Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Systweak virus (yeah, that one)


  • Please log in to reply
23 replies to this topic

#1 VickieDesigns

VickieDesigns

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 22 October 2013 - 11:14 AM

Short of banging my head repeatedly against the keyboard, I've tried everything I can find to remove this piece of doo doo from my laptop and it just won't budge. It's the one that opens random pages and slows everything down.

 

Okay, so so far I've reset Firefox (which as I expected didn't work, this virus started in Chrome and has followed me like some sort of demon puppy), tried super anti spyware and the last thing I did was run ADWCleaner which didn't remove it either.

 

Can anyone help me remove this thing?



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 22 October 2013 - 11:22 AM

Hello Vickie. Yes I belive so.. First I moved this to the Am I Infected forum..


Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.



Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 VickieDesigns

VickieDesigns
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 22 October 2013 - 11:34 AM

Hello and thank you for replying! I'm not sure if you copy and pasted but I have already tried ADW Cleaner, it didn't find it. MiniToolBox, is that safe? All I'm getting it loads of advertisements, a download error and then directs me to a page saying download cancelled. I'm not sure I want to be downloading all this stuff to my computer, especially when the first one I click on is full of dodgy looking advertisements? Can anyone else help without me having to download loads of software that doesn't work?



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 22 October 2013 - 11:56 AM

That file is hosted here at BC
http://www.bleepingcomputer.com/download/minitoolbox/dl/65/

If you are getting adds it's because your machine is infected

did you download a new copy of Adwcleaner?

Edited by boopme, 22 October 2013 - 11:57 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 VickieDesigns

VickieDesigns
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 22 October 2013 - 12:26 PM

Yes I downloaded ADWCleaner a couple of hours ago and it was fine, cleared up lots of things just not this virus! I don't think I'm getting ads from MiniToolBox because my machine is infected as I've downloaded lots of things since this started happening and this is the first time that's happened. Thanks for any help.



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 22 October 2013 - 01:02 PM

OK, skip Mini and move on.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 VickieDesigns

VickieDesigns
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 23 October 2013 - 10:55 AM

The virus has progressed and I'm now receiving pop up ads as well as certain words being underlined in green on most pages. I'm guessing it's installing stuff onto the computer.


16:43:13.0556 0x1078  UserName: ComaStitch
16:43:13.0556 0x1078  Windows directory: C:\Windows
16:43:13.0556 0x1078  System windows directory: C:\Windows
16:43:13.0556 0x1078  Running under WOW64
16:43:13.0556 0x1078  Processor architecture: Intel x64
16:43:13.0556 0x1078  Number of processors: 4
16:43:13.0556 0x1078  Page size: 0x1000
16:43:13.0556 0x1078  Boot type: Normal boot
16:43:13.0556 0x1078  ============================================================
16:43:18.0000 0x1078  System UUID: {58D4AE1B-327F-6327-AD55-15B4131A58B8}
16:43:18.0658 0x1078  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:43:18.0663 0x1078  ============================================================
16:43:18.0663 0x1078  \Device\Harddisk0\DR0:
16:43:18.0663 0x1078  MBR partitions:
16:43:18.0663 0x1078  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2542C000
16:43:18.0663 0x1078  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x254F4800, BlocksNum 0x25363800
16:43:18.0663 0x1078  ============================================================
16:43:18.0704 0x1078  C: <-> \Device\Harddisk0\DR0\Partition1
16:43:18.0746 0x1078  D: <-> \Device\Harddisk0\DR0\Partition2
16:43:18.0746 0x1078  ============================================================
16:43:18.0746 0x1078  Initialize success
16:43:18.0746 0x1078  ============================================================
16:43:21.0407 0x04b8  ============================================================
16:43:21.0407 0x04b8  Scan started
16:43:21.0407 0x04b8  Mode: Manual;
16:43:21.0407 0x04b8  ============================================================
16:43:21.0407 0x04b8  KSN ping started
16:43:24.0137 0x04b8  KSN ping finished: true
16:43:24.0397 0x04b8  ================ Scan system memory ========================
16:43:24.0397 0x04b8  System memory - ok
16:43:24.0398 0x04b8  ================ Scan services =============================
16:43:24.0535 0x04b8  [ ABDCD326E1DD1C62509ED94C278A7453, 51E2722C7D2588BE1C29A1680C988B9BE45433E147CCE285C3A918216418E44B ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
16:43:24.0543 0x04b8  !SASCORE - ok
16:43:24.0883 0x04b8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:43:24.0957 0x04b8  1394ohci - ok
16:43:25.0009 0x04b8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:43:25.0018 0x04b8  ACPI - ok
16:43:25.0060 0x04b8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:43:25.0107 0x04b8  AcpiPmi - ok
16:43:25.0360 0x04b8  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:43:25.0372 0x04b8  AdobeFlashPlayerUpdateSvc - ok
16:43:25.0456 0x04b8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:43:25.0485 0x04b8  adp94xx - ok
16:43:25.0533 0x04b8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:43:25.0551 0x04b8  adpahci - ok
16:43:25.0582 0x04b8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:43:25.0594 0x04b8  adpu320 - ok
16:43:25.0634 0x04b8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:43:25.0637 0x04b8  AeLookupSvc - ok
16:43:25.0895 0x04b8  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
16:43:25.0911 0x04b8  AFD - ok
16:43:25.0949 0x04b8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
16:43:25.0954 0x04b8  agp440 - ok
16:43:25.0989 0x04b8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:43:25.0995 0x04b8  ALG - ok
16:43:26.0010 0x04b8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:43:26.0015 0x04b8  aliide - ok
16:43:26.0020 0x04b8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:43:26.0023 0x04b8  amdide - ok
16:43:26.0036 0x04b8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:43:26.0041 0x04b8  AmdK8 - ok
16:43:26.0802 0x04b8  [ 91890B3670C129E2B3466D2AFAE05EAC, 271952A2CDA0B8F451B0E85833DCDAC2481C2E5C86F198C8ABDA6628EB381386 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:27.0124 0x04b8  amdkmdag - ok
16:43:27.0180 0x04b8  [ CC5B75D4A24E7493408510D061DF51AA, 900B9A759D8C656B675AE794C55B5851EE2A070E7521B305441A2D360DCF07ED ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:43:27.0230 0x04b8  amdkmdap - ok
16:43:27.0253 0x04b8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:43:27.0258 0x04b8  AmdPPM - ok
16:43:27.0278 0x04b8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:43:27.0324 0x04b8  amdsata - ok
16:43:27.0342 0x04b8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:43:27.0352 0x04b8  amdsbs - ok
16:43:27.0373 0x04b8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:43:27.0418 0x04b8  amdxata - ok
16:43:27.0448 0x04b8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
16:43:27.0492 0x04b8  AppID - ok
16:43:27.0531 0x04b8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:43:27.0533 0x04b8  AppIDSvc - ok
16:43:27.0544 0x04b8  [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo         C:\Windows\System32\appinfo.dll
16:43:27.0546 0x04b8  Appinfo - ok
16:43:27.0670 0x04b8  [ F401929EE0CC92BFE7F15161CA535383, 61E1C0630B8BBC65C51121D5DC7F095C59B475F39BB7B0DC68133EF7D9D0A29D ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:27.0675 0x04b8  Apple Mobile Device - ok
16:43:27.0723 0x04b8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
16:43:27.0731 0x04b8  arc - ok
16:43:27.0750 0x04b8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:43:27.0762 0x04b8  arcsas - ok
16:43:27.0772 0x04b8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:27.0777 0x04b8  AsyncMac - ok
16:43:27.0806 0x04b8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:43:27.0809 0x04b8  atapi - ok
16:43:27.0862 0x04b8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:43:27.0881 0x04b8  AudioEndpointBuilder - ok
16:43:27.0904 0x04b8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:43:27.0918 0x04b8  AudioSrv - ok
16:43:27.0944 0x04b8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:43:27.0978 0x04b8  AxInstSV - ok
16:43:28.0034 0x04b8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:43:28.0053 0x04b8  b06bdrv - ok
16:43:28.0088 0x04b8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:43:28.0100 0x04b8  b57nd60a - ok
16:43:28.0143 0x04b8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:43:28.0149 0x04b8  BDESVC - ok
16:43:28.0181 0x04b8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:43:28.0187 0x04b8  Beep - ok
16:43:28.0204 0x04b8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:43:28.0212 0x04b8  blbdrive - ok
16:43:28.0282 0x04b8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:43:28.0295 0x04b8  Bonjour Service - ok
16:43:28.0340 0x04b8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:43:28.0390 0x04b8  bowser - ok
16:43:28.0420 0x04b8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:43:28.0425 0x04b8  BrFiltLo - ok
16:43:28.0431 0x04b8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:43:28.0437 0x04b8  BrFiltUp - ok
16:43:28.0483 0x04b8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:43:28.0488 0x04b8  Browser - ok
16:43:28.0515 0x04b8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:43:28.0530 0x04b8  Brserid - ok
16:43:28.0537 0x04b8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:43:28.0544 0x04b8  BrSerWdm - ok
16:43:28.0548 0x04b8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:43:28.0554 0x04b8  BrUsbMdm - ok
16:43:28.0558 0x04b8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:43:28.0562 0x04b8  BrUsbSer - ok
16:43:28.0569 0x04b8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:43:28.0574 0x04b8  BTHMODEM - ok
16:43:28.0611 0x04b8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:43:28.0616 0x04b8  bthserv - ok
16:43:28.0654 0x04b8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:43:28.0661 0x04b8  cdfs - ok
16:43:28.0717 0x04b8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:43:28.0775 0x04b8  cdrom - ok
16:43:28.0827 0x04b8  [ 7E83E47BD1FF93E11CD69F1AD65A9581, DC994FAC94D142C70D17E70756CA0B97B45E8E20DD3141953FDF4CD2E6D617CC ] CeKbFilter      C:\Windows\system32\DRIVERS\CeKbFilter.sys
16:43:28.0895 0x04b8  CeKbFilter - ok
16:43:28.0969 0x04b8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:43:28.0975 0x04b8  CertPropSvc - ok
16:43:29.0006 0x04b8  [ ED0263B2EB24F0F4E3898036FA1D28A1, 096F50891302F84E2543F32F2D5A51E0183A12900B920A2DD8976459B4B2C051 ] cfwids          C:\Windows\system32\drivers\cfwids.sys
16:43:29.0057 0x04b8  cfwids - ok
16:43:29.0175 0x04b8  [ 41E7C4FA6491747402CFCA77CC1C7AAB, 676CD982A0D33B60A646AC7C0158F7421E395C8B4B12E544C55AF5C09E470CC5 ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
16:43:29.0187 0x04b8  cfWiMAXService - ok
16:43:29.0223 0x04b8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:43:29.0227 0x04b8  circlass - ok
16:43:29.0277 0x04b8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
16:43:29.0287 0x04b8  CLFS - ok
16:43:29.0418 0x04b8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:29.0424 0x04b8  clr_optimization_v2.0.50727_32 - ok
16:43:29.0494 0x04b8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:43:29.0501 0x04b8  clr_optimization_v2.0.50727_64 - ok
16:43:29.0555 0x04b8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:29.0631 0x04b8  clr_optimization_v4.0.30319_32 - ok
16:43:29.0694 0x04b8  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:43:29.0703 0x04b8  clr_optimization_v4.0.30319_64 - ok
16:43:29.0738 0x04b8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:43:29.0746 0x04b8  CmBatt - ok
16:43:29.0771 0x04b8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:43:29.0777 0x04b8  cmdide - ok
16:43:29.0841 0x04b8  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
16:43:29.0893 0x04b8  CNG - ok
16:43:29.0927 0x04b8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:43:29.0932 0x04b8  Compbatt - ok
16:43:29.0956 0x04b8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:43:30.0005 0x04b8  CompositeBus - ok
16:43:30.0021 0x04b8  COMSysApp - ok
16:43:30.0076 0x04b8  [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
16:43:30.0080 0x04b8  ConfigFree Service - ok
16:43:30.0109 0x04b8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:43:30.0116 0x04b8  crcdisk - ok
16:43:30.0171 0x04b8  [ 4F5414602E2544A4554D95517948B705, 50121AD32ACF73F541DF3B655020F7B610B3E7B5E8C7B39D37D5958F28CB376E ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:43:30.0219 0x04b8  CryptSvc - ok
16:43:30.0346 0x04b8  [ 72794D112CBAFF3BC0C29BF7350D4741, 060C207F27306A3464FBCD8B08BDC97E34923ECA349933ECB059848BD08F41ED ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:43:30.0364 0x04b8  cvhsvc - ok
16:43:30.0440 0x04b8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:43:30.0453 0x04b8  DcomLaunch - ok
16:43:30.0491 0x04b8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:43:30.0507 0x04b8  defragsvc - ok
16:43:30.0548 0x04b8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:43:30.0597 0x04b8  DfsC - ok
16:43:30.0637 0x04b8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:43:30.0647 0x04b8  Dhcp - ok
16:43:30.0703 0x04b8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:43:30.0705 0x04b8  discache - ok
16:43:30.0747 0x04b8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
16:43:30.0754 0x04b8  Disk - ok
16:43:30.0804 0x04b8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:43:30.0811 0x04b8  Dnscache - ok
16:43:30.0834 0x04b8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:43:30.0880 0x04b8  dot3svc - ok
16:43:30.0913 0x04b8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:43:30.0918 0x04b8  DPS - ok
16:43:30.0963 0x04b8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:43:30.0969 0x04b8  drmkaud - ok
16:43:31.0044 0x04b8  [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:43:31.0118 0x04b8  DXGKrnl - ok
16:43:31.0173 0x04b8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:43:31.0181 0x04b8  EapHost - ok
16:43:31.0350 0x04b8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:43:31.0520 0x04b8  ebdrv - ok
16:43:31.0599 0x04b8  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
16:43:31.0644 0x04b8  EFS - ok
16:43:31.0731 0x04b8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:43:31.0752 0x04b8  ehRecvr - ok
16:43:31.0771 0x04b8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:43:31.0775 0x04b8  ehSched - ok
16:43:31.0837 0x04b8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:43:31.0858 0x04b8  elxstor - ok
16:43:31.0868 0x04b8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:43:31.0874 0x04b8  ErrDev - ok
16:43:31.0927 0x04b8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:43:31.0938 0x04b8  EventSystem - ok
16:43:31.0956 0x04b8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:43:31.0962 0x04b8  exfat - ok
16:43:31.0986 0x04b8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:43:31.0996 0x04b8  fastfat - ok
16:43:32.0055 0x04b8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:43:32.0074 0x04b8  Fax - ok
16:43:32.0094 0x04b8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
16:43:32.0099 0x04b8  fdc - ok
16:43:32.0126 0x04b8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:43:32.0128 0x04b8  fdPHost - ok
16:43:32.0137 0x04b8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:43:32.0139 0x04b8  FDResPub - ok
16:43:32.0153 0x04b8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:43:32.0157 0x04b8  FileInfo - ok
16:43:32.0175 0x04b8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:43:32.0179 0x04b8  Filetrace - ok
16:43:32.0195 0x04b8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
16:43:32.0200 0x04b8  flpydisk - ok
16:43:32.0252 0x04b8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:43:32.0261 0x04b8  FltMgr - ok
16:43:32.0331 0x04b8  [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache       C:\Windows\system32\FntCache.dll
16:43:32.0365 0x04b8  FontCache - ok
16:43:32.0413 0x04b8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:43:32.0471 0x04b8  FontCache3.0.0.0 - ok
16:43:32.0514 0x04b8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:43:32.0516 0x04b8  FsDepends - ok
16:43:32.0579 0x04b8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:43:32.0633 0x04b8  Fs_Rec - ok
16:43:32.0674 0x04b8  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:43:32.0735 0x04b8  fvevol - ok
16:43:32.0786 0x04b8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:43:32.0793 0x04b8  gagp30kx - ok
16:43:32.0876 0x04b8  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:43:32.0884 0x04b8  GamesAppService - ok
16:43:32.0981 0x04b8  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:43:33.0043 0x04b8  GEARAspiWDM - ok
16:43:33.0207 0x04b8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
16:43:33.0266 0x04b8  gpsvc - ok
16:43:33.0342 0x04b8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:43:33.0347 0x04b8  gupdate - ok
16:43:33.0354 0x04b8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:43:33.0358 0x04b8  gupdatem - ok
16:43:33.0379 0x04b8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:43:33.0383 0x04b8  hcw85cir - ok
16:43:33.0432 0x04b8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:43:33.0493 0x04b8  HdAudAddService - ok
16:43:33.0517 0x04b8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:43:33.0521 0x04b8  HDAudBus - ok
16:43:33.0556 0x04b8  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
16:43:33.0605 0x04b8  HECIx64 - ok
16:43:33.0637 0x04b8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:43:33.0641 0x04b8  HidBatt - ok
16:43:33.0664 0x04b8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:43:33.0670 0x04b8  HidBth - ok
16:43:33.0677 0x04b8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:43:33.0682 0x04b8  HidIr - ok
16:43:33.0740 0x04b8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:43:33.0743 0x04b8  hidserv - ok
16:43:33.0773 0x04b8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
16:43:33.0827 0x04b8  HidUsb - ok
16:43:33.0883 0x04b8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:43:33.0922 0x04b8  hkmsvc - ok
16:43:33.0960 0x04b8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:43:34.0001 0x04b8  HomeGroupListener - ok
16:43:34.0034 0x04b8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:43:34.0041 0x04b8  HomeGroupProvider - ok
16:43:34.0071 0x04b8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:43:34.0121 0x04b8  HpSAMD - ok
16:43:34.0158 0x04b8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:43:34.0177 0x04b8  HTTP - ok
16:43:34.0193 0x04b8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:43:34.0194 0x04b8  hwpolicy - ok
16:43:34.0222 0x04b8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:43:34.0231 0x04b8  i8042prt - ok
16:43:34.0297 0x04b8  [ 85977CD13FC16069CE0AF7943A811775, 421AFFF08D14C2F55CFEF05E4A5A8B086F80BE69A927F84052A502EC5B222990 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
16:43:34.0309 0x04b8  iaStor - ok
16:43:34.0356 0x04b8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:43:34.0423 0x04b8  iaStorV - ok
16:43:34.0608 0x04b8  [ 4DE2EE2A5186D74BABC4E7F60D2AE989, F73E69A95EB532982567BE045F9316CA89E80E272209D259647D124752EFA24E ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
16:43:34.0669 0x04b8  IconMan_R - ok
16:43:34.0738 0x04b8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:43:34.0761 0x04b8  idsvc - ok
16:43:35.0441 0x04b8  [ 1BE8D9CA4F2363B8E8015621878E0043, 695B5F88A6F6943156D033DAA86188F50308AD71FCF26CF0AEDF7E23F774FB56 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
16:43:36.0003 0x04b8  igfx - ok
16:43:36.0063 0x04b8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:43:36.0072 0x04b8  iirsp - ok
16:43:36.0138 0x04b8  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:43:36.0160 0x04b8  IKEEXT - ok
16:43:36.0285 0x04b8  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
16:43:36.0334 0x04b8  Impcd - ok
16:43:36.0564 0x04b8  [ E8017F1662D9142F45CEAB694D013C00, 75EE9DF292C4D980B9461ABEB8810D22DD57EBBAD5A37FE7B046CBAD419EE9E0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:43:36.0664 0x04b8  IntcAzAudAddService - ok
16:43:36.0908 0x04b8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:43:36.0912 0x04b8  intelide - ok
16:43:36.0937 0x04b8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:43:36.0940 0x04b8  intelppm - ok
16:43:36.0996 0x04b8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:43:37.0000 0x04b8  IPBusE

TDSSKiller Log 2:
16:46:40.0846 0x0e20  TDSS rootkit removing tool 3.0.0.14 Oct 15 2013 15:35:38
16:46:41.0112 0x0e20  ============================================================
16:46:41.0112 0x0e20  Current date / time: 2013/10/23 16:46:41.0112
16:46:41.0112 0x0e20  SystemInfo:
16:46:41.0112 0x0e20  
16:46:41.0112 0x0e20  OS Version: 6.1.7601 ServicePack: 1.0
16:46:41.0112 0x0e20  Product type: Workstation
16:46:41.0112 0x0e20  ComputerName: BEAR-TOSH
16:46:41.0112 0x0e20  UserName: ComaStitch
16:46:41.0112 0x0e20  Windows directory: C:\Windows
16:46:41.0112 0x0e20  System windows directory: C:\Windows
16:46:41.0112 0x0e20  Running under WOW64
16:46:41.0112 0x0e20  Processor architecture: Intel x64
16:46:41.0112 0x0e20  Number of processors: 4
16:46:41.0112 0x0e20  Page size: 0x1000
16:46:41.0112 0x0e20  Boot type: Normal boot
16:46:41.0112 0x0e20  ============================================================
16:46:41.0112 0x0e20  BG loaded
16:46:41.0330 0x0e20  System UUID: {58D4AE1B-327F-6327-AD55-15B4131A58B8}
16:46:43.0562 0x0e20  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:46:43.0562 0x0e20  ============================================================
16:46:43.0562 0x0e20  \Device\Harddisk0\DR0:
16:46:43.0562 0x0e20  MBR partitions:
16:46:43.0562 0x0e20  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x2542C000
16:46:43.0562 0x0e20  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x254F4800, BlocksNum 0x25363800
16:46:43.0562 0x0e20  ============================================================
16:46:43.0624 0x0e20  C: <-> \Device\Harddisk0\DR0\Partition1
16:46:44.0077 0x0e20  D: <-> \Device\Harddisk0\DR0\Partition2
16:46:44.0077 0x0e20  ============================================================
16:46:44.0077 0x0e20  Initialize success
16:46:44.0077 0x0e20  ============================================================
16:47:02.0200 0x0ddc  Deinitialize success


(TDSSKiller found a Rootkit and everything is running faster than before and I can't see the green lines. Should I continue with the other virus things?



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 23 October 2013 - 12:56 PM

Yes please as Rootkits sometimes will allow other items in.

What TDSS found seems to have been cut off from the log.

Finally run...Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 VickieDesigns

VickieDesigns
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 23 October 2013 - 01:14 PM

Okay, here you go!

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-23 19:00:31
-----------------------------
19:00:31.563    OS Version: Windows x64 6.1.7601 Service Pack 1
19:00:31.563    Number of processors: 4 586 0x2505
19:00:31.564    ComputerName: BEAR-TOSH  UserName:
19:00:32.830    Initialize success
19:02:21.626    AVAST engine defs: 13102300
19:02:44.658    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:02:44.660    Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
19:02:44.791    Disk 0 MBR read successfully
19:02:44.794    Disk 0 MBR scan
19:02:44.799    Disk 0 Windows 7 default MBR code
19:02:44.837    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS          400 MB offset 2048
19:02:44.865    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305240 MB offset 821248
19:02:44.911    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       304839 MB offset 625952768
19:02:45.047    Disk 0 scanning C:\Windows\system32\drivers
19:02:58.349    Service scanning
19:03:31.155    Modules scanning
19:03:31.167    Disk 0 trace - called modules:
19:03:31.187    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:03:31.517    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80065dd060]
19:03:31.522    3 CLASSPNP.SYS[fffff88001ba743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062e7050]
19:03:33.007    AVAST engine scan C:\Windows
19:03:35.064    AVAST engine scan C:\Windows\system32
19:05:40.915    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
19:05:43.387    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
19:07:17.335    AVAST engine scan C:\Windows\system32\drivers
19:07:31.415    AVAST engine scan C:\Users\ComaStitch
19:09:43.120    AVAST engine scan C:\ProgramData
19:11:41.002    Scan finished successfully
19:13:11.755    Disk 0 MBR has been saved successfully to "C:\Users\ComaStitch\Documents\MBR.dat"
19:13:11.773    The log file has been saved successfully to "C:\Users\ComaStitch\Documents\aswMBR.txt"


It spotted two infected items - do I need to remove those?



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 23 October 2013 - 01:39 PM

Yes, did you run the ESET above ?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 VickieDesigns

VickieDesigns
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 23 October 2013 - 05:48 PM

You weren't kidding were you? Here you go!

 

C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1001\$R59U43M.tmp    a variant of Java/Exploit.CVE-2012-1723.JN trojan    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$R05ELRZ.exe    a variant of Win32/Toolbar.MyWebSearch.W application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$R2D54EQ.zip    a variant of Win32/Packed.MoleboxUltra.A application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$R673XRO.DLL    a variant of Win32/Toolbar.MyWebSearch.W application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$R6P5W7O.tmp    multiple threats    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RBFHGAV.dll    probably a variant of Win32/Toolbar.MyWebSearch.A application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RGR9X8A.exe    a variant of Win32/Packed.MoleboxUltra.A application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RHSLPAI.exe    a variant of Win32/Toolbar.MyWebSearch.W application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RJS3TLN.dll    probably a variant of Win32/Toolbar.MyWebSearch.B application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RPBRUP9.exe    Win32/InstalleRex.K application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RR3ZHUC.dll    a variant of Win32/Toolbar.MyWebSearch.P application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RRVHAX0.zip    a variant of Win32/Packed.MoleboxUltra.A application    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RZ9ML3F.zip    a variant of Win32/Kryptik.BMSM trojan    deleted - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RJLOI23.16\Crack\PCStitch Pro.exe    a variant of Win32/Packed.MoleboxUltra.A application    cleaned by deleting - quarantined
C:\$RECYCLE.BIN\S-1-5-21-1614004521-1160708840-92091630-1003\$RMGY3PQ.16\Crack\PCStitch Pro.exe    a variant of Win32/Packed.MoleboxUltra.A application    cleaned by deleting - quarantined
C:\Program Files\Adobe\Adobe Photoshop Lightroom 4\Activation Blocker [CS5] v2.0.bat    BAT/HostsChanger.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe    a variant of Win32/1AntiVirus application    cleaned by deleting - quarantined
C:\Program Files (x86)\PCStitch 10\Patch.exe    a variant of Win32/HackTool.Patcher.AD application    cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\23.10.2013_16.43.13\pmax0000\svc0000\tsk0000.dta    a variant of Win32/Kryptik.BMSM trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\Local\Temp\aOq2GITR.zip.part    a variant of Win32/Kryptik.BEJL trojan    deleted - quarantined
C:\Users\Bear\AppData\Local\Temp\c9zB4ElD.zip.part    a variant of Win32/Kryptik.BEJL trojan    deleted - quarantined
C:\Users\Bear\AppData\Local\Temp\O48KKfN4.zip.part    a variant of Win32/Kryptik.BEJL trojan    deleted - quarantined
C:\Users\Bear\AppData\Local\Temp\PdnVSesc.zip.part    a variant of Win32/Kryptik.BKXP trojan    deleted - quarantined
C:\Users\Bear\AppData\Local\Temp\S2zer4IO.exe.part    Win32/InstalleRex.J application    cleaned by deleting - quarantined
C:\Users\Bear\AppData\Local\Temp\zCMgFYZ1.exe.part    Win32/InstalleRex.J application    cleaned by deleting - quarantined
C:\Users\Bear\AppData\Local\Temp\_3b98euw.exe.part    Win32/InstalleRex.J application    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\43a0985a-1eadff31    multiple threats    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\3e8eaddc-271ff858    multiple threats    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\3b53ec43-322b6fc3    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\542db69e-613ae69f    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\7b84bca1-671d38bc    multiple threats    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\ed9da23-294af44a    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\27bf0be5-7db59ae9    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\52577ba5-48f1c226    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\3478e1c4-1f7c3c65    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38e29b6c-228cf003    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\1abef0f4-123f4d00    Java/Exploit.Agent.NBS trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\126d076-36c95301    a variant of Java/Exploit.Agent.OYF trojan    cleaned by deleting - quarantined
C:\Users\Bear\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\23437cff-4f2ffb31    multiple threats    cleaned by deleting - quarantined
C:\Users\Bear\Documents\PCStitch.10.00.021.rar    a variant of Win32/HackTool.Patcher.AD application    deleted - quarantined
C:\Users\Bear\Downloads\adobe photoshop lightroom 4.rar    BAT/HostsChanger.A application    deleted - quarantined
C:\Users\ComaCalm\AppData\Local\Temp\IeHBXJne.exe.part    Win32/Somoto.A application    cleaned by deleting - quarantined
C:\Users\ComaCalm\AppData\Local\Temp\PCStitch.Pro.v9.0.16.rar    a variant of Win32/Packed.MoleboxUltra.A application    deleted - quarantined
C:\Users\ComaCalm\AppData\Local\Temp\tmpbca3f507\644.exe    a variant of Win32/Kryptik.BNII trojan    cleaned by deleting - quarantined
C:\Users\ComaCalm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\405f1cd8-3eb269a5    Java/Exploit.Agent.PZD trojan    cleaned by deleting - quarantined
C:\Users\ComaCalm\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\405f1cd8-6cc0090c    Java/Exploit.Agent.PZD trojan    cleaned by deleting - quarantined
C:\Users\ComaCalm\AppData\Roaming\Keygcy\aqetw.exe    Win32/Spy.Zbot.AAO trojan    cleaned by deleting - quarantined
C:\Users\ComaCalm\Downloads\Cross_Stitch_Collection_Magazine_-_67_Issues_downloader_362.exe    a variant of Win32/YourFileDownloader application    cleaned by deleting - quarantined
C:\Users\ComaCalm\Downloads\FreeYouTubeToMP3Converter.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\ComaCalm\Downloads\GraboidVideoSetup-3.26.exe    Win32/Graboid application    cleaned by deleting - quarantined
C:\Users\ComaCalm\Downloads\gtk2126-setup.exe    a variant of Win32/1AntiVirus application    cleaned by deleting - quarantined
C:\Users\ComaCalm\Downloads\setup.exe    a variant of Win32/Kryptik.BLXE trojan    cleaned by deleting - quarantined
C:\Users\ComaCalm\Downloads\SoftonicDownloader_for_gminder.exe    Win32/SoftonicDownloader.D application    cleaned by deleting - quarantined
 



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 23 October 2013 - 09:38 PM

Hello, it appears there was a cracked software installed, this is almost a guarantee for infection. They trade you free software to steal your personal info.

Here's what I know on this...The practice of using keygens, hacking tools, cracking tools, warez, torrents or any pirated software is not only considered illegal activity but it is a serious security risk.


Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

TrendMicro Warning


...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV


...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study


...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware


...a staggering 59% of the key generators and crack tools downloaded from P2P networks represent a security liability since they contain malicious and unwanted code. "25% of the Web sites we accessed offering counterfeit product keys, pirated software, key generators or crack tools attempted to install either malicious software or potentially unwanted software. A significant number of these Web sites attempted to install malicious or unwanted code...In addition to the peer-to-peer networks, 11% of the key generators and crack tools downloaded from Web sites were also plagued by malicious and unwanted software.

Microsoft Reveals the Risks of Using Pirated XP and Office
Whatever You Do, Do Not Download Windows 7 Via Torrent Sites

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

I strongly recommend that you remove all cracks and keygens immediately to reduce the risk of infection/reinfection. If not, then we are just wasting time trying to clean your system. Further, other tools used during the disinfection process may detect crack and keygens so they need to be removed.

Using these types of programs or the websites visited to get them is almost a guaranteed way to get yourself infected!!



To be certain there are no more Rootkits left please run one more tool.

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 VickieDesigns

VickieDesigns
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 24 October 2013 - 06:33 AM

I ran Malwarebytes, it didn't find anything! That's a lot of information, wow. Unfortunately I'm not the only person that uses the laptop, it's kinda the houses, so I guess I'll have to leave a note on it or something. I'll be more careful in future, I promise! Thanks for all the help.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:42 AM

Posted 24 October 2013 - 09:30 AM

Looks good now, just wondering if Minitoolbox can be run now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 VickieDesigns

VickieDesigns
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:42 AM

Posted 24 October 2013 - 10:20 AM

I just tried. Three times. It won't even run now. (I did re-download)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users