b38b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8570f8a0]
16:21:04.016 AVAST engine scan C:\Windows
16:21:15.984 AVAST engine scan C:\Windows\system32
16:31:10.675 AVAST engine scan C:\Windows\system32\drivers
16:31:54.665 AVAST engine scan C:\Users\Heidi
16:59:22.410 AVAST engine scan C:\ProgramData
17:47:14.351 Scan finished successfully
18:48:40.818 Disk 0 MBR has been saved successfully to "C:\Users\Heidi\Desktop\MBR.dat"
18:48:40.830 The log file has been saved successfully to "C:\Users\Heidi\Desktop\aswMBR.txt"

Now what? It seems to be functioning properly now. Can I remove anything? Thank you, thank you!!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 23 October 2012 - 01:17 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Heidi2176

Heidi2176
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 23 October 2012 - 11:01 AM

"information and logs"
o report from Combofix
2012-08-24 06:43 . 2012-09-23 09:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-21 19:01 . 2010-06-12 21:19 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Spotify"="c:\users\Heidi\AppData\Roaming\Spotify\Spotify.exe" [2012-08-25 5576408]
"Spotify Web Helper"="c:\users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-25 1193176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Heidi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 04:58]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 04:58]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-24 04:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
Trusted Zone: innovativemerchantsystems.com\remote
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-23 09:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\e289a40]
"imagepath"="\??\c:\windows\TEMP\3E7F.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-10-23 09:48:40
ComboFix-quarantined-files.txt 2012-10-23 15:48
ComboFix2.txt 2012-10-22 18:44
.
Pre-Run: 121,907,732,480 bytes free
Post-Run: 122,034,044,928 bytes free
.
- - End Of File - - AC16FBBD317855D6016F256197ABDC07
o let me know of any problems you may have had
NONE
o How is the computer doing now after running the script?

seems to be working perfectly!

#10 Heidi2176

Heidi2176
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 23 October 2012 - 11:02 AM

I take that back....I can't open outlook??

#11 Heidi2176

Heidi2176
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 23 October 2012 - 11:18 AM

I rebooted my computer, and all my Microsoft Office Suite programs are now working again. :) Anything else I should do? I needed to temporarily disable my Norton Antivirus while the combofix ran again, but it is back on again. Thank you!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 23 October 2012 - 12:10 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 18
Java™ 6 Update 2
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Heidi2176

Heidi2176
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 23 October 2012 - 05:15 PM

o Log From MBAM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.23.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heidi :: HEIDI-PC [administrator]

10/23/2012 1:17:12 PM
mbam-log-2012-10-23 (13-17-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212454
Time elapsed: 10 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Heidi\AppData\Local\temp\ibtmpdb22480\component_566 (Adware.GamePlayLabs) -> Quarantined and deleted successfully.

(end)

report from Hijackthis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:57:15 PM, on 10/23/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Sonos\Sonos.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Heidi\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Spotify] "C:\Users\Heidi\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome\Application\22.0.1229.94\npchrome_frame.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9c4996ec227de) (gupdate1c9c4996ec227de) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 11614 bytes

o let me know of any problems you may have had
NONE
o How is the computer doing now?
So far so good!!! What else should I do?? Thanks much!!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:29 AM

Posted 23 October 2012 - 06:02 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
      O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
      O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [Spotify] "C:\Users\Heidi\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Heidi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Heidi2176

Heidi2176
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:12:29 AM

Posted 24 October 2012 - 11:36 PM

Everything went well until I ran the ESET SCAN...there were 3 threats found. Here is the report:

C:\Users\Heidi\AppData\Local\Google\Chrome\User Data\Default\Default\aadcdcdfdigddadagcgbdidcdedjdadb\background.html Win32/BHO.OEI trojan
C:\Users\Heidi\AppData\Local\temp\Free Download Manager793736.exe a variant of Win32/InstallBrain.L application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y69YDM0L\cat-and-dolphin-playing-together[1].htm HTML/ScrInject.B.Gen virus


Now what? Again, thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users