Jump to content

Malwarebytes

Infected with Trojan.Gen.2

- - - - -
Started by needhelp1968, Jul 03 2012 09:30 PM


26 replies to this topic

#1
needhelp1968
Posted 03 July 2012 - 09:30 PM

    New Member

  • Members
  • Pip
  • 13 posts
Hello Forum,

My PC is infected with some Trojan viruses.

I purchased Malware Bytes Pro and ran a full scan.

It detected some trojan's and notified me that they had been removed but my computer continues to be under attack.

1) The computer is awfully slow.

2) IE is opening up malicious websites.

3) My anti-virus continues to prompt me with pop-ups notifying of the virus "Threat Detected"

4) Here are some of the messages:

- Trojan.Gen.2 detected

- Location: C:\Windows\System 32\System.exe

- Infection: Trojan horse Patched_c.LYT

Says "Detected on open"

5) Also shows Trojan.Zeroaccess.B - says manual removal required

6) Attached are the logs requested (DDS and Attach).

Appreciate any help this forum can provide.

Thank you much in advance!

Attached File  DDS.txt   24.45K   21 downloadsAttached File  Attach.txt   13.12K   21 downloads

#2
gringo_pr
Posted 03 July 2012 - 11:09 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3
needhelp1968
Posted 04 July 2012 - 08:15 AM

    New Member

  • Members
  • Pip
  • 13 posts
Hello Gringo_pr,

Thank you for helping me with my request.

I have followed your instructions carefully.

If anything is still amiss please let me know and I will re-do it.

1) Dump of Checkup.txt

Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
PC Cleaners
Java™ 6 Update 26
Java™ 6 Update 3
Java™ 6 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Empowering Technology eSettings Service capuserv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

============================================================================

2) Log from Combofix

ComboFix 12-07-02.01 - Neetu 07/04/2012 2:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.671 [GMT -4:00]
Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\@
c:\users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\n
c:\users\Neetu\AppData\Roaming\8434.677
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\00000004.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\1afb2d56
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\201d3dde
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\55490ac4
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\n
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\00000004.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\00000008.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\000000cb.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000000.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000032.@
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\32.ICO
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\FFVJPlayer.exe
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\Uninstall.exe
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\Nagasoft\vjocx.exe
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee
2012-07-04 06:58 . 2012-07-04 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 17:30 . 2012-07-03 17:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files
2012-07-01 22:23 . 2012-07-03 22:59 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012
2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG
2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG
2012-07-01 22:18 . 2012-07-03 22:59 -------- d-----w- c:\programdata\MFAData
2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\program files\blekkotb_031
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031
2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro
2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data
2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE
2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel
2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 16:12 . 2012-07-04 06:02 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-PC Cleaners - c:\program files\PC Cleaners\PCCleaners.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-VJOcx2.0 - c:\windows\system32\Nagasoft\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 03:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5076)
c:\program files\Microsoft Office\Office12\GrooveMisc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
c:\windows\system32\DllHost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-07-04 03:14:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 07:14
.
Pre-Run: 12,636,794,880 bytes free
Post-Run: 12,372,754,432 bytes free
.
- - End Of File - - 4827DEDBE3A758232EC3D25C76C44195

===================================================================

3) Issues Encountered:

a) Combofix took three attempts to run

b) First time it seemed to execute but gave very quick 2-3 pop us (that were gone before I could read) and then nothing happened.

c) I rebooted and tried a second time. This time the command prompt window showed me that combofix was executing but halfway through it I saw it freeze.

I was not running any other applications or processes. Both anti virus were disabled (AVG and Norton).

I did however get a pop up message saying "Running Combofix in Compatibility mode may damage the machine!"

d) I rebooted and tried a third time. Third time was a charm,

It ran through and then said trying to create a restore point and started completing various stages. Like some 38-40 stages or so.

Then it said "System file infected" and showed this location "C:\Windows\System 32\System.exe"

After some time time it popped up a message saying something like - normal cleanup failed - trying other methods and deeper scan.

After some more time it generated the log.

This entire process in item c described here took over 45 minutes.

===================================================================

4) How is the computer doing:

I tried to open Norton Anti-Virus to enable it but got the message "Illegal operation attempted on a registery key that has been marked for deletion."

So as per your instructions I re-started the computer and this time Norton and AVG launched without any problem.

But as soon as the computer reboot I did get a couple of messages from Norton

a) One for Trojan.gen.2

b) Other as under:

Severity: High
Activity: )Trojan.Zeroaccess.B) detected by Auto-Protect
Status: Manual Removal Required

Otherwise the computer seems to be running ok.

Performance is much improved (not much lag seen).

So far no malicious websites have been opened.

Other than the two instances where I was flagged about the trojans above there have been no other
pop ups from my anti virus indicating viruses.

Earlier (before I ran your instructions) I was getting hit with like 1-2 pop us a minute from my anti virus
about the trojans.

Thank you for the very detailed and clear instructions.

I am not using the computer yet other than to provide you what you have asked for.

What would you like me to do next.

Thanks again!

#4
gringo_pr
Posted 04 July 2012 - 11:22 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
      Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5
needhelp1968
Posted 04 July 2012 - 12:19 PM

    New Member

  • Members
  • Pip
  • 13 posts
Hi Gringo thank you for the quick reply.

Please find the log that you requested (FRST.txt):

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 04-07-2012 13:15:00
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [45056 2007-04-24] ( )
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2007-02-07] ()
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [850704 2007-06-14] (Dritek System Inc.)
HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] ()
HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup [3383296 2007-02-02] (Leader Technologies)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-01-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-01-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-01-02] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [155648 2008-05-06] (Apple Computer, Inc.)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe [35328 2006-11-21] ()
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2009-07-06] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-09-16] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1107552 2012-07-01] ()
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Neetu\...\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
HKU\Neetu\...\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [4670704 2007-08-30] (Yahoo! Inc.)
HKU\Neetu\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Neetu\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2634048 2010-07-06] (Veoh Networks)
HKU\Neetu\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Neetu\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [10555904 2012-07-01] (The Weather Channel)
HKU\Neetu\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
ShortcutTarget: Device Detector 2.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Neetu\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
ShortcutTarget: OpenOffice.org 2.3.lnk -> C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
================================ Services (Whitelisted) ==================
2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5161080 2012-06-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-04-25] (HiTRSUT)
2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.)
2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.)
2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
2 Irmon; C:\Windows\System32\irmon.dll [17920 2006-11-02] (Microsoft Corporation)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [107008 2006-11-24] ()
2 N360; "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-04-02] ()
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [810320 2008-01-28] (Safer Networking Ltd.)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-06-19] (Skype Technologies S.A.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
2 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-01] ()
2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer)
2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
========================== Drivers (Whitelisted) =============
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation)
3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21264 2007-06-14] (Dritek System Inc.)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120702.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)
2 int15; \??\C:\Windows\system32\drivers\int15.sys [76584 2007-03-02] ()
2 irda; C:\Windows\System32\DRIVERS\irda.sys [95744 2008-01-18] (Microsoft Corporation)
4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120703.017\NAVENG.SYS [87928 2012-05-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120703.017\NAVEX15.SYS [1589752 2012-05-16] (Symantec Corporation)
3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [30720 2008-01-18] (National Semiconductor Corporation)
3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-08-25] (NewTech Infosystems, Inc.)
0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-02-07] ()
1 SRTSP; C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2009-10-14] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2011-01-01] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation)
2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-03 23:14 - 2012-07-03 23:14 - 00019389 ____A C:\ComboFix.txt
2012-07-03 23:00 - 2012-07-03 23:01 - 00000000 ____D C:\6788cb2bf9deb48900de59dea34775ee
2012-07-03 22:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-03 22:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-03 22:25 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-03 22:24 - 2012-07-03 23:14 - 00000000 ____D C:\ComboFix
2012-07-03 21:50 - 2012-07-03 23:14 - 00000000 ____D C:\Qoobox
2012-07-03 21:50 - 2012-07-03 23:11 - 00000000 ____D C:\Windows\erdnt
2012-07-03 21:49 - 2012-07-03 21:49 - 00001500 ____A C:\Users\Neetu\Desktop\checkup.txt
2012-07-03 18:18 - 2012-07-03 18:18 - 00025040 ____A C:\Users\Neetu\Desktop\DDS.txt
2012-07-03 18:18 - 2012-07-03 18:18 - 00013435 ____A C:\Users\Neetu\Desktop\Attach.txt
2012-07-03 18:16 - 2012-07-03 18:16 - 00013435 ____A C:\Users\Neetu\Documents\Attach.txt
2012-07-03 14:11 - 2012-07-03 14:11 - 00000000 ____D C:\Users\Neetu\AppData\Local\{96A5A0B0-3C35-478F-B52F-98599CAE6458}
2012-07-03 14:10 - 2012-07-03 14:11 - 00000000 ____D C:\Users\Neetu\AppData\Local\{C49A0691-CD44-4865-921D-E9F316C50626}
2012-07-03 12:55 - 2012-07-03 12:56 - 00000000 ____D C:\Users\Neetu\AppData\Local\{03A696AC-E90B-4315-B7E3-AA64E255829E}
2012-07-03 12:54 - 2012-07-03 12:55 - 00000000 ____D C:\Users\Neetu\AppData\Local\{B019819B-3271-46F0-81D0-985B303AE82C}
2012-07-03 09:30 - 2012-07-03 09:30 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-03 09:30 - 2012-07-03 09:30 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Malwarebytes
2012-07-03 09:29 - 2012-07-03 09:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-03 09:29 - 2012-07-03 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-03 09:29 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 09:15 - 2012-07-03 09:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Neetu\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-03 09:15 - 2012-07-03 09:15 - 00000000 ____D C:\Users\Neetu\AppData\Local\{C3ABB107-7F6A-4438-AF82-A464E6ECB267}
2012-07-03 09:14 - 2012-07-03 09:14 - 00000000 ____D C:\Users\Neetu\AppData\Local\{2F4D5299-68E3-4338-B34D-5A3BE24F52DE}
2012-07-01 14:40 - 2012-07-01 14:41 - 00000000 ____D C:\Users\Neetu\AppData\Local\{3F590268-1497-49B6-8033-3E4F328DEA10}
2012-07-01 14:39 - 2012-07-01 14:40 - 00000000 ____D C:\Users\Neetu\AppData\Local\{6C8453B7-95A2-4C17-96EE-A6278176B168}
2012-07-01 14:26 - 2012-07-01 14:26 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\AVG2012
2012-07-01 14:25 - 2012-07-02 04:26 - 00000846 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-01 14:25 - 2012-07-01 14:25 - 00000000 ____D C:\Users\Neetu\AppData\Local\AVG Secure Search
2012-07-01 14:25 - 2012-07-01 14:25 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-07-01 14:24 - 2012-07-01 14:25 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2012-07-01 14:24 - 2012-07-01 14:25 - 00000000 ____D C:\Program Files\AVG Secure Search
2012-07-01 14:23 - 2012-07-04 04:59 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-01 14:23 - 2012-07-01 14:27 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-01 14:23 - 2012-07-01 14:23 - 00000000 ____D C:\$AVG
2012-07-01 14:22 - 2012-07-01 14:22 - 00000000 ____D C:\Program Files\AVG
2012-07-01 14:18 - 2012-07-04 05:00 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-01 14:18 - 2012-07-01 14:18 - 03879304 ____A (AVG Technologies) C:\Users\Neetu\Downloads\avg_free_stb_all_2012_2180_cnet.exe
2012-07-01 14:17 - 2012-07-01 14:17 - 00000000 ____D C:\Users\Neetu\Documents\Simply Super Software
2012-07-01 14:17 - 2012-06-15 12:39 - 00169744 ____A C:\Windows\System32\ztvunrar36.dll
2012-07-01 14:17 - 2012-06-15 12:35 - 00185616 ____A C:\Windows\System32\ztvunrar39.dll
2012-07-01 14:17 - 2012-06-15 12:33 - 00605968 ____A (Igor Pavlov) C:\Windows\System32\ztv7z.dll
2012-07-01 14:17 - 2012-06-15 12:33 - 00077072 ____A (Microsoft Corporation) C:\Windows\System32\ztvcabinet.dll
2012-07-01 14:17 - 2005-08-25 21:50 - 00077312 ____A C:\Windows\System32\ztvunace26.dll
2012-07-01 14:17 - 2003-02-02 16:06 - 00153088 ____A C:\Windows\System32\unrar3.dll
2012-07-01 14:17 - 2002-03-05 21:00 - 00075264 ____A C:\Windows\System32\unacev2.dll
2012-07-01 14:16 - 2012-07-01 14:17 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Simply Super Software
2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\Neetu\AppData\Local\blekkotb_031
2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\Simply Super Software
2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\blekko toolbars
2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Program Files\blekkotb_031
2012-07-01 14:15 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-07-01 14:15 - 2012-07-01 14:15 - 12308848 ____A (Simply Super Software ) C:\Users\Neetu\Downloads\trj684.exe
2012-07-01 14:14 - 2012-07-01 14:15 - 00463080 ____A (CNET Download.com) C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe
2012-07-01 13:52 - 2012-07-01 13:52 - 00000781 ____A C:\Users\Neetu\Desktop\PC Cleaner Pro.lnk
2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\PCPro
2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\PC Cleaners
2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\All Users\PC1Data
2012-07-01 13:52 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-07-01 13:51 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Users\Neetu\Downloads\PC_Pro_Installer.exe
2012-07-01 13:40 - 2012-07-01 13:40 - 00000000 ____D C:\Users\Neetu\AppData\Local\{882D2F6C-BD61-4D20-B929-C1A041A2E13F}
2012-07-01 13:39 - 2012-07-01 13:39 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8D807900-7F4A-4CB0-8A47-E016CDD121EA}
2012-07-01 13:30 - 2012-07-01 13:51 - 00000000 ____D C:\Users\Neetu\AppData\Local\NPE
2012-07-01 13:29 - 2012-07-01 13:30 - 02841104 ____A (Symantec Corporation) C:\Users\Neetu\Downloads\NPE.exe
2012-07-01 09:39 - 2012-07-01 09:39 - 00001105 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2012-07-01 09:33 - 2012-07-01 09:33 - 00000000 ____D C:\Users\Neetu\AppData\Local\{F139DA26-DEB0-4A11-AFC2-D9872F5EF462}
2012-07-01 09:33 - 2012-07-01 09:33 - 00000000 ____D C:\Program Files\The Weather Channel
2012-07-01 09:32 - 2012-07-01 09:33 - 00000000 ____D C:\Users\Neetu\AppData\Local\{FA2FA6D5-9F0A-420B-8D02-514DEFCA6761}
2012-06-28 15:04 - 2012-06-28 15:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-27 20:49 - 2012-06-27 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-25 19:32 - 2012-06-25 19:32 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Mozilla
2012-06-23 00:41 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 00:41 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 00:41 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 00:41 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 00:40 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-23 00:40 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-23 00:40 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-23 00:39 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-23 00:39 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 04:37 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 04:37 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 04:37 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 04:36 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 04:36 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 04:36 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 04:36 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 04:36 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 04:36 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 04:36 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 04:36 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 04:36 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 04:36 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 04:36 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 00:10 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 00:10 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 00:10 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 00:09 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 00:09 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-08 08:12 - 2012-07-04 08:55 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Skype
2012-06-08 08:12 - 2012-06-08 08:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-08 08:12 - 2012-06-08 08:12 - 00000000 ___RD C:\Program Files\Skype
2012-06-08 08:12 - 2012-06-08 08:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-06-08 08:09 - 2012-06-08 08:09 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Neetu\Downloads\SkypeSetup.exe
2012-06-08 05:51 - 2012-06-08 05:52 - 00000000 ____D C:\Users\Neetu\AppData\Local\{89A46BBA-E89D-4E57-998E-B4702D63D27D}
2012-06-08 05:51 - 2012-06-08 05:51 - 00000000 ____D C:\Users\Neetu\AppData\Local\{D08E103D-FCC9-4B50-B48E-1B8CB525A1A0}
2012-06-07 11:08 - 2012-06-07 11:08 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8285022C-173F-4724-9223-B468237A3046}
2012-06-07 11:08 - 2012-06-07 11:08 - 00000000 ____D C:\Users\Neetu\AppData\Local\{75E89D35-3E13-433C-9202-0F7A09117920}
2012-06-07 09:57 - 2012-06-07 09:57 - 00000000 ____D C:\Users\Neetu\AppData\Local\{F967FD96-05E8-4260-B059-FF1E1003E7AB}
2012-06-07 09:57 - 2012-06-07 09:57 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8A0C59AA-440E-42D8-B5CD-8D056DAC399D}
2012-06-06 19:22 - 2012-06-06 19:22 - 00000000 ____D C:\Users\Neetu\AppData\Local\{54CFE2E8-42DF-443B-8BEE-3C83468B5020}
2012-06-06 19:21 - 2012-06-06 19:21 - 00000000 ____D C:\Users\Neetu\AppData\Local\{44B58133-73DA-491A-82A6-51545C7432B8}

============ 3 Months Modified Files ========================
2012-07-04 09:07 - 2006-11-02 05:01 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-04 09:07 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-04 09:05 - 2009-06-30 22:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job
2012-07-04 09:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-04 09:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-04 08:57 - 2007-10-09 11:03 - 01144365 ____A C:\Windows\WindowsUpdate.log
2012-07-03 23:14 - 2012-07-03 23:14 - 00019389 ____A C:\ComboFix.txt
2012-07-03 23:06 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-07-03 23:03 - 2007-08-25 21:36 - 00452068 ____A C:\Windows\PFRO.log
2012-07-03 23:02 - 2006-11-02 02:22 - 54001664 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\COMPON~1.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 26476544 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-03 21:49 - 2012-07-03 21:49 - 00001500 ____A C:\Users\Neetu\Desktop\checkup.txt
2012-07-03 18:18 - 2012-07-03 18:18 - 00025040 ____A C:\Users\Neetu\Desktop\DDS.txt
2012-07-03 18:18 - 2012-07-03 18:18 - 00013435 ____A C:\Users\Neetu\Desktop\Attach.txt
2012-07-03 18:16 - 2012-07-03 18:16 - 00013435 ____A C:\Users\Neetu\Documents\Attach.txt
2012-07-03 17:59 - 2006-11-02 02:33 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-03 14:30 - 2008-05-06 15:11 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-07-03 09:30 - 2012-07-03 09:30 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-03 09:15 - 2012-07-03 09:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Neetu\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-02 16:05 - 2009-06-30 22:56 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job
2012-07-02 04:26 - 2012-07-01 14:25 - 00000846 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-01 14:18 - 2012-07-01 14:18 - 03879304 ____A (AVG Technologies) C:\Users\Neetu\Downloads\avg_free_stb_all_2012_2180_cnet.exe
2012-07-01 14:15 - 2012-07-01 14:15 - 12308848 ____A (Simply Super Software ) C:\Users\Neetu\Downloads\trj684.exe
2012-07-01 14:15 - 2012-07-01 14:14 - 00463080 ____A (CNET Download.com) C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe
2012-07-01 13:52 - 2012-07-01 13:52 - 00000781 ____A C:\Users\Neetu\Desktop\PC Cleaner Pro.lnk
2012-07-01 13:51 - 2012-07-01 13:52 - 04447544 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-07-01 13:51 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Users\Neetu\Downloads\PC_Pro_Installer.exe
2012-07-01 13:30 - 2012-07-01 13:29 - 02841104 ____A (Symantec Corporation) C:\Users\Neetu\Downloads\NPE.exe
2012-07-01 09:39 - 2012-07-01 09:39 - 00001105 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2012-06-30 20:27 - 2006-11-02 04:52 - 00070810 ____A C:\Windows\setupact.log
2012-06-27 20:49 - 2012-06-27 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-27 20:49 - 2012-01-11 19:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-15 12:39 - 2012-07-01 14:17 - 00169744 ____A C:\Windows\System32\ztvunrar36.dll
2012-06-15 12:35 - 2012-07-01 14:17 - 00185616 ____A C:\Windows\System32\ztvunrar39.dll
2012-06-15 12:33 - 2012-07-01 14:17 - 00605968 ____A (Igor Pavlov) C:\Windows\System32\ztv7z.dll
2012-06-15 12:33 - 2012-07-01 14:17 - 00077072 ____A (Microsoft Corporation) C:\Windows\System32\ztvcabinet.dll
2012-06-14 06:03 - 2006-11-02 04:47 - 00389968 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-08 08:12 - 2012-06-08 08:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-08 08:09 - 2012-06-08 08:09 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Neetu\Downloads\SkypeSetup.exe
2012-06-03 19:35 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 14:19 - 2012-06-23 00:41 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 00:41 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 00:41 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 00:40 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 00:40 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-23 00:41 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-23 00:40 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-23 00:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-23 00:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 15:11 - 2012-06-14 04:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-14 04:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-14 04:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-14 04:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-14 04:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 04:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-14 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-14 04:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 04:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-14 04:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 04:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-14 04:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 04:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 04:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 06:19 - 2012-05-17 06:19 - 00035810 ____A C:\Users\Neetu\Downloads\Voicemail_20120517125400Z (1).wav
2012-05-17 06:18 - 2012-05-17 06:18 - 00035810 ____A C:\Users\Neetu\Downloads\Voicemail_20120517125400Z.wav
2012-05-15 11:51 - 2012-06-13 00:09 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 07:56 - 2008-01-15 10:02 - 00000680 ____A C:\Users\Neetu\AppData\Local\d3d9caps.dat
2012-05-09 09:54 - 2008-05-06 15:18 - 04031488 ___RA C:\Users\Public\Documents\ESBK.mbb
2012-05-09 09:54 - 2008-05-06 15:18 - 01915904 ___RA C:\Users\Public\Documents\ESBK.mb
2012-05-01 06:03 - 2012-06-13 00:09 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-23 08:00 - 2012-06-13 00:10 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:00 - 2012-06-13 00:10 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:00 - 2012-06-13 00:10 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 00:50 - 2012-04-19 00:50 - 00024896 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys
2012-04-11 23:33 - 2012-04-11 23:33 - 00138824 ____A C:\Windows\Minidump\Mini041212-01.dmp
2012-04-11 23:32 - 2009-08-25 06:36 - 329419551 ____A C:\Windows\MEMORY.DMP

ZeroAccess:
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U
ZeroAccess:
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2009-08-04 18:18] - [2009-04-10 22:28] - 0314368 ____A (Microsoft Corporation)
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 2037.81 MB
Available physical RAM: 1752.02 MB
Total Pagefile: 1969.71 MB
Available Pagefile: 1826.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB
======================= Partitions =========================
1 Drive c: (ACER) (Fixed) (Total:69.65 GB) (Free:11.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:6.71 GB) NTFS
4 Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:0.81 GB) FAT32
5 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.87 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1849 KB
Disk 1 Online 7640 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 1024 KB
Partition 2 Primary 70 GB 10 GB
Partition 3 Primary 70 GB 79 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 X PQSERVICE FAT32 Partition 10 GB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C ACER NTFS Partition 70 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 70 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7636 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F KINGSTON FAT32 Removable 7636 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-03 23:38
======================= End Of Log ==========================

#6
gringo_pr
Posted 04 July 2012 - 02:23 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7
needhelp1968
Posted 05 July 2012 - 09:58 AM

    New Member

  • Members
  • Pip
  • 13 posts
Hello! Sorry for the delay in getting back to you.

Please find the requested log (Search.txt):

Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-05 10:50:17
Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-08-04 18:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-06-25 06:02] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe
[2009-08-04 18:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

#8
gringo_pr
Posted 05 July 2012 - 05:23 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt 

Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9
needhelp1968
Posted 05 July 2012 - 05:47 PM

    New Member

  • Members
  • Pip
  • 13 posts
Hello,

Sorry bit of a noob here. I wasn't fully able to understand your previous post

1) I saved the code to my flash drive as fixlist.txt

2) I entered the System Recovery Options

3) I am stuck here. Do I launch "Command Prompt" from here and then run FRST64?

If yes, what command do I type for it?

Also, where is FRST64 located?

Thanks.

#10
gringo_pr
Posted 05 July 2012 - 06:31 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Greetings


you do it just like you did before - and when the program opens you press the fix button

the program we need to run you have run it twice already - first time we used scan - second time we used search and now this time we are going to use fix



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11
needhelp1968
Posted 05 July 2012 - 06:41 PM

    New Member

  • Members
  • Pip
  • 13 posts

Duhhh! Sorry and thank you!


Here is the requested log (Fixlog.txt)


Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-05 19:38:58 Run:1
Running from D:\
==============================================

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} moved successfully.

C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} moved successfully.

==== End of Fixlog ====

#12
gringo_pr
Posted 05 July 2012 - 10:04 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Greetings


Now I want you to rerun combofix for me please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13
needhelp1968
Posted 05 July 2012 - 11:54 PM

    New Member

  • Members
  • Pip
  • 13 posts
1) I booted up the PC. Immediately Norton fired up saying "Security threats were found. These have been fixed"

2) Disabled antivirus (AVG and Norton)

3) Ran Combofix

Got an error message "Error Opening file for writing: C:\32788R22FW\pev.3XE"

Retry didn't work, so I clicked "Ignore" and proceeded

Then it executed without much fuss.

PC is performing slow.

Here is the log:

ComboFix 12-07-05.04 - Neetu 07/06/2012 0:25.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.600 [GMT -4:00]
Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\BSTIEPrintCtl1.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 04:41 . 2012-07-06 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 21:14 . 2012-07-04 21:14 -------- d-----w- C:\FRST
2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee
2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files
2012-07-01 22:23 . 2012-07-06 04:04 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012
2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG
2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG
2012-07-01 22:18 . 2012-07-06 04:05 -------- d-----w- c:\programdata\MFAData
2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\program files\blekkotb_031
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031
2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro
2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data
2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE
2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel
2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 16:12 . 2012-07-04 16:55 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 00:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-06 00:46:00
ComboFix-quarantined-files.txt 2012-07-06 04:45
ComboFix2.txt 2012-07-04 07:14
.
Pre-Run: 17,980,375,040 bytes free
Post-Run: 17,534,480,384 bytes free
.
- - End Of File - - DF2F39B1F26271DD6E4E91D43E7BDAE9

#14
gringo_pr
Posted 06 July 2012 - 12:04 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#15
needhelp1968
Posted 06 July 2012 - 10:33 AM

    New Member

  • Members
  • Pip
  • 13 posts
Hello!

1) When I booted up my computer, Malwarebytes Pro didn't start up.

Instead I got this message:

[OpenEvent] Failed to perform desired action. Error Code: 2

I clicked ok and proceeded.

2) Disabled AVG and Norton anti-virus.

3) Ran TDSSKiller. Here is the log:

10:41:04.0949 6984 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
10:41:05.0271 6984 ============================================================
10:41:05.0271 6984 Current date / time: 2012/07/06 10:41:05.0271
10:41:05.0271 6984 SystemInfo:
10:41:05.0271 6984
10:41:05.0271 6984 OS Version: 6.0.6002 ServicePack: 2.0
10:41:05.0271 6984 Product type: Workstation
10:41:05.0271 6984 ComputerName: NEETU-PC
10:41:05.0272 6984 UserName: Neetu
10:41:05.0272 6984 Windows directory: C:\Windows
10:41:05.0272 6984 System windows directory: C:\Windows
10:41:05.0272 6984 Processor architecture: Intel x86
10:41:05.0272 6984 Number of processors: 2
10:41:05.0272 6984 Page size: 0x1000
10:41:05.0272 6984 Boot type: Normal boot
10:41:05.0272 6984 ============================================================
10:41:09.0183 6984 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:41:09.0217 6984 ============================================================
10:41:09.0217 6984 \Device\Harddisk0\DR0:
10:41:09.0236 6984 MBR partitions:
10:41:09.0236 6984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
10:41:09.0236 6984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
10:41:09.0236 6984 ============================================================
10:41:09.0751 6984 C: <-> \Device\Harddisk0\DR0\Partition0
10:41:09.0879 6984 D: <-> \Device\Harddisk0\DR0\Partition1
10:41:09.0880 6984 ============================================================
10:41:09.0880 6984 Initialize success
10:41:09.0880 6984 ============================================================
10:41:50.0186 3720 ============================================================
10:41:50.0186 3720 Scan started
10:41:50.0186 3720 Mode: Manual;
10:41:50.0186 3720 ============================================================
10:41:53.0766 3720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:41:53.0773 3720 ACPI - ok
10:41:53.0848 3720 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:41:53.0858 3720 adp94xx - ok
10:41:53.0900 3720 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:41:53.0908 3720 adpahci - ok
10:41:53.0937 3720 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:41:53.0941 3720 adpu160m - ok
10:41:53.0971 3720 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:41:53.0975 3720 adpu320 - ok
10:41:54.0029 3720 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:41:54.0031 3720 AeLookupSvc - ok
10:41:54.0122 3720 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:41:54.0128 3720 AFD - ok
10:41:54.0202 3720 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
10:41:54.0204 3720 AgereModemAudio - ok
10:41:54.0322 3720 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
10:41:54.0350 3720 AgereSoftModem - ok
10:41:54.0412 3720 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:41:54.0415 3720 agp440 - ok
10:41:54.0453 3720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:41:54.0456 3720 aic78xx - ok
10:41:54.0498 3720 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:41:54.0499 3720 ALG - ok
10:41:54.0513 3720 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
10:41:54.0515 3720 aliide - ok
10:41:54.0547 3720 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:41:54.0549 3720 amdagp - ok
10:41:54.0583 3720 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
10:41:54.0585 3720 amdide - ok
10:41:54.0620 3720 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:41:54.0622 3720 AmdK7 - ok
10:41:54.0733 3720 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:41:54.0736 3720 AmdK8 - ok
10:41:54.0802 3720 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:41:54.0803 3720 Appinfo - ok
10:41:54.0849 3720 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:41:54.0852 3720 arc - ok
10:41:54.0886 3720 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:41:54.0889 3720 arcsas - ok
10:41:55.0108 3720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:41:55.0220 3720 aspnet_state - ok
10:41:55.0278 3720 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:41:55.0281 3720 AsyncMac - ok
10:41:55.0330 3720 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:41:55.0376 3720 atapi - ok
10:41:56.0408 3720 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
10:41:56.0678 3720 athr - ok
10:41:57.0461 3720 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:41:57.0498 3720 AudioEndpointBuilder - ok
10:41:57.0512 3720 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:41:57.0518 3720 Audiosrv - ok
10:41:59.0112 3720 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
10:41:59.0284 3720 Automatic LiveUpdate Scheduler - ok
10:42:06.0030 3720 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files\AVG\AVG2012\avgidsagent.exe
10:42:08.0300 3720 AVGIDSAgent - ok
10:42:10.0965 3720 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
10:42:10.0971 3720 AVGIDSDriver - ok
10:42:11.0124 3720 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
10:42:11.0126 3720 AVGIDSFilter - ok
10:42:11.0217 3720 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
10:42:11.0236 3720 AVGIDSHX - ok
10:42:11.0334 3720 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
10:42:11.0351 3720 AVGIDSShim - ok
10:42:11.0668 3720 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
10:42:11.0695 3720 Avgldx86 - ok
10:42:11.0831 3720 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:42:11.0851 3720 Avgmfx86 - ok
10:42:12.0064 3720 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:42:12.0075 3720 Avgrkx86 - ok
10:42:12.0833 3720 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
10:42:12.0870 3720 Avgtdix - ok
10:42:13.0490 3720 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
10:42:13.0533 3720 avgwd - ok
10:42:14.0275 3720 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:42:14.0386 3720 b57nd60x - ok
10:42:14.0897 3720 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:42:15.0160 3720 BCM43XV - ok
10:42:15.0194 3720 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:42:15.0200 3720 BCM43XX - ok
10:42:15.0279 3720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:42:15.0296 3720 Beep - ok
10:42:15.0798 3720 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:42:15.0825 3720 BFE - ok
10:42:16.0962 3720 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
10:42:17.0709 3720 BHDrvx86 - ok
10:42:19.0403 3720 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
10:42:19.0823 3720 BITS - ok
10:42:19.0885 3720 blbdrive - ok
10:42:20.0365 3720 Bonjour Service (cc4e72a0fa7f62175c8bb42ba2caa3d5) C:\Program Files\Bonjour\mDNSResponder.exe
10:42:20.0372 3720 Bonjour Service - ok
10:42:20.0783 3720 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:42:20.0826 3720 bowser - ok
10:42:21.0192 3720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:42:21.0267 3720 BrFiltLo - ok
10:42:21.0411 3720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:42:21.0467 3720 BrFiltUp - ok
10:42:21.0842 3720 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:42:21.0868 3720 Browser - ok
10:42:22.0113 3720 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:42:22.0163 3720 Brserid - ok
10:42:22.0384 3720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:42:22.0399 3720 BrSerWdm - ok
10:42:22.0463 3720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:42:22.0476 3720 BrUsbMdm - ok
10:42:22.0679 3720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:42:22.0682 3720 BrUsbSer - ok
10:42:22.0895 3720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:42:22.0899 3720 BTHMODEM - ok
10:42:27.0096 3720 catchme - ok
10:42:29.0136 3720 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys
10:42:29.0260 3720 ccHP - ok
10:42:29.0874 3720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:42:29.0920 3720 cdfs - ok
10:42:30.0292 3720 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:42:30.0350 3720 cdrom - ok
10:42:30.0542 3720 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:42:30.0562 3720 CertPropSvc - ok
10:42:30.0912 3720 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:42:30.0923 3720 circlass - ok
10:42:31.0934 3720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:42:32.0000 3720 CLFS - ok
10:42:32.0798 3720 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:32.0976 3720 clr_optimization_v2.0.50727_32 - ok
10:42:33.0908 3720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:34.0474 3720 clr_optimization_v4.0.30319_32 - ok
10:42:34.0801 3720 CLTNetCnService - ok
10:42:34.0923 3720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:42:34.0940 3720 CmBatt - ok
10:42:35.0046 3720 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:42:35.0059 3720 cmdide - ok
10:42:35.0218 3720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:42:35.0233 3720 Compbatt - ok
10:42:35.0240 3720 COMSysApp - ok
10:42:35.0351 3720 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:42:35.0353 3720 crcdisk - ok
10:42:35.0465 3720 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:42:35.0473 3720 Crusoe - ok
10:42:35.0957 3720 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
10:42:35.0991 3720 CryptSvc - ok
10:42:37.0830 3720 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:42:38.0073 3720 DcomLaunch - ok
10:42:38.0414 3720 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:42:38.0460 3720 DfsC - ok
10:42:41.0499 3720 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:42:41.0765 3720 DFSR - ok
10:42:42.0310 3720 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:42:42.0333 3720 Dhcp - ok
10:42:42.0613 3720 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:42:42.0674 3720 disk - ok
10:42:43.0030 3720 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
10:42:43.0118 3720 DKbFltr - ok
10:42:43.0568 3720 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:42:43.0571 3720 Dnscache - ok
10:42:45.0903 3720 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:42:46.0011 3720 dot3svc - ok
10:42:48.0395 3720 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:42:48.0813 3720 Dot4 - ok
10:42:49.0333 3720 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:42:49.0351 3720 Dot4Print - ok
10:42:49.0821 3720 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:42:49.0860 3720 dot4usb - ok
10:42:51.0236 3720 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:42:51.0283 3720 DPS - ok
10:42:51.0428 3720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:42:51.0479 3720 drmkaud - ok
10:42:53.0529 3720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:42:53.0827 3720 DXGKrnl - ok
10:42:54.0851 3720 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:42:54.0887 3720 E1G60 - ok
10:42:55.0264 3720 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:42:55.0311 3720 EapHost - ok
10:42:57.0936 3720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:42:58.0621 3720 Ecache - ok
10:43:05.0086 3720 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
10:43:05.0298 3720 eDataSecurity Service - ok
10:43:08.0556 3720 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:43:09.0030 3720 eeCtrl - ok
10:43:13.0376 3720 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:43:13.0677 3720 ehRecvr - ok
10:43:14.0871 3720 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:43:14.0962 3720 ehSched - ok
10:43:15.0235 3720 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:43:15.0266 3720 ehstart - ok
10:43:15.0649 3720 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
10:43:15.0693 3720 eLockService - ok
10:43:26.0490 3720 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:43:26.0585 3720 elxstor - ok
10:43:29.0043 3720 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:43:29.0240 3720 EMDMgmt - ok
10:43:30.0525 3720 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe
10:43:30.0678 3720 eNet Service - ok
10:43:31.0719 3720 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:43:31.0733 3720 EraserUtilRebootDrv - ok
10:43:32.0061 3720 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
10:43:32.0087 3720 eRecoveryService - ok
10:43:32.0254 3720 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
10:43:32.0285 3720 eSettingsService - ok
10:43:33.0223 3720 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:43:33.0361 3720 EventSystem - ok
10:43:34.0341 3720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:43:34.0375 3720 exfat - ok
10:43:34.0638 3720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:43:34.0765 3720 fastfat - ok
10:43:34.0907 3720 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:43:34.0910 3720 fdc - ok
10:43:34.0987 3720 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:43:34.0990 3720 fdPHost - ok
10:43:35.0171 3720 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:43:35.0201 3720 FDResPub - ok
10:43:35.0447 3720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:43:35.0482 3720 FileInfo - ok
10:43:35.0764 3720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:43:35.0944 3720 Filetrace - ok
10:43:36.0065 3720 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:36.0078 3720 flpydisk - ok
10:43:36.0503 3720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:43:36.0949 3720 FltMgr - ok
10:43:40.0933 3720 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:43:41.0466 3720 FontCache - ok
10:43:41.0874 3720 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:43:41.0882 3720 FontCache3.0.0.0 - ok
10:43:42.0035 3720 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:42.0063 3720 Fs_Rec - ok
10:43:42.0525 3720 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:43:42.0556 3720 gagp30kx - ok
10:43:42.0736 3720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:42.0791 3720 GEARAspiWDM - ok
10:43:45.0196 3720 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:43:45.0499 3720 gpsvc - ok
10:43:45.0782 3720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:43:45.0815 3720 HdAudAddService - ok
10:43:46.0904 3720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:47.0295 3720 HDAudBus - ok
10:43:47.0438 3720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:43:47.0553 3720 HidBth - ok
10:43:48.0027 3720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:43:48.0036 3720 HidIr - ok
10:43:48.0477 3720 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
10:43:48.0486 3720 hidserv - ok
10:43:48.0695 3720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:48.0767 3720 HidUsb - ok
10:43:49.0095 3720 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:43:49.0129 3720 hkmsvc - ok
10:43:49.0231 3720 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:43:49.0254 3720 HpCISSs - ok
10:43:50.0610 3720 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:43:50.0776 3720 HSFHWAZL - ok
10:43:52.0565 3720 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:43:53.0143 3720 HSF_DPV - ok
10:43:53.0318 3720 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:43:53.0514 3720 HTTP - ok
10:43:54.0362 3720 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:43:54.0405 3720 i2omp - ok
10:43:56.0223 3720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:56.0315 3720 i8042prt - ok
10:43:57.0477 3720 IAANTMON (204a73a56751c68c6031e9d5d611ec98) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:43:57.0527 3720 IAANTMON - ok
10:44:14.0279 3720 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:44:15.0362 3720 ialm - ok
10:44:17.0657 3720 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
10:44:17.0662 3720 iaStor - ok
10:44:18.0075 3720 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:44:18.0182 3720 iaStorV - ok
10:44:18.0649 3720 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:44:18.0691 3720 IDriverT - ok
10:44:20.0798 3720 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:44:21.0215 3720 idsvc - ok
10:44:26.0103 3720 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120705.001\IDSvix86.sys
10:44:26.0821 3720 IDSVix86 - ok
10:44:40.0666 3720 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:44:40.0685 3720 igfx - ok
10:44:42.0731 3720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:44:42.0733 3720 iirsp - ok
10:44:44.0520 3720 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:44:44.0602 3720 IKEEXT - ok
10:44:44.0739 3720 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys
10:44:44.0749 3720 int15 - ok
10:44:49.0610 3720 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys
10:44:50.0498 3720 IntcAzAudAddService - ok
10:44:52.0531 3720 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:44:52.0548 3720 intelide - ok
10:44:52.0797 3720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:44:52.0967 3720 intelppm - ok
10:44:53.0291 3720 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:44:53.0350 3720 IPBusEnum - ok
10:44:53.0648 3720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:44:53.0651 3720 IpFilterDriver - ok
10:44:54.0195 3720 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
10:44:54.0370 3720 iphlpsvc - ok
10:44:54.0379 3720 IpInIp - ok
10:44:54.0498 3720 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:44:54.0532 3720 IPMIDRV - ok
10:44:55.0291 3720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:44:55.0420 3720 IPNAT - ok
10:44:56.0136 3720 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
10:44:56.0154 3720 irda - ok
10:44:56.0394 3720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:44:56.0452 3720 IRENUM - ok
10:44:57.0040 3720 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
10:44:57.0099 3720 Irmon - ok
10:44:57.0423 3720 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:44:57.0454 3720 isapnp - ok
10:44:58.0069 3720 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:44:58.0178 3720 iScsiPrt - ok
10:44:58.0372 3720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:44:58.0375 3720 iteatapi - ok
10:44:58.0547 3720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:44:58.0574 3720 iteraid - ok
10:44:58.0834 3720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:44:58.0870 3720 kbdclass - ok
10:44:58.0978 3720 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
10:44:59.0012 3720 kbdhid - ok
10:44:59.0156 3720 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:44:59.0170 3720 KeyIso - ok
10:45:01.0219 3720 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:45:01.0362 3720 KSecDD - ok
10:45:02.0382 3720 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:45:02.0540 3720 KtmRm - ok
10:45:03.0138 3720 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
10:45:03.0151 3720 LanmanServer - ok
10:45:03.0795 3720 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:45:03.0826 3720 LanmanWorkstation - ok
10:45:04.0256 3720 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:45:04.0259 3720 LightScribeService - ok
10:45:05.0370 3720 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:45:05.0482 3720 LiveUpdate - ok
10:45:06.0758 3720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:45:06.0761 3720 lltdio - ok
10:45:06.0962 3720 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:45:06.0968 3720 lltdsvc - ok
10:45:07.0143 3720 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:45:07.0160 3720 lmhosts - ok
10:45:07.0244 3720 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:45:07.0247 3720 LSI_FC - ok
10:45:07.0291 3720 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:45:07.0294 3720 LSI_SAS - ok
10:45:07.0335 3720 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:45:07.0338 3720 LSI_SCSI - ok
10:45:07.0382 3720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:45:07.0386 3720 luafv - ok
10:45:07.0486 3720 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:45:07.0501 3720 MBAMProtector - ok
10:45:07.0990 3720 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:45:08.0005 3720 MBAMService - ok
10:45:08.0037 3720 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:45:08.0042 3720 Mcx2Svc - ok
10:45:08.0085 3720 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:45:08.0087 3720 megasas - ok
10:45:08.0182 3720 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:45:08.0186 3720 Microsoft Office Groove Audit Service - ok
10:45:08.0237 3720 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:45:08.0240 3720 MMCSS - ok
10:45:08.0296 3720 MobilityService - ok
10:45:08.0402 3720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:45:08.0404 3720 Modem - ok
10:45:08.0482 3720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:45:08.0484 3720 monitor - ok
10:45:08.0595 3720 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:45:08.0597 3720 mouclass - ok
10:45:08.0645 3720 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:45:08.0650 3720 mouhid - ok
10:45:08.0794 3720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:45:08.0798 3720 MountMgr - ok
10:45:08.0962 3720 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:45:08.0966 3720 mpio - ok
10:45:09.0107 3720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:45:09.0110 3720 mpsdrv - ok
10:45:09.0172 3720 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:45:09.0221 3720 MpsSvc - ok
10:45:09.0306 3720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:45:09.0309 3720 Mraid35x - ok
10:45:09.0355 3720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:45:09.0358 3720 MRxDAV - ok
10:45:09.0411 3720 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:45:09.0415 3720 mrxsmb - ok
10:45:09.0508 3720 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:45:09.0551 3720 mrxsmb10 - ok
10:45:09.0575 3720 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:45:09.0578 3720 mrxsmb20 - ok
10:45:09.0628 3720 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
10:45:09.0630 3720 msahci - ok
10:45:09.0652 3720 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:45:09.0696 3720 msdsm - ok
10:45:09.0797 3720 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:45:09.0802 3720 MSDTC - ok
10:45:09.0903 3720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:45:09.0906 3720 Msfs - ok
10:45:09.0957 3720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:45:09.0959 3720 msisadrv - ok
10:45:10.0021 3720 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:45:10.0025 3720 MSiSCSI - ok
10:45:10.0059 3720 msiserver - ok
10:45:10.0091 3720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:45:10.0093 3720 MSKSSRV - ok
10:45:10.0143 3720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:45:10.0145 3720 MSPCLOCK - ok
10:45:10.0156 3720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:45:10.0158 3720 MSPQM - ok
10:45:10.0283 3720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:45:10.0288 3720 MsRPC - ok
10:45:10.0358 3720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:45:10.0360 3720 mssmbios - ok
10:45:10.0418 3720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:45:10.0420 3720 MSTEE - ok
10:45:10.0454 3720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:45:10.0456 3720 Mup - ok
10:45:11.0011 3720 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
10:45:11.0038 3720 N360 - ok
10:45:11.0250 3720 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:45:11.0281 3720 napagent - ok
10:45:12.0895 3720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:45:12.0919 3720 NativeWifiP - ok
10:45:13.0397 3720 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.036\NAVENG.SYS
10:45:13.0402 3720 NAVENG - ok
10:45:14.0083 3720 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.036\NAVEX15.SYS
10:45:14.0174 3720 NAVEX15 - ok
10:45:15.0071 3720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:45:15.0087 3720 NDIS - ok
10:45:15.0209 3720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:45:15.0222 3720 NdisTapi - ok
10:45:15.0254 3720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:45:15.0256 3720 Ndisuio - ok
10:45:15.0390 3720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:45:15.0394 3720 NdisWan - ok
10:45:15.0825 3720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:45:16.0056 3720 NDProxy - ok
10:45:16.0268 3720 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
10:45:16.0272 3720 Net Driver HPZ12 - ok
10:45:16.0497 3720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:45:16.0526 3720 NetBIOS - ok
10:45:16.0560 3720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:45:16.0565 3720 netbt - ok
10:45:16.0612 3720 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:16.0614 3720 Netlogon - ok
10:45:17.0112 3720 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:45:17.0125 3720 Netman - ok
10:45:17.0490 3720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:17.0513 3720 NetMsmqActivator - ok
10:45:17.0526 3720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:17.0530 3720 NetPipeActivator - ok
10:45:18.0108 3720 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:45:18.0116 3720 netprofm - ok
10:45:18.0126 3720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:18.0128 3720 NetTcpActivator - ok
10:45:18.0137 3720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:18.0139 3720 NetTcpPortSharing - ok
10:45:19.0379 3720 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
10:45:20.0245 3720 NETw3v32 - ok
10:45:20.0727 3720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:45:20.0731 3720 nfrd960 - ok
10:45:21.0045 3720 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:45:21.0079 3720 NlaSvc - ok
10:45:21.0175 3720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:45:21.0189 3720 Npfs - ok
10:45:21.0278 3720 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
10:45:21.0281 3720 NSCIRDA - ok
10:45:21.0378 3720 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:45:21.0381 3720 nsi - ok
10:45:21.0444 3720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:45:21.0466 3720 nsiproxy - ok
10:45:22.0182 3720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
[size=3]10:45:22.0378 3720 Ntfs - ok[/size]
[size=3]10:45:22.0488 3720 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys[/size]
[size=3]10:45:22.0514 3720 NTIDrvr - ok[/size]
[size=3]10:45:22.0534 3720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys[/size]
[size=3]10:45:22.0536 3720 ntrigdigi - ok[/size]
[size=3]10:45:22.0590 3720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys[/size]
[size=3]10:45:22.0603 3720 Null - ok[/size]
[size=3]10:45:22.0810 3720 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys[/size]
[size=3]10:45:22.0814 3720 nvraid - ok[/size]
[size=3]10:45:22.0883 3720 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys[/size]
[size=3]10:45:22.0886 3720 nvstor - ok[/size]
[size=3]10:45:22.0965 3720 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys[/size]
[size=3]10:45:22.0969 3720 nv_agp - ok[/size]
[size=3]10:45:22.0976 3720 NwlnkFlt - ok[/size]
[size=3]10:45:22.0995 3720 NwlnkFwd - ok[/size]
[size=3]10:45:23.0641 3720 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE[/size]
[size=3]10:45:23.0655 3720 odserv - ok[/size]
[size=3]10:45:23.0822 3720 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys[/size]
[size=3]10:45:23.0824 3720 ohci1394 - ok[/size]
[size=3]10:45:23.0880 3720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE[/size]
[size=3]10:45:23.0915 3720 ose - ok[/size]
[size=3]10:45:24.0172 3720 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll[/size]
[size=3]10:45:24.0196 3720 p2pimsvc - ok[/size]
[size=3]10:45:24.0212 3720 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll[/size]
[size=3]10:45:24.0220 3720 p2psvc - ok[/size]
[size=3]10:45:24.0269 3720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys[/size]
[size=3]10:45:24.0273 3720 Parport - ok[/size]
[size=3]10:45:24.0341 3720 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys[/size]
[size=3]10:45:24.0351 3720 partmgr - ok[/size]
[size=3]10:45:24.0429 3720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys[/size]
[size=3]10:45:24.0432 3720 Parvdm - ok[/size]
[size=3]10:45:25.0126 3720 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll[/size]
[size=3]10:45:25.0129 3720 PcaSvc - ok[/size]
[size=3]10:45:25.0236 3720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys[/size]
[size=3]10:45:25.0242 3720 pci - ok[/size]
[size=3]10:45:25.0346 3720 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys[/size]
[size=3]10:45:25.0360 3720 pciide - ok[/size]
[size=3]10:45:26.0040 3720 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys[/size]
[size=3]10:45:26.0047 3720 pcmcia - ok[/size]
[size=3]10:45:27.0975 3720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys[/size]
[size=3]10:45:28.0257 3720 PEAUTH - ok[/size]
[size=3]10:45:30.0678 3720 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll[/size]
[size=3]10:45:31.0252 3720 pla - ok[/size]
[size=3]10:45:32.0189 3720 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll[/size]
[size=3]10:45:32.0236 3720 PlugPlay - ok[/size]
[size=3]10:45:32.0322 3720 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll[/size]
[size=3]10:45:32.0332 3720 Pml Driver HPZ12 - ok[/size]
[size=3]10:45:32.0851 3720 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll[/size]
[size=3]10:45:32.0859 3720 PNRPAutoReg - ok[/size]
[size=3]10:45:32.0876 3720 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll[/size]
[size=3]10:45:32.0884 3720 PNRPsvc - ok[/size]
[size=3]10:45:34.0057 3720 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll[/size]
[size=3]10:45:34.0092 3720 PolicyAgent - ok[/size]
[size=3]10:45:34.0919 3720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys[/size]
[size=3]10:45:34.0937 3720 PptpMiniport - ok[/size]
[size=3]10:45:34.0980 3720 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys[/size]
[size=3]10:45:34.0983 3720 Processor - ok[/size]
[size=3]10:45:35.0216 3720 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll[/size]
[size=3]10:45:35.0306 3720 ProfSvc - ok[/size]
[size=3]10:45:35.0389 3720 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe[/size]
[size=3]10:45:35.0391 3720 ProtectedStorage - ok[/size]
[size=3]10:45:35.0995 3720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys[/size]
[size=3]10:45:36.0005 3720 PSched - ok[/size]
[size=3]10:45:36.0128 3720 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys[/size]
[size=3]10:45:36.0130 3720 PSDFilter - ok[/size]
[size=3]10:45:36.0224 3720 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys[/size]
[size=3]10:45:36.0227 3720 PSDNServ - ok[/size]
[size=3]10:45:36.0524 3720 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys[/size]
[size=3]10:45:36.0540 3720 psdvdisk - ok[/size]
[size=3]10:45:36.0729 3720 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys[/size]
[size=3]10:45:36.0747 3720 PxHelp20 - ok[/size]
[size=3]10:45:42.0810 3720 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys[/size]
[size=3]10:45:43.0392 3720 ql2300 - ok[/size]
[size=3]10:45:43.0703 3720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys[/size]
[size=3]10:45:43.0715 3720 ql40xx - ok[/size]
[size=3]10:45:43.0942 3720 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll[/size]
[size=3]10:45:43.0965 3720 QWAVE - ok[/size]
[size=3]10:45:44.0122 3720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys[/size]
[size=3]10:45:44.0126 3720 QWAVEdrv - ok[/size]
[size=3]10:45:44.0194 3720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys[/size]
[size=3]10:45:44.0197 3720 RasAcd - ok[/size]
[size=3]10:45:44.0535 3720 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll[/size]
[size=3]10:45:44.0581 3720 RasAuto - ok[/size]
[size=3]10:45:44.0902 3720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys[/size]
[size=3]10:45:44.0910 3720 Rasl2tp - ok[/size]
[size=3]10:45:45.0197 3720 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll[/size]
[size=3]10:45:45.0209 3720 RasMan - ok[/size]
[size=3]10:45:45.0361 3720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys[/size]
[size=3]10:45:45.0411 3720 RasPppoe - ok[/size]
[size=3]10:45:45.0891 3720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys[/size]
[size=3]10:45:46.0296 3720 RasSstp - ok[/size]
[size=3]10:45:46.0811 3720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys[/size]
[size=3]10:45:46.0817 3720 rdbss - ok[/size]
[size=3]10:45:46.0920 3720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys[/size]
[size=3]10:45:46.0948 3720 RDPCDD - ok[/size]
[size=3]10:45:47.0068 3720 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys[/size]
[size=3]10:45:47.0074 3720 rdpdr - ok[/size]
[size=3]10:45:47.0126 3720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys[/size]
[size=3]10:45:47.0139 3720 RDPENCDD - ok[/size]
[size=3]10:45:47.0701 3720 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys[/size]
[size=3]10:45:54.0720 3720 RDPWD - ok[/size]
[size=3]10:45:55.0781 3720 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll[/size]
[size=3]10:45:56.0339 3720 RemoteAccess - ok[/size]
[size=3]10:45:57.0741 3720 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll[/size]
[size=3]10:45:58.0518 3720 RemoteRegistry - ok[/size]
[size=3]10:45:59.0617 3720 RichVideo (2de0a33a7e58bedc8d70b1940e0ffe28) C:\Program Files\CyberLink\Shared Files\RichVideo.exe[/size]
[size=3]10:46:00.0782 3720 RichVideo - ok[/size]
[size=3]10:46:00.0844 3720 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe[/size]
[size=3]10:46:00.0879 3720 RpcLocator - ok[/size]
[size=3]10:46:01.0187 3720 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll[/size]
[size=3]10:46:01.0765 3720 RpcSs - ok[/size]
[size=3]10:46:02.0946 3720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys[/size]
[size=3]10:46:03.0254 3720 rspndr - ok[/size]
[size=3]10:46:03.0334 3720 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys[/size]
[size=3]10:46:03.0459 3720 RTL8169 - ok[/size]
[size=3]10:46:03.0543 3720 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe[/size]
[size=3]10:46:04.0336 3720 SamSs - ok[/size]
[size=3]10:46:04.0413 3720 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys[/size]
[size=3]10:46:04.0930 3720 sbp2port - ok[/size]
[size=3]10:46:06.0049 3720 SBSDWSCService (a0c00a6265949ac72ab51b711743ca6d) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[/size]
[size=3]10:46:07.0222 3720 SBSDWSCService - ok[/size]
[size=3]10:46:07.0549 3720 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll[/size]
[size=3]10:46:07.0802 3720 SCardSvr - ok[/size]
[size=3]10:46:08.0383 3720 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll[/size]
[size=3]10:46:08.0925 3720 Schedule - ok[/size]
[size=3]10:46:08.0972 3720 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll[/size]
[size=3]10:46:09.0856 3720 SCPolicySvc - ok[/size]
[size=3]10:46:10.0261 3720 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys[/size]
[size=3]10:46:10.0663 3720 sdbus - ok[/size]
[size=3]10:46:10.0716 3720 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll[/size]
[size=3]10:46:10.0732 3720 SDRSVC - ok[/size]
[size=3]10:46:11.0284 3720 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[/size]
[size=3]10:46:11.0877 3720 SeaPort - ok[/size]
[size=3]10:46:12.0245 3720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys[/size]
[size=3]10:46:12.0271 3720 secdrv - ok[/size]
[size=3]10:46:12.0571 3720 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll[/size]
[size=3]10:46:12.0638 3720 seclogon - ok[/size]
[size=3]10:46:13.0049 3720 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll[/size]
[size=3]10:46:13.0131 3720 SENS - ok[/size]
[size=3]10:46:13.0152 3720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys[/size]
[size=3]10:46:13.0249 3720 Serenum - ok[/size]
[size=3]10:46:13.0580 3720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys[/size]
[size=3]10:46:13.0749 3720 Serial - ok[/size]
[size=3]10:46:13.0860 3720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys[/size]
[size=3]10:46:14.0733 3720 sermouse - ok[/size]
[size=3]10:46:14.0889 3720 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll[/size]
[size=3]10:46:14.0904 3720 SessionEnv - ok[/size]
[size=3]10:46:14.0982 3720 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys[/size]
[size=3]10:46:15.0101 3720 sffdisk - ok[/size]
[size=3]10:46:15.0214 3720 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys[/size]
[size=3]10:46:15.0421 3720 sffp_mmc - ok[/size]
[size=3]10:46:15.0593 3720 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys[/size]
[size=3]10:46:16.0653 3720 sffp_sd - ok[/size]
[size=3]10:46:16.0701 3720 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys[/size]
[size=3]10:46:16.0843 3720 sfloppy - ok[/size]
[size=3]10:46:17.0052 3720 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll[/size]
[size=3]10:46:17.0096 3720 SharedAccess - ok[/size]
[size=3]10:46:17.0165 3720 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll[/size]
[size=3]10:46:17.0917 3720 ShellHWDetection - ok[/size]
[size=3]10:46:17.0957 3720 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys[/size]
[size=3]10:46:18.0066 3720 sisagp - ok[/size]
[size=3]10:46:18.0405 3720 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys[/size]
[size=3]10:46:18.0532 3720 SiSRaid2 - ok[/size]
[size=3]10:46:19.0318 3720 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys[/size]
[size=3]10:46:20.0236 3720 SiSRaid4 - ok[/size]
[size=3]10:46:23.0943 3720 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[/size]
[size=3]10:46:25.0705 3720 Skype C2C Service - ok[/size]
[size=3]10:46:25.0996 3720 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe[/size]
[size=3]10:46:28.0025 3720 SkypeUpdate - ok[/size]
[size=3]10:46:29.0463 3720 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe[/size]
[size=3]10:46:30.0394 3720 slsvc - ok[/size]
[size=3]10:46:31.0049 3720 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll[/size]
[size=3]10:46:31.0235 3720 SLUINotify - ok[/size]
[size=3]10:46:31.0310 3720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys[/size]
[size=3]10:46:31.0412 3720 Smb - ok[/size]
[size=3]10:46:31.0452 3720 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe[/size]
[size=3]10:46:31.0459 3720 SNMPTRAP - ok[/size]
[size=3]10:46:31.0725 3720 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys[/size]
[size=3]10:46:32.0076 3720 SNP2UVC - ok[/size]
[size=3]10:46:32.0502 3720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys[/size]
[size=3]10:46:32.0509 3720 spldr - ok[/size]
[size=3]10:46:32.0592 3720 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe[/size]
[size=3]10:46:32.0802 3720 Spooler - ok[/size]
[size=3]10:46:32.0974 3720 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS[/size]
[size=3]10:46:33.0120 3720 SRTSP - ok[/size]
[size=3]10:46:33.0162 3720 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS[/size]
[size=3]10:46:33.0244 3720 SRTSPX - ok[/size]
[size=3]10:46:33.0295 3720 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys[/size]
[size=3]10:46:33.0433 3720 srv - ok[/size]
[size=3]10:46:33.0477 3720 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys[/size]
[size=3]10:46:33.0548 3720 srv2 - ok[/size]
[size=3]10:46:33.0592 3720 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys[/size]
[size=3]10:46:33.0654 3720 srvnet - ok[/size]
[size=3]10:46:33.0711 3720 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll[/size]
[size=3]10:46:33.0722 3720 SSDPSRV - ok[/size]
[size=3]10:46:33.0765 3720 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll[/size]
[size=3]10:46:33.0806 3720 SstpSvc - ok[/size]
[size=3]10:46:33.0899 3720 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys[/size]
[size=3]10:46:33.0972 3720 StillCam - ok[/size]
[size=3]10:46:34.0032 3720 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll[/size]
[size=3]10:46:34.0728 3720 stisvc - ok[/size]
[size=3]10:46:34.0906 3720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys[/size]
[size=3]10:46:34.0967 3720 swenum - ok[/size]
[size=3]10:46:35.0196 3720 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll[/size]
[size=3]10:46:35.0320 3720 swprv - ok[/size]
[size=3]10:46:35.0420 3720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys[/size]
[size=3]10:46:35.0521 3720 Symc8xx - ok[/size]
[size=3]10:46:35.0677 3720 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS[/size]
[size=3]10:46:36.0081 3720 SymDS - ok[/size]
[size=3]10:46:36.0416 3720 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS[/size]
[size=3]10:46:36.0729 3720 SymEFA - ok[/size]
[size=3]10:46:37.0027 3720 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS[/size]
[size=3]10:46:37.0282 3720 SymEvent - ok[/size]
[size=3]10:46:37.0548 3720 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS[/size]
[size=3]10:46:38.0001 3720 SymIRON - ok[/size]
[size=3]10:46:38.0094 3720 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS[/size]
[size=3]10:46:38.0308 3720 SYMTDIv - ok[/size]
[size=3]10:46:38.0367 3720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys[/size]
[size=3]10:46:38.0477 3720 Sym_hi - ok[/size]
[size=3]10:46:38.0584 3720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys[/size]
[size=3]10:46:38.0649 3720 Sym_u3 - ok[/size]
[size=3]10:46:38.0758 3720 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys[/size]
[size=3]10:46:39.0049 3720 SynTP - ok[/size]
[size=3]10:46:39.0433 3720 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll[/size]
[size=3]10:46:39.0532 3720 SysMain - ok[/size]
[size=3]10:46:39.0599 3720 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll[/size]
[size=3]10:46:39.0609 3720 TabletInputService - ok[/size]
[size=3]10:46:39.0678 3720 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll[/size]
[size=3]10:46:39.0768 3720 TapiSrv - ok[/size]
[size=3]10:46:39.0956 3720 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll[/size]
[size=3]10:46:40.0013 3720 TBS - ok[/size]
[size=3]10:46:40.0327 3720 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys[/size]
[size=3]10:46:40.0427 3720 Tcpip - ok[/size]
[size=3]10:46:40.0444 3720 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys[/size]
[size=3]10:46:40.0453 3720 Tcpip6 - ok[/size]
[size=3]10:46:40.0710 3720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys[/size]
[size=3]10:46:41.0188 3720 tcpipreg - ok[/size]
[size=3]10:46:41.0257 3720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys[/size]
[size=3]10:46:41.0362 3720 TDPIPE - ok[/size]
[size=3]10:46:41.0422 3720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys[/size]
[size=3]10:46:41.0554 3720 TDTCP - ok[/size]
[size=3]10:46:42.0394 3720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys[/size]
[size=3]10:46:42.0516 3720 tdx - ok[/size]
[size=3]10:46:42.0562 3720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys[/size]
[size=3]10:46:42.0725 3720 TermDD - ok[/size]
[size=3]10:46:42.0998 3720 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll[/size]
[size=3]10:46:43.0075 3720 TermService - ok[/size]
[size=3]10:46:43.0154 3720 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll[/size]
[size=3]10:46:43.0159 3720 Themes - ok[/size]
[size=3]10:46:43.0217 3720 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll[/size]
[size=3]10:46:43.0230 3720 THREADORDER - ok[/size]
[size=3]10:46:43.0399 3720 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys[/size]
[size=3]10:46:43.0578 3720 tifm21 - ok[/size]
[size=3]10:46:43.0649 3720 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll[/size]
[size=3]10:46:43.0661 3720 TrkWks - ok[/size]
[size=3]10:46:43.0747 3720 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe[/size]
[size=3]10:46:43.0804 3720 TrustedInstaller - ok[/size]
[size=3]10:46:44.0125 3720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys[/size]
[size=3]10:46:44.0404 3720 tssecsrv - ok[/size]
[size=3]10:46:44.0476 3720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys[/size]
[size=3]10:46:44.0546 3720 tunmp - ok[/size]
[size=3]10:46:44.0592 3720 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys[/size]
[size=3]10:46:44.0636 3720 tunnel - ok[/size]
[size=3]10:46:44.0708 3720 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys[/size]
[size=3]10:46:44.0817 3720 uagp35 - ok[/size]
[size=3]10:46:46.0396 3720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys[/size]
[size=3]10:46:46.0799 3720 udfs - ok[/size]
[size=3]10:46:47.0615 3720 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe[/size]
[size=3]10:46:47.0629 3720 UI0Detect - ok[/size]
[size=3]10:46:48.0668 3720 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys[/size]
[size=3]10:46:49.0759 3720 uliagpkx - ok[/size]
[size=3]10:46:51.0912 3720 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys[/size]
[size=3]10:46:52.0415 3720 uliahci - ok[/size]
[size=3]10:46:53.0760 3720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys[/size]
[size=3]10:46:53.0986 3720 UlSata - ok[/size]
[size=3]10:46:54.0562 3720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys[/size]
[size=3]10:46:55.0273 3720 ulsata2 - ok[/size]
[size=3]10:46:55.0529 3720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys[/size]
[size=3]10:46:56.0111 3720 umbus - ok[/size]
[size=3]10:47:00.0387 3720 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll[/size]
[size=3]10:47:00.0858 3720 upnphost - ok[/size]
[size=3]10:47:01.0469 3720 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys[/size]
[size=3]10:47:01.0614 3720 usbccgp - ok[/size]
[size=3]10:47:01.0674 3720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys[/size]
[size=3]10:47:01.0759 3720 usbcir - ok[/size]
[size=3]10:47:01.0833 3720 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys[/size]
[size=3]10:47:02.0401 3720 usbehci - ok[/size]
[size=3]10:47:02.0531 3720 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys[/size]
[size=3]10:47:02.0864 3720 usbhub - ok[/size]
[size=3]10:47:03.0143 3720 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys[/size]
[size=3]10:47:03.0225 3720 usbohci - ok[/size]
[size=3]10:47:03.0294 3720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys[/size]
[size=3]10:47:03.0383 3720 usbprint - ok[/size]
[size=3]10:47:04.0339 3720 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys[/size]
[size=3]10:47:04.0404 3720 usbscan - ok[/size]
[size=3]10:47:04.0451 3720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS[/size]
[size=3]10:47:04.0542 3720 USBSTOR - ok[/size]
[size=3]10:47:05.0148 3720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys[/size]
[size=3]10:47:05.0216 3720 usbuhci - ok[/size]
[size=3]10:47:05.0283 3720 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys[/size]
[size=3]10:47:05.0347 3720 usbvideo - ok[/size]
[size=3]10:47:05.0415 3720 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll[/size]
[size=3]10:47:05.0557 3720 UxSms - ok[/size]
[size=3]10:47:06.0064 3720 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe[/size]
[size=3]10:47:06.0379 3720 vds - ok[/size]
[size=3]10:47:06.0418 3720 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys[/size]
[size=3]10:47:06.0507 3720 vga - ok[/size]
[size=3]10:47:06.0554 3720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys[/size]
[size=3]10:47:06.0598 3720 VgaSave - ok[/size]
[size=3]10:47:06.0962 3720 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys[/size]
[size=3]10:47:07.0003 3720 viaagp - ok[/size]
[size=3]10:47:07.0214 3720 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys[/size]
[size=3]10:47:07.0533 3720 ViaC7 - ok[/size]
[size=3]10:47:07.0579 3720 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys[/size]
[size=3]10:47:07.0649 3720 viaide - ok[/size]
[size=3]10:47:08.0012 3720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys[/size]
[size=3]10:47:08.0031 3720 volmgr - ok[/size]
[size=3]10:47:08.0105 3720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys[/size]
[size=3]10:47:08.0192 3720 volmgrx - ok[/size]
[size=3]10:47:08.0255 3720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys[/size]
[size=3]10:47:08.0297 3720 volsnap - ok[/size]
[size=3]10:47:08.0704 3720 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys[/size]
[size=3]10:47:08.0776 3720 vsmraid - ok[/size]
[size=3]10:47:09.0504 3720 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe[/size]
[size=3]10:47:09.0555 3720 VSS - ok[/size]
[size=3]10:47:10.0196 3720 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe[/size]
[size=3]10:47:10.0698 3720 vToolbarUpdater11.2.0 - ok[/size]
[size=3]10:47:10.0964 3720 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll[/size]
[size=3]10:47:11.0072 3720 W32Time - ok[/size]
[size=3]10:47:11.0205 3720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys[/size]
[size=3]10:47:11.0281 3720 WacomPen - ok[/size]
[size=3]10:47:11.0325 3720 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size=3]10:47:11.0432 3720 Wanarp - ok[/size]
[size=3]10:47:11.0439 3720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys[/size]
[size=3]10:47:11.0441 3720 Wanarpv6 - ok[/size]
[size=3]10:47:11.0825 3720 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll[/size]
[size=3]10:47:12.0222 3720 wcncsvc - ok[/size]
[size=3]10:47:12.0566 3720 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll[/size]
[size=3]10:47:12.0612 3720 WcsPlugInService - ok[/size]
[size=3]10:47:12.0765 3720 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys[/size]
[size=3]10:47:12.0875 3720 Wd - ok[/size]
[size=3]10:47:14.0904 3720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys[/size]
[size=3]10:47:15.0164 3720 Wdf01000 - ok[/size]
[size=3]10:47:15.0818 3720 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll[/size]
[size=3]10:47:15.0954 3720 WdiServiceHost - ok[/size]
[size=3]10:47:15.0961 3720 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll[/size]
[size=3]10:47:15.0966 3720 WdiSystemHost - ok[/size]
[size=3]10:47:16.0927 3720 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll[/size]
[size=3]10:47:17.0112 3720 WebClient - ok[/size]
[size=3]10:47:18.0090 3720 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll[/size]
[size=3]10:47:18.0310 3720 Wecsvc - ok[/size]
[size=3]10:47:18.0748 3720 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll[/size]
[size=3]10:47:18.0815 3720 wercplsupport - ok[/size]
[size=3]10:47:19.0250 3720 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll[/size]
[size=3]10:47:19.0504 3720 WerSvc - ok[/size]
[size=3]10:47:20.0731 3720 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS[/size]
[size=3]10:47:20.0875 3720 winachsf - ok[/size]
[size=3]10:47:21.0839 3720 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll[/size]
[size=3]10:47:22.0382 3720 WinDefend - ok[/size]
[size=3]10:47:22.0399 3720 WinHttpAutoProxySvc - ok[/size]
[size=3]10:47:23.0574 3720 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll[/size]
[size=3]10:47:24.0275 3720 Winmgmt - ok[/size]
[size=3]10:47:25.0242 3720 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll[/size]
[size=3]10:47:25.0838 3720 WinRM - ok[/size]
[size=3]10:47:26.0104 3720 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll[/size]
[size=3]10:47:26.0208 3720 Wlansvc - ok[/size]
[size=3]10:47:26.0787 3720 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[/size]
[size=3]10:47:27.0082 3720 wlidsvc - ok[/size]
[size=3]10:47:28.0696 3720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys[/size]
[size=3]10:47:28.0741 3720 WmiAcpi - ok[/size]
[size=3]10:47:28.0839 3720 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe[/size]
[size=3]10:47:28.0890 3720 wmiApSrv - ok[/size]
[size=3]10:47:29.0038 3720 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe[/size]
[size=3]10:47:29.0155 3720 WMIService - ok[/size]
[size=3]10:47:29.0308 3720 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe[/size]
[size=3]10:47:29.0395 3720 WMPNetworkSvc - ok[/size]
[size=3]10:47:29.0833 3720 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll[/size]
[size=3]10:47:29.0970 3720 WPCSvc - ok[/size]
[size=3]10:47:30.0045 3720 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll[/size]
[size=3]10:47:30.0144 3720 WPDBusEnum - ok[/size]
[size=3]10:47:30.0276 3720 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys[/size]
[size=3]10:47:30.0335 3720 WpdUsb - ok[/size]
[size=3]10:47:30.0683 3720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[/size]
[size=3]10:47:31.0132 3720 WPFFontCache_v0400 - ok[/size]
[size=3]10:47:31.0340 3720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys[/size]
[size=3]10:47:31.0393 3720 ws2ifsl - ok[/size]
[size=3]10:47:31.0491 3720 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll[/size]
[size=3]10:47:31.0605 3720 wscsvc - ok[/size]
[size=3]10:47:31.0617 3720 WSearch - ok[/size]
[size=3]10:47:32.0355 3720 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll[/size]
[size=3]10:47:32.0731 3720 wuauserv - ok[/size]
[size=3]10:47:33.0132 3720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys[/size]
[size=3]10:47:33.0191 3720 WUDFRd - ok[/size]
[size=3]10:47:33.0266 3720 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll[/size]
[size=3]10:47:33.0276 3720 wudfsvc - ok[/size]
[size=3]10:47:33.0386 3720 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl[/size]
[size=3]10:47:33.0398 3720 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok[/size]
[size=3]10:47:33.0422 3720 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0[/size]
[size=3]10:47:37.0559 3720 \Device\Harddisk0\DR0 - ok[/size]
[size=3]10:47:37.0592 3720 Boot (0x1200) (0ad4c135ddd5c7c558f1b37433dd641f) \Device\Harddisk0\DR0\Partition0[/size]
[size=3]10:47:37.0594 3720 \Device\Harddisk0\DR0\Partition0 - ok[/size]
[size=3]10:47:37.0614 3720 Boot (0x1200) (1785dd7402a53f688825e4069d107f1f) \Device\Harddisk0\DR0\Partition1[/size]
[size=3]10:47:37.0616 3720 \Device\Harddisk0\DR0\Partition1 - ok[/size]
[size=3]10:47:37.0617 3720 ============================================================[/size]
[size=3]10:47:37.0617 3720 Scan finished[/size]
[size=3]10:47:37.0617 3720 ============================================================[/size]
[size=3]10:47:37.0643 7168 Detected object count: 0[/size]
[size=3]10:47:37.0643 7168 Actual detected object count: 0[/size]



[size=3]4) I ran aswMBR. Here is the log: [/size]

[size=3]aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 10:52:31
-----------------------------
10:52:31.947 OS Version: Windows 6.0.6002 Service Pack 2
10:52:31.947 Number of processors: 2 586 0xF0D
10:52:31.949 ComputerName: NEETU-PC UserName: Neetu
10:52:42.303 Initialize success
10:56:25.112 AVAST engine defs: 12070600
10:59:36.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:59:36.665 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3
10:59:36.698 Disk 0 MBR read successfully
10:59:36.704 Disk 0 MBR scan
10:59:36.719 Disk 0 unknown MBR code
10:59:36.735 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
10:59:36.766 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048
10:59:36.799 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264
10:59:36.821 Disk 0 scanning sectors +312578048
10:59:36.895 Disk 0 scanning C:\Windows\system32\drivers
11:00:08.164 Service scanning
11:00:54.338 Modules scanning
11:01:07.063 Disk 0 trace - called modules:
11:01:07.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
11:01:07.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860d8ac8]
11:01:07.162 3 CLASSPNP.SYS[87fb98b3] -> nt!IofCallDriver -> [0x84e0f798]
11:01:07.175 5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e15030]
11:01:08.069 AVAST engine scan C:\Windows
11:01:37.906 AVAST engine scan C:\Windows\system32
11:07:48.536 AVAST engine scan C:\Windows\system32\drivers
11:08:10.626 AVAST engine scan C:\Users\Neetu
11:14:10.076 AVAST engine scan C:\ProgramData
11:22:32.629 Scan finished successfully
11:25:49.921 Disk 0 MBR has been saved successfully to "C:\Users\Neetu\Desktop\Downloads\MBR.dat"
11:25:49.932 The log file has been saved successfully to "C:\Users\Neetu\Desktop\Downloads\aswMBR.txt"[/size]


[size=3]Thank you![/size]

#16
gringo_pr
Posted 06 July 2012 - 01:14 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#17
needhelp1968
Posted 06 July 2012 - 02:29 PM

    New Member

  • Members
  • Pip
  • 13 posts
Hello

1) Created CFScript.txt and dragged it to Combofix.exe

2) Combofix started executing, it then prompted me that a new version of combofix was available and asked if it should upgrade.

I said yes, it did so and continued.

3) Here is the log it produced after executing:

===================================================================

ComboFix 12-07-06.02 - Neetu 07/06/2012 14:34:27.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.784 [GMT -4:00]
Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\users\Neetu\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\blekkotb_031\blEKkotb_019x.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 18:46 . 2012-07-06 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 21:14 . 2012-07-04 21:14 -------- d-----w- C:\FRST
2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee
2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files
2012-07-01 22:23 . 2012-07-06 14:47 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012
2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG
2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG
2012-07-01 22:18 . 2012-07-06 14:47 -------- d-----w- c:\programdata\MFAData
2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars
2012-07-01 22:16 . 2012-07-06 18:45 -------- d-----w- c:\program files\blekkotb_031
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031
2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro
2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data
2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE
2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel
2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 16:12 . 2012-07-04 16:55 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 30564131
*NewlyCreated* - ASWMBR
*Deregistered* - 30564131
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 14:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-06 14:49:41
ComboFix-quarantined-files.txt 2012-07-06 18:49
ComboFix2.txt 2012-07-06 04:46
ComboFix3.txt 2012-07-04 07:14
.
Pre-Run: 15,417,815,040 bytes free
Post-Run: 15,365,451,776 bytes free
.
- - End Of File - - 2007045B78FE54BB542DA2827B4EC817


===================================================================

4) Computer is running fine now, no lagging or slowness. No more prompts of viruses or trojans.

I uninstalled AVG anti-virus. Only running Norton now.

Norton is enabled now. Hasn't alerted me to any threats yet.

Thank you!

#18
gringo_pr
Posted 06 July 2012 - 07:42 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

    Programs to remove

      Adobe Reader 9.4.7
      blekko search bar
      eMusic - 50 Free MP3 offer
      Java™ 6 Update 26
      Java™ 6 Update 3
      Java™ 6 Update 5


    Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

    Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com.../readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

      If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

    I would like you to rerun MBAM

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

    In your next post I need the following

    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#19
needhelp1968
Posted 07 July 2012 - 12:53 PM

    New Member

  • Members
  • Pip
  • 13 posts
Phew :-)

Thanks for the detailed instructions. I think I followed everything as you wanted me to.

1) I downloaded Revo Uninstaller and successfully removed the programs you had listed to be removed.

2) I downloaded the latest Adobe from the link you provided.

3) I installed Java from the link you provided.

4) I installed CCleaner and cleaned out the temp files.

5) I ran MBAM and here is the log:

================================================================
Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.07.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Neetu :: NEETU-PC [administrator]

Protection: Enabled

7/7/2012 1:28:11 PM

mbam-log-2012-07-07 (13-28-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205573

Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

================================================================

6) I ran HijackThis and here is the log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:44:23 PM, on 7/7/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\QuickTime\qttask.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\Neetu\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Windows\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Users\Neetu\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} -

C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security
Suite\Engine\4.4.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Skytel] Skytel.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f

O4 - HKCU\..\RunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7
\bin\jp2iexp.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12
\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: CabBuilder - http://ak.imgag.com/...llerControl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://img4.orkut.co...otouploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.h...osticsVista.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-cent...bin/actxcab.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pn...veX_Control.cab

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com...cx-ch-spvod.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12
\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.4.0.12
\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 14658 bytes


================================================================

================================================================

7) During the course of the above operations Norton alerted me to these activities on my computer:

Risk: High
Title: Trojan.Zeroaccess.B requires manual removal


Severity: High
Activity: 00000008.@.vir (Trojan.Gen) detected by Virus Scanner
Status: Quarantined
Date & Time: Saturday, July 07, 2012 1.01 p.m. EST

Severity: High
Activity: n.vir (Trojan.Gen) detected by Virus Scanner
Status: Quarantined
Date & Time: Saturday, July 07, 2012 11.13 a.m. EST

8) Computer seems to be running all right. No more virus alerst other than the ones posted above.

Performance seems to be good so far.

Thanks,

#20
gringo_pr
Posted 07 July 2012 - 02:22 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 6,557 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
      O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
      O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
      O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
      O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\RunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f
      O4 - HKCU\..\RunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
      O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

      NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know
If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic
Please Only Copy And Paste Reports Into Topic - Do Not Attach
My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us