Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RECYCLER Virus Infection


  • This topic is locked This topic is locked
24 replies to this topic

#1 hYlAnDeR~TFC

hYlAnDeR~TFC

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 20 November 2012 - 10:42 AM

After a family member was using this computer in question, I noticed that it was running very slowly. So, I rebooted it and once at the desktop, Avira Free AntiVirus popped up "Detection" - Recycler infection located .... " Then after I tried to scan it with Avira, "Autorun.inf" warning popped up on both C: and E: drives. This is not my computer, so I do not use it very often, except to update the drivers, keep the programs up to date, and TRY to ensure that it remains virus free. However, the other members in the household evidently are not practicing safe computer use on the internet. I had assumed that the Avira Free Antivirus had cleaned the system because it did a complete scan and then did not detect anything further. I took a look at the event log and it said in the report that this event was blocked. So, I went back to what I was originally going to do on this computer, i.e. complete a defrag on it, and after it was done, I looked at some of the files that could not be defragged and it found several of those "RECYCLER" files on the C: and E: drives of the computer.



So, I tried to utilize Avira Free AntiVirus to remove the problem but it was unable to do so. Then, I tried to use MalwareBytes(Free Verstion), it too was unable to locate any infected files. I next tried to use SuperAntiSpyware and all it was able to do is get rid of was about 22 non-threatening Cookie trackers. Last night, I went to ESET and ran the free scan over night to see if it could locate and get rid of the virus. But, ESET free scan could not find anything either.

I did a search on this particular virus and found out that it somewhat difficult to remove. I looked at several websites and the various "how to" remove this virus, but I am not too good or comfortable with going real deep into the system registries to remove stuff. I also found out that this virus could have been transferred to a portable device such as an IPOD/ITouch. The other member in the family has an I-Touch and Itunes on this computer and I believe there is a good chance it may be on that I-Touch device too! So, I will need help to get this RECYCLER virus cleaned this computer and on the I-Touch just to be safe.

Thank you in advance for your assistance.
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

BC AdBot (Login to Remove)

 


#2 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 24 November 2012 - 11:26 AM

Sorry, I forgot to include the DDS Log and Attach files:


**********************************
**********************************



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.17114 BrowserJavaVersion: 10.9.2
Run by Janina Joy at 8:18:29 on 2012-11-24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.476 [GMT -8:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Free Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ww2.cox.com/myconnection/sandiego/home.cox
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ISW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:36
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\janina joy\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\janina joy\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{F0F2C541-B5D4-4040-BAD8-E4273C1079CE} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-7-9 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-7-9 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-7-9 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-7-9 83392]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-2-19 173880]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2012-11-09 02:58:56 558133 ----a-w- c:\windows\system32\sqlite3.dll
2012-11-05 03:25:41 -------- d-----w- c:\windows\ERUNT
2012-11-05 03:25:38 -------- d-----w- C:\JRT
2012-11-04 00:28:31 -------- d-----w- c:\documents and settings\janina joy\application data\uTorrent
2012-10-25 22:58:21 -------- d-----w- c:\program files\Media converter
2012-10-25 22:58:12 -------- d-----w- c:\program files\Youtube to MP4 Converter
.
==================== Find3M ====================
.
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-10 12:40:21 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-10 12:40:21 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 02:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 06:16:36 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-12 21:54:08 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-12 21:54:08 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 19:12:39 832512 ----a-w- c:\windows\system32\wininet.dll
2012-08-27 19:12:36 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-27 19:12:35 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-08-27 19:12:34 17408 ----a-w- c:\windows\system32\corpol.dll
2012-08-27 11:43:11 389120 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 8:19:57.20 ===============

Attached Files


hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#3 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 24 November 2012 - 01:34 PM

Hi hYlAnDeR~TFC

I will be handling your log to help you get cleaned up. Please give me some time to look it over and I will get back to you as soon as possible.

White Warrior

#4 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 28 November 2012 - 09:26 PM

Hi hYlAnDeR~TFC and welcome.

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1---32bit
Download Mirror #2---64bit.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    
    :filefind
    *recycler*
    
    :folderfind
    *recycler*
    
    :regfind
    *recycler*
    
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Download Security Check by screen317 from here.
  • Save it to your desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
I need to see
systemlook log
security check log
How's the computer running now?

White Warrior

#5 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  

Posted 29 November 2012 - 12:58 PM

Once I get home tonight, I will go ahead and download and run all the applicable programs you have suggested and post/reply the various results as well. Thanks for getting back to me, it is greatly appreciated.
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#6 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  

Posted 29 November 2012 - 09:47 PM

Here are the Logs per your request:



SystemLook 30.07.11 by jpshortstuff
Log created at 18:30 on 29/11/2012 by Janina Joy
Administrator - Elevation successful

========== filefind ==========

Searching for "*recycler*"
No files found.

========== folderfind ==========

Searching for "*recycler*"
C:\RECYCLER d--hs-- [23:03 01/01/2009]

========== regfind ==========

Searching for "*recycler*"
No data found.

-= EOF =-



***********************
***********************
***********************





Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Free Antivirus
ESET Online Scanner v3
ZoneAlarm Firewall
ZoneAlarm Free
ZoneAlarm Toolbar
ZoneAlarm Security
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 4.6
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 33
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader 10.1.4 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


********************


I just defragged this computer 1 week ago! I don't understand why the fragmentation would be at 15% based on that scan. I have not uploaded or downloaded anything in over a week due to having contracted this computer virus.

Edited by hYlAnDeR~TFC, 29 November 2012 - 09:49 PM.

hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#7 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 02 December 2012 - 02:40 PM

Hello hYlAnDeR~TFC

I just defragged this computer 1 week ago! I don't understand why the fragmentation would be at 15% based on that scan.

Please ignore it. It's a bug in the tool. The Adobe update is also wrong.

Now some updates.

Your version of Internet Explorer is outdated.

Now go to Windows Updates and download all the updates it offers you.

Next double click Malwarebytes.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Please delete the SystemLook folder and the Security Check folder from your desktop.

I need to see the MBAM log.

Are there any further problems?

White Warrior

#8 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 02 December 2012 - 03:22 PM

That Microsoft Link you provided is not working for me. Every time I go to select 32 bit XP version, a new browser pops up and says that Internet Explorer cannot display the webpage. Do you have any idea where else I can get it?
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#9 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 02 December 2012 - 03:44 PM

Disregard my last log. I found an alternate site and am currently working on the download and installation of IE8. Once downloaded, will work on 2nd part, downloading and istalling updates. Be back shortly.
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#10 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  

Posted 02 December 2012 - 04:47 PM

Here is the MBAM log:


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.02.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Janina Joy :: JANINA [administrator]

12/2/2012 1:10:42 PM
mbam-log-2012-12-02 (13-10-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 338156
Time elapsed: 9 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




During the Malware Bytes Scan, the Avira Anti Virus (free version) was running in the background and the Avira Security Alert window popped up from the Task Bar. The Security Alert messages states:

"A virus or unwanted program 'Adware/TopMedia.B' was found in the file 'C\RECYCLER\...\DC1203.exe'. Access to this file was denied. Please select a further action: Remove or Details. I selected Remove. Then, a small Avira window pops up and states "system is being scanned" 100% but nothing is happening. I open up Avira to view what is happening on the desktop, and there is no information about any scan, nor any quarantine of anything, and I cannot shut down that litlle "system is being scanned" window.

Edited by hYlAnDeR~TFC, 02 December 2012 - 04:48 PM.

hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#11 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 03 December 2012 - 12:41 PM

Hello hYlAnDeR~TFC

I think Avira is flagging a false positive and that the file does not exist. This is why the program is hanging.

Using windows explorer, see if you can find this file. C\RECYCLER\...\DC1203.exe
If you do find it then please delete it.

Because you are still having some problems I'd like to run another scan just to make sure there is nothing lurking.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Let me know how you got on with the recycler file.

White Warrior

#12 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 03 December 2012 - 08:55 PM

I looked on the infected Computer to see if I could locate the "Recycler" file. I do not know how to use IE to find such files. I could not locate it anywhere from My Computer C: drive. If this file is hidden, I will need instructions on where to locate it if it is in fact a hidden file somewhere, but again, I could not find it on the C: drive.

The system still seems to run a little slow. But, that may be because it is an older system with not alot of RAM in it. But, I swear this system ran a bit faster before.

Here is the scan results from the TDS Killer program. It stated that it did not find any malware:




*******************************************




17:49:53.0078 1540 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:49:53.0765 1540 ============================================================
17:49:53.0765 1540 Current date / time: 2012/12/03 17:49:53.0765
17:49:53.0765 1540 SystemInfo:
17:49:53.0765 1540
17:49:53.0765 1540 OS Version: 5.1.2600 ServicePack: 3.0
17:49:53.0765 1540 Product type: Workstation
17:49:53.0765 1540 ComputerName: JANINA
17:49:53.0765 1540 UserName: Janina Joy
17:49:53.0765 1540 Windows directory: C:\WINDOWS
17:49:53.0765 1540 System windows directory: C:\WINDOWS
17:49:53.0765 1540 Processor architecture: Intel x86
17:49:53.0765 1540 Number of processors: 2
17:49:53.0765 1540 Page size: 0x1000
17:49:53.0765 1540 Boot type: Normal boot
17:49:53.0765 1540 ============================================================
17:49:55.0343 1540 Drive \Device\Harddisk0\DR0 - Size: 0x728D84000 (28.64 Gb), SectorSize: 0x200, Cylinders: 0xE9A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:49:55.0375 1540 Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
17:49:55.0390 1540 ============================================================
17:49:55.0390 1540 \Device\Harddisk0\DR0:
17:49:55.0390 1540 MBR partitions:
17:49:55.0390 1540 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3944DDB
17:49:55.0390 1540 \Device\Harddisk1\DR1:
17:49:55.0390 1540 MBR partitions:
17:49:55.0390 1540 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
17:49:55.0390 1540 ============================================================
17:49:55.0437 1540 C: <-> \Device\Harddisk1\DR1\Partition1
17:49:55.0484 1540 E: <-> \Device\Harddisk0\DR0\Partition1
17:49:55.0500 1540 ============================================================
17:49:55.0500 1540 Initialize success
17:49:55.0500 1540 ============================================================
17:50:34.0156 1672 ============================================================
17:50:34.0156 1672 Scan started
17:50:34.0156 1672 Mode: Manual;
17:50:34.0156 1672 ============================================================
17:50:34.0500 1672 ================ Scan system memory ========================
17:50:34.0500 1672 System memory - ok
17:50:34.0500 1672 ================ Scan services =============================
17:50:34.0578 1672 Abiosdsk - ok
17:50:34.0578 1672 abp480n5 - ok
17:50:34.0609 1672 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:50:34.0609 1672 ACPI - ok
17:50:34.0640 1672 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
17:50:34.0640 1672 ACPIEC - ok
17:50:34.0718 1672 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:50:34.0718 1672 AdobeFlashPlayerUpdateSvc - ok
17:50:34.0718 1672 adpu160m - ok
17:50:34.0734 1672 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
17:50:34.0765 1672 aec - ok
17:50:34.0796 1672 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
17:50:34.0812 1672 AFD - ok
17:50:34.0812 1672 Aha154x - ok
17:50:34.0812 1672 aic78u2 - ok
17:50:34.0828 1672 aic78xx - ok
17:50:34.0859 1672 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
17:50:34.0859 1672 Alerter - ok
17:50:34.0890 1672 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
17:50:34.0890 1672 ALG - ok
17:50:34.0890 1672 AliIde - ok
17:50:34.0890 1672 amsint - ok
17:50:34.0968 1672 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:50:34.0984 1672 AntiVirSchedulerService - ok
17:50:35.0000 1672 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:50:35.0015 1672 AntiVirService - ok
17:50:35.0062 1672 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:50:35.0062 1672 Apple Mobile Device - ok
17:50:35.0062 1672 AppMgmt - ok
17:50:35.0078 1672 asc - ok
17:50:35.0078 1672 asc3350p - ok
17:50:35.0078 1672 asc3550 - ok
17:50:35.0187 1672 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:50:35.0218 1672 aspnet_state - ok
17:50:35.0250 1672 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:50:35.0250 1672 AsyncMac - ok
17:50:35.0265 1672 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
17:50:35.0265 1672 atapi - ok
17:50:35.0296 1672 [ 2610034ECD11A675ED2E2601C87961AF ] AtcL002 C:\WINDOWS\system32\DRIVERS\l251x86.sys
17:50:35.0296 1672 AtcL002 - ok
17:50:35.0296 1672 Atdisk - ok
17:50:35.0328 1672 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:50:35.0343 1672 Atmarpc - ok
17:50:35.0359 1672 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
17:50:35.0375 1672 AudioSrv - ok
17:50:35.0390 1672 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
17:50:35.0406 1672 audstub - ok
17:50:35.0421 1672 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
17:50:35.0437 1672 avgntflt - ok
17:50:35.0453 1672 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
17:50:35.0453 1672 avipbb - ok
17:50:35.0484 1672 [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr C:\WINDOWS\system32\DRIVERS\avkmgr.sys
17:50:35.0500 1672 avkmgr - ok
17:50:35.0531 1672 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
17:50:35.0531 1672 Beep - ok
17:50:35.0562 1672 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
17:50:35.0781 1672 BITS - ok
17:50:35.0859 1672 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:50:35.0875 1672 Bonjour Service - ok
17:50:35.0906 1672 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
17:50:35.0906 1672 Browser - ok
17:50:35.0937 1672 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
17:50:35.0937 1672 cbidf2k - ok
17:50:35.0953 1672 cd20xrnt - ok
17:50:35.0984 1672 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
17:50:35.0984 1672 Cdaudio - ok
17:50:36.0015 1672 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
17:50:36.0031 1672 Cdfs - ok
17:50:36.0046 1672 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:50:36.0062 1672 Cdrom - ok
17:50:36.0062 1672 Changer - ok
17:50:36.0093 1672 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
17:50:36.0093 1672 CiSvc - ok
17:50:36.0125 1672 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
17:50:36.0125 1672 ClipSrv - ok
17:50:36.0171 1672 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:50:36.0250 1672 clr_optimization_v2.0.50727_32 - ok
17:50:36.0265 1672 CLTNetCnService - ok
17:50:36.0265 1672 CmdIde - ok
17:50:36.0281 1672 COMSysApp - ok
17:50:36.0296 1672 Cpqarray - ok
17:50:36.0343 1672 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
17:50:36.0359 1672 CryptSvc - ok
17:50:36.0359 1672 dac2w2k - ok
17:50:36.0359 1672 dac960nt - ok
17:50:36.0406 1672 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
17:50:36.0406 1672 DcomLaunch - ok
17:50:36.0437 1672 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
17:50:36.0453 1672 Dhcp - ok
17:50:36.0484 1672 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
17:50:36.0484 1672 Disk - ok
17:50:36.0500 1672 dmadmin - ok
17:50:36.0531 1672 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
17:50:36.0593 1672 dmboot - ok
17:50:36.0609 1672 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
17:50:36.0640 1672 dmio - ok
17:50:36.0656 1672 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
17:50:36.0656 1672 dmload - ok
17:50:36.0687 1672 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
17:50:36.0687 1672 dmserver - ok
17:50:36.0703 1672 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
17:50:36.0718 1672 DMusic - ok
17:50:36.0750 1672 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
17:50:36.0765 1672 Dnscache - ok
17:50:36.0796 1672 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
17:50:36.0812 1672 Dot3svc - ok
17:50:36.0812 1672 dpti2o - ok
17:50:36.0843 1672 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
17:50:36.0843 1672 drmkaud - ok
17:50:36.0890 1672 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
17:50:36.0890 1672 EapHost - ok
17:50:36.0937 1672 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
17:50:36.0937 1672 ERSvc - ok
17:50:36.0968 1672 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
17:50:36.0968 1672 Eventlog - ok
17:50:37.0031 1672 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
17:50:37.0046 1672 EventSystem - ok
17:50:37.0062 1672 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
17:50:37.0078 1672 Fastfat - ok
17:50:37.0125 1672 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:50:37.0140 1672 FastUserSwitchingCompatibility - ok
17:50:37.0187 1672 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
17:50:37.0203 1672 Fdc - ok
17:50:37.0218 1672 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
17:50:37.0218 1672 Fips - ok
17:50:37.0250 1672 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
17:50:37.0265 1672 Flpydisk - ok
17:50:37.0296 1672 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
17:50:37.0296 1672 FltMgr - ok
17:50:37.0375 1672 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:50:37.0390 1672 FontCache3.0.0.0 - ok
17:50:37.0406 1672 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:50:37.0406 1672 Fs_Rec - ok
17:50:37.0421 1672 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:50:37.0421 1672 Ftdisk - ok
17:50:37.0484 1672 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
17:50:37.0484 1672 GEARAspiWDM - ok
17:50:37.0500 1672 GMSIPCI - ok
17:50:37.0531 1672 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:50:37.0531 1672 Gpc - ok
17:50:37.0609 1672 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:37.0625 1672 gupdate - ok
17:50:37.0625 1672 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:50:37.0640 1672 gupdatem - ok
17:50:37.0640 1672 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:50:37.0656 1672 HDAudBus - ok
17:50:37.0687 1672 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:50:37.0703 1672 helpsvc - ok
17:50:37.0703 1672 HidServ - ok
17:50:37.0734 1672 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:50:37.0750 1672 HidUsb - ok
17:50:37.0781 1672 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
17:50:37.0796 1672 hkmsvc - ok
17:50:37.0796 1672 hpn - ok
17:50:37.0828 1672 [ 30CA91E657CEDE2F95359D6EF186F650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
17:50:37.0828 1672 HPZid412 - ok
17:50:37.0859 1672 [ EFD31AFA752AA7C7BBB57BCBE2B01C78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
17:50:37.0875 1672 HPZipr12 - ok
17:50:37.0890 1672 [ 7AC43C38CA8FD7ED0B0A4466F753E06E ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
17:50:37.0890 1672 HPZius12 - ok
17:50:37.0921 1672 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
17:50:37.0921 1672 HTTP - ok
17:50:37.0953 1672 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
17:50:37.0953 1672 HTTPFilter - ok
17:50:37.0968 1672 i2omgmt - ok
17:50:37.0968 1672 i2omp - ok
17:50:37.0984 1672 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:50:37.0984 1672 i8042prt - ok
17:50:38.0046 1672 [ 6FCB904910DA07C9DC2593D66438FA29 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:50:38.0078 1672 ialm - ok
17:50:38.0140 1672 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:50:38.0234 1672 idsvc - ok
17:50:38.0250 1672 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
17:50:38.0250 1672 Imapi - ok
17:50:38.0281 1672 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
17:50:38.0281 1672 ImapiService - ok
17:50:38.0296 1672 ini910u - ok
17:50:38.0421 1672 [ CDFD5A68A2E1CAA89C5C0E0B3CB98731 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:50:38.0562 1672 IntcAzAudAddService - ok
17:50:38.0562 1672 IntelIde - ok
17:50:38.0578 1672 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:50:38.0578 1672 intelppm - ok
17:50:38.0593 1672 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
17:50:38.0609 1672 Ip6Fw - ok
17:50:38.0625 1672 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:50:38.0625 1672 IpFilterDriver - ok
17:50:38.0640 1672 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:50:38.0640 1672 IpInIp - ok
17:50:38.0656 1672 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:50:38.0671 1672 IpNat - ok
17:50:38.0703 1672 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:50:38.0765 1672 iPod Service - ok
17:50:38.0781 1672 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:50:38.0781 1672 IPSec - ok
17:50:38.0812 1672 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
17:50:38.0812 1672 IRENUM - ok
17:50:38.0843 1672 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:50:38.0843 1672 isapnp - ok
17:50:38.0921 1672 [ 08A811BFD207DFDEC588881C18BACBAA ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:50:38.0921 1672 ISWKL - ok
17:50:39.0156 1672 [ 5B2CCEF06F96DFB22893AB8F0B3F891D ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
17:50:39.0171 1672 IswSvc - ok
17:50:39.0281 1672 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
17:50:39.0281 1672 JavaQuickStarterService - ok
17:50:39.0281 1672 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:50:39.0296 1672 Kbdclass - ok
17:50:39.0328 1672 [ 1223A8B567FFDB4B8BB5F59E5F033FDB ] KeyScrambler C:\WINDOWS\system32\drivers\keyscrambler.sys
17:50:39.0343 1672 KeyScrambler - ok
17:50:39.0390 1672 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
17:50:39.0406 1672 kmixer - ok
17:50:39.0421 1672 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
17:50:39.0421 1672 KSecDD - ok
17:50:39.0484 1672 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
17:50:39.0484 1672 lanmanserver - ok
17:50:39.0531 1672 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:50:39.0546 1672 lanmanworkstation - ok
17:50:39.0546 1672 lbrtfdc - ok
17:50:39.0609 1672 [ 53710476495886D9961BE46983A6A33F ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
17:50:39.0609 1672 LightScribeService - ok
17:50:39.0640 1672 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
17:50:39.0640 1672 LmHosts - ok
17:50:39.0671 1672 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
17:50:39.0687 1672 Messenger - ok
17:50:39.0703 1672 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
17:50:39.0703 1672 mnmdd - ok
17:50:39.0734 1672 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
17:50:39.0750 1672 mnmsrvc - ok
17:50:39.0765 1672 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
17:50:39.0781 1672 Modem - ok
17:50:39.0796 1672 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:50:39.0812 1672 Mouclass - ok
17:50:39.0828 1672 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:50:39.0843 1672 mouhid - ok
17:50:39.0859 1672 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
17:50:39.0859 1672 MountMgr - ok
17:50:39.0859 1672 mraid35x - ok
17:50:39.0875 1672 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:50:39.0890 1672 MRxDAV - ok
17:50:39.0937 1672 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:50:39.0968 1672 MRxSmb - ok
17:50:40.0000 1672 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
17:50:40.0000 1672 MSDTC - ok
17:50:40.0015 1672 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
17:50:40.0015 1672 Msfs - ok
17:50:40.0015 1672 MSICPL - ok
17:50:40.0031 1672 MSIServer - ok
17:50:40.0046 1672 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:50:40.0046 1672 MSKSSRV - ok
17:50:40.0062 1672 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:50:40.0062 1672 MSPCLOCK - ok
17:50:40.0062 1672 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
17:50:40.0078 1672 MSPQM - ok
17:50:40.0109 1672 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:50:40.0109 1672 mssmbios - ok
17:50:40.0140 1672 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\WINDOWS\system32\DRIVERS\ASACPI.sys
17:50:40.0140 1672 MTsensor - ok
17:50:40.0156 1672 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
17:50:40.0171 1672 Mup - ok
17:50:40.0234 1672 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
17:50:40.0250 1672 napagent - ok
17:50:40.0265 1672 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
17:50:40.0296 1672 NDIS - ok
17:50:40.0328 1672 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:50:40.0328 1672 NdisTapi - ok
17:50:40.0343 1672 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:50:40.0359 1672 Ndisuio - ok
17:50:40.0375 1672 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:50:40.0375 1672 NdisWan - ok
17:50:40.0406 1672 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
17:50:40.0406 1672 NDProxy - ok
17:50:40.0437 1672 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
17:50:40.0437 1672 NetBIOS - ok
17:50:40.0453 1672 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
17:50:40.0468 1672 NetBT - ok
17:50:40.0500 1672 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
17:50:40.0515 1672 NetDDE - ok
17:50:40.0515 1672 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
17:50:40.0515 1672 NetDDEdsdm - ok
17:50:40.0546 1672 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
17:50:40.0546 1672 Netlogon - ok
17:50:40.0578 1672 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
17:50:40.0593 1672 Netman - ok
17:50:40.0640 1672 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:50:40.0656 1672 NetTcpPortSharing - ok
17:50:40.0703 1672 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
17:50:40.0718 1672 Nla - ok
17:50:40.0718 1672 NMIndexingService - ok
17:50:40.0750 1672 [ 9865516D33BC66FDDAC9DB4087D4B6AA ] nosGetPlusHelper C:\Program Files\NOS\bin\getPlus_Helper_3004.dll
17:50:40.0796 1672 nosGetPlusHelper - ok
17:50:40.0828 1672 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
17:50:40.0828 1672 Npfs - ok
17:50:40.0828 1672 npggsvc - ok
17:50:40.0828 1672 NTACCESS - ok
17:50:40.0859 1672 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
17:50:40.0890 1672 Ntfs - ok
17:50:40.0890 1672 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
17:50:40.0890 1672 NtLmSsp - ok
17:50:40.0921 1672 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
17:50:40.0953 1672 NtmsSvc - ok
17:50:40.0984 1672 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
17:50:40.0984 1672 Null - ok
17:50:41.0343 1672 [ 7B5A17BD54BB9142843DBE99A1CAAED8 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:50:41.0671 1672 nv - ok
17:50:41.0703 1672 [ 5150B108EA88831E1C599603D8B89621 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
17:50:41.0718 1672 NVSvc - ok
17:50:41.0796 1672 [ 83E8AB7BB3C8956C53FEC071C94F0BBB ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:50:41.0828 1672 nvUpdatusService - ok
17:50:41.0859 1672 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:50:41.0859 1672 NwlnkFlt - ok
17:50:41.0875 1672 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:50:41.0890 1672 NwlnkFwd - ok
17:50:41.0906 1672 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
17:50:41.0921 1672 Parport - ok
17:50:41.0937 1672 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
17:50:41.0937 1672 PartMgr - ok
17:50:41.0953 1672 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
17:50:41.0968 1672 ParVdm - ok
17:50:41.0968 1672 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
17:50:41.0968 1672 PCI - ok
17:50:41.0984 1672 PCIDump - ok
17:50:41.0984 1672 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
17:50:41.0984 1672 PCIIde - ok
17:50:42.0015 1672 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
17:50:42.0015 1672 Pcmcia - ok
17:50:42.0031 1672 PDCOMP - ok
17:50:42.0031 1672 PDFRAME - ok
17:50:42.0031 1672 PDRELI - ok
17:50:42.0031 1672 PDRFRAME - ok
17:50:42.0046 1672 perc2 - ok
17:50:42.0046 1672 perc2hib - ok
17:50:42.0078 1672 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
17:50:42.0078 1672 PlugPlay - ok
17:50:42.0109 1672 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
17:50:42.0109 1672 Pml Driver HPZ12 - ok
17:50:42.0140 1672 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\WINDOWS\system32\PnkBstrA.exe
17:50:42.0140 1672 PnkBstrA - ok
17:50:42.0156 1672 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
17:50:42.0156 1672 PolicyAgent - ok
17:50:42.0171 1672 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:50:42.0171 1672 PptpMiniport - ok
17:50:42.0187 1672 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:50:42.0187 1672 ProtectedStorage - ok
17:50:42.0187 1672 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
17:50:42.0203 1672 PSched - ok
17:50:42.0234 1672 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:50:42.0234 1672 Ptilink - ok
17:50:42.0234 1672 ql1080 - ok
17:50:42.0234 1672 Ql10wnt - ok
17:50:42.0250 1672 ql12160 - ok
17:50:42.0250 1672 ql1240 - ok
17:50:42.0250 1672 ql1280 - ok
17:50:42.0265 1672 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:50:42.0265 1672 RasAcd - ok
17:50:42.0296 1672 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
17:50:42.0312 1672 RasAuto - ok
17:50:42.0312 1672 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:50:42.0328 1672 Rasl2tp - ok
17:50:42.0359 1672 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
17:50:42.0375 1672 RasMan - ok
17:50:42.0390 1672 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:50:42.0390 1672 RasPppoe - ok
17:50:42.0406 1672 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
17:50:42.0406 1672 Raspti - ok
17:50:42.0421 1672 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:50:42.0437 1672 Rdbss - ok
17:50:42.0437 1672 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:50:42.0453 1672 RDPCDD - ok
17:50:42.0484 1672 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
17:50:42.0484 1672 RDPWD - ok
17:50:42.0515 1672 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
17:50:42.0531 1672 RDSessMgr - ok
17:50:42.0531 1672 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
17:50:42.0546 1672 redbook - ok
17:50:42.0593 1672 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
17:50:42.0593 1672 RemoteAccess - ok
17:50:42.0671 1672 [ BD517C7FB119997EFFBE39D5E4B37B05 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
17:50:42.0671 1672 RichVideo - ok
17:50:42.0703 1672 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
17:50:42.0718 1672 RpcLocator - ok
17:50:42.0734 1672 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
17:50:42.0734 1672 RpcSs - ok
17:50:42.0781 1672 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
17:50:42.0796 1672 RSVP - ok
17:50:42.0812 1672 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
17:50:42.0812 1672 SamSs - ok
17:50:42.0875 1672 [ A3281AEC37E0720A2BC28034C2DF2A56 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
17:50:42.0875 1672 SASDIFSV - ok
17:50:42.0890 1672 [ 61DB0D0756A99506207FD724E3692B25 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
17:50:42.0906 1672 SASKUTIL - ok
17:50:42.0921 1672 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
17:50:42.0937 1672 SCardSvr - ok
17:50:42.0953 1672 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
17:50:42.0984 1672 Schedule - ok
17:50:43.0015 1672 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:50:43.0015 1672 Secdrv - ok
17:50:43.0046 1672 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
17:50:43.0046 1672 seclogon - ok
17:50:43.0046 1672 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
17:50:43.0062 1672 SENS - ok
17:50:43.0093 1672 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
17:50:43.0093 1672 serenum - ok
17:50:43.0109 1672 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
17:50:43.0109 1672 Serial - ok
17:50:43.0125 1672 SetupNTGLM7X - ok
17:50:43.0156 1672 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
17:50:43.0156 1672 Sfloppy - ok
17:50:43.0187 1672 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
17:50:43.0187 1672 SharedAccess - ok
17:50:43.0203 1672 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:50:43.0203 1672 ShellHWDetection - ok
17:50:43.0203 1672 Simbad - ok
17:50:43.0218 1672 Sparrow - ok
17:50:43.0250 1672 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
17:50:43.0250 1672 splitter - ok
17:50:43.0281 1672 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
17:50:43.0281 1672 Spooler - ok
17:50:43.0296 1672 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
17:50:43.0296 1672 sr - ok
17:50:43.0343 1672 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
17:50:43.0359 1672 srservice - ok
17:50:43.0390 1672 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
17:50:43.0390 1672 Srv - ok
17:50:43.0421 1672 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
17:50:43.0421 1672 SSDPSRV - ok
17:50:43.0453 1672 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
17:50:43.0468 1672 ssmdrv - ok
17:50:43.0500 1672 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
17:50:43.0531 1672 stisvc - ok
17:50:43.0546 1672 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
17:50:43.0562 1672 swenum - ok
17:50:43.0593 1672 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
17:50:43.0593 1672 swmidi - ok
17:50:43.0609 1672 SwPrv - ok
17:50:43.0609 1672 symc810 - ok
17:50:43.0625 1672 symc8xx - ok
17:50:43.0625 1672 sym_hi - ok
17:50:43.0625 1672 sym_u3 - ok
17:50:43.0656 1672 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
17:50:43.0656 1672 sysaudio - ok
17:50:43.0671 1672 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
17:50:43.0687 1672 SysmonLog - ok
17:50:43.0718 1672 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
17:50:43.0734 1672 TapiSrv - ok
17:50:43.0765 1672 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:50:43.0796 1672 Tcpip - ok
17:50:43.0828 1672 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
17:50:43.0843 1672 TDPIPE - ok
17:50:43.0859 1672 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
17:50:43.0875 1672 TDTCP - ok
17:50:43.0890 1672 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
17:50:43.0890 1672 TermDD - ok
17:50:43.0921 1672 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
17:50:43.0953 1672 TermService - ok
17:50:43.0968 1672 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
17:50:43.0968 1672 Themes - ok
17:50:43.0968 1672 TosIde - ok
17:50:44.0000 1672 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
17:50:44.0000 1672 TrkWks - ok
17:50:44.0031 1672 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
17:50:44.0046 1672 Udfs - ok
17:50:44.0046 1672 ultra - ok
17:50:44.0093 1672 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
17:50:44.0109 1672 Update - ok
17:50:44.0140 1672 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
17:50:44.0281 1672 upnphost - ok
17:50:44.0343 1672 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
17:50:44.0375 1672 UPS - ok
17:50:44.0406 1672 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
17:50:44.0406 1672 USBAAPL - ok
17:50:44.0421 1672 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:50:44.0421 1672 usbccgp - ok
17:50:44.0453 1672 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:50:44.0453 1672 usbehci - ok
17:50:44.0468 1672 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:50:44.0468 1672 usbhub - ok
17:50:44.0484 1672 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:50:44.0484 1672 usbprint - ok
17:50:44.0500 1672 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:50:44.0500 1672 usbscan - ok
17:50:44.0515 1672 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:50:44.0515 1672 usbstor - ok
17:50:44.0531 1672 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:50:44.0531 1672 usbuhci - ok
17:50:44.0531 1672 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
17:50:44.0546 1672 VgaSave - ok
17:50:44.0546 1672 ViaIde - ok
17:50:44.0546 1672 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
17:50:44.0562 1672 VolSnap - ok
17:50:44.0609 1672 [ 558CEE3D9C470651F1843D51B42D761B ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
17:50:44.0625 1672 Vsdatant - ok
17:50:44.0656 1672 vsmon - ok
17:50:44.0687 1672 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
17:50:44.0703 1672 VSS - ok
17:50:44.0718 1672 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
17:50:44.0734 1672 W32Time - ok
17:50:44.0750 1672 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:50:44.0750 1672 Wanarp - ok
17:50:44.0750 1672 WDICA - ok
17:50:44.0765 1672 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
17:50:44.0781 1672 wdmaud - ok
17:50:44.0812 1672 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
17:50:44.0812 1672 WebClient - ok
17:50:44.0875 1672 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
17:50:44.0890 1672 winmgmt - ok
17:50:44.0921 1672 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
17:50:44.0937 1672 WmdmPmSN - ok
17:50:44.0953 1672 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:50:44.0953 1672 WmiApSrv - ok
17:50:45.0015 1672 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
17:50:45.0093 1672 WMPNetworkSvc - ok
17:50:45.0140 1672 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
17:50:45.0156 1672 wscsvc - ok
17:50:45.0203 1672 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
17:50:45.0203 1672 wuauserv - ok
17:50:45.0234 1672 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:50:45.0250 1672 WudfPf - ok
17:50:45.0265 1672 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:50:45.0265 1672 WudfRd - ok
17:50:45.0296 1672 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
17:50:45.0359 1672 WudfSvc - ok
17:50:45.0390 1672 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
17:50:45.0421 1672 WZCSVC - ok
17:50:45.0453 1672 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
17:50:45.0468 1672 xmlprov - ok
17:50:45.0468 1672 ================ Scan global ===============================
17:50:45.0515 1672 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
17:50:45.0546 1672 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:50:45.0656 1672 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
17:50:45.0671 1672 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
17:50:45.0671 1672 [Global] - ok
17:50:45.0671 1672 ================ Scan MBR ==================================
17:50:45.0671 1672 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
17:50:45.0828 1672 \Device\Harddisk0\DR0 - ok
17:50:45.0843 1672 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:50:46.0000 1672 \Device\Harddisk1\DR1 - ok
17:50:46.0000 1672 ================ Scan VBR ==================================
17:50:46.0000 1672 [ 7B628B17F603DC4FAA61FA0006DFCEF6 ] \Device\Harddisk0\DR0\Partition1
17:50:46.0000 1672 \Device\Harddisk0\DR0\Partition1 - ok
17:50:46.0000 1672 [ 329774653EAD2D1B1A8F1F93B16F0408 ] \Device\Harddisk1\DR1\Partition1
17:50:46.0015 1672 \Device\Harddisk1\DR1\Partition1 - ok
17:50:46.0015 1672 ============================================================
17:50:46.0015 1672 Scan finished
17:50:46.0015 1672 ============================================================
17:50:46.0015 2228 Detected object count: 0
17:50:46.0015 2228 Actual detected object count: 0
17:51:22.0578 1648 Deinitialize success

Edited by hYlAnDeR~TFC, 03 December 2012 - 08:56 PM.

hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#13 Guest_White Warrior_*

Guest_White Warrior_*

  • Guests
  • OFFLINE
  •  

Posted 05 December 2012 - 06:51 AM

Hello hYlAnDeR~TFC

That's good that file is not there.

Your logs look clean.

Some things you can try to improve a slow system.

You can try this. Help! My computer is slow!

You may also find this helpful: Slow Computer?

Unnecessary processes running at startup can cause a system slowdown.

Please download Malwarebytes' StartUpLite and save it to your Desktop.
Double-click StartUpLite.exe to run the program.

This will display all unnecessary startup entries.
Select all options you would like executed, then select Continue.

I recommend you disable them all, and see if there is any improvement in the computer's speed.

Now some preventative steps to ensure you don't get infected again:

It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out of date lists mean no detection of newer malware.

Finally, read this tutorial and follow each of the steps:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Happy Surfing.

White Warrior

#14 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 05 December 2012 - 06:52 PM

So, is that false positive anything to really worry about?

I am at work at the moment. But, once I get home, I'll go ahead and start to implement those suggestions you recommended. Additionally, as an extra security measure, as if I had not done enough already, I have exhaustively discussed with certain family members to no longer download "ANYTHING" without my being there to have it either scanned first before downloading, or just simply not download it. This is about the 5th time this year this has happened and is always related to some sort of peer to peer mp3 music or video downloading. So, I sure hope this works out.

I really do thank you for all your assistance and appreciate your time. I hope you and your family have a wonderful Holiday this year.

Thanks again!
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired

#15 hYlAnDeR~TFC

hYlAnDeR~TFC
  • Topic Starter

  • Members
  • 257 posts
  • OFFLINE
  •  
  • Local time:09:24 AM

Posted 05 December 2012 - 06:56 PM

Oh, I almost forgot. I have a small E: drive that had tested positive with this RECYCLER file at the outset of this thread. I will go ahead and check when I get home to see if it is there or not. If so, then I will run Malwarebytes on it to clean it and post the results back here for you to check. If nothing is there, then I think we're good to go!
hYlAnDeR~TFC~
[OF/FA] Orion Faction-Retired
Game Squad Fleet Admiral~Retired




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users