needhelp1968
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by needhelp1968
-
-
Hello.
1) I ran delfile.bat and deleted the files.
2) We had not used DeFogger during this thread so I didn't mess with it.
3) I uninstalled Combofix.
4) I ran OTCleanIt
5) As recommended by you, I will be keeping Revo & CCleaner.
I already have MBAM (Pro) running.
6) Security Programs:
I have Norton & MBAM. I also installed the free version of WinPatrol.
I also have Search and Destroy. It is still running, From the initial look of it, both SD and WinPatrol seem to be kind of same. Yes?
I get Norton free from the internet provider. But I am willing to switch to Security Essentials if you think MSE has better security than Norton.
7) I also ran Windows Update and downloaded some updates. It is set to automatically download updates.
8) I reviewed the safety links you sent and will keep those in mind while online.
9) The computer seems to be working fine.
Performance is good.
Boot up was faster.
IE is working normally. No malicious websites are being opened.
Questions for you:
===============
1) Do you recommend using a different browser? So far I am using IE. I also downloaded Chrome now.
Do you recommend Opera or Firefox or some other browser since IE has more vulnerabilities?
2) MSE or Norton?
3) Some of the programs that we removed from the start up script, if I need to add some of them back, how do I do it?
Thank you very much. I really appreciate your help in cleaning up my computer.
I will post back in another 24 hours or so with an update on how the computer is doing.
Thanks again!
-
Hello!
1) I ran HijackThis and fixed the items you mentioned.
2) I ran the ESET Scan and here is the log:
======================================
C:\FRST\Quarantine\services.exe Win32/Sirefef.FB.Gen trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan
C:\Users\Neetu\Documents\Downloads\VeohWebPlayerSetup_eng.exe Win32/OpenCandy application
C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe a variant of Win32/InstallCore.D application
======================================
Thanks.
-
Phew :-)
Thanks for the detailed instructions. I think I followed everything as you wanted me to.
1) I downloaded Revo Uninstaller and successfully removed the programs you had listed to be removed.
2) I downloaded the latest Adobe from the link you provided.
3) I installed Java from the link you provided.
4) I installed CCleaner and cleaned out the temp files.
5) I ran MBAM and here is the log:
================================================================
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Database version: v2012.07.07.06
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Neetu :: NEETU-PC [administrator]
Protection: Enabled
7/7/2012 1:28:11 PM
mbam-log-2012-07-07 (13-28-11).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205573
Time elapsed: 10 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
================================================================
6) I ran HijackThis and here is the log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:44:23 PM, on 7/7/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\Neetu\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Users\Neetu\Downloads\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} -
C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security
Suite\Engine\4.4.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f
O4 - HKCU\..\RunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7
\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12
\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet
Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -
http://img4.orkut.com/activex/10036/photouploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com/soft/vjocx-ch-spvod.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12
\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.4.0.12
\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
--
End of file - 14658 bytes
================================================================
================================================================
7) During the course of the above operations Norton alerted me to these activities on my computer:
Risk: High
Title: Trojan.Zeroaccess.B requires manual removal
Severity: High
Activity: 00000008.@.vir (Trojan.Gen) detected by Virus Scanner
Status: Quarantined
Date & Time: Saturday, July 07, 2012 1.01 p.m. EST
Severity: High
Activity: n.vir (Trojan.Gen) detected by Virus Scanner
Status: Quarantined
Date & Time: Saturday, July 07, 2012 11.13 a.m. EST
8) Computer seems to be running all right. No more virus alerst other than the ones posted above.
Performance seems to be good so far.
Thanks,
-
Hello
1) Created CFScript.txt and dragged it to Combofix.exe
2) Combofix started executing, it then prompted me that a new version of combofix was available and asked if it should upgrade.
I said yes, it did so and continued.
3) Here is the log it produced after executing:
===================================================================
ComboFix 12-07-06.02 - Neetu 07/06/2012 14:34:27.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.784 [GMT -4:00]
Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\users\Neetu\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\blekkotb_031\blEKkotb_019x.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 18:46 . 2012-07-06 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 21:14 . 2012-07-04 21:14 -------- d-----w- C:\FRST
2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee
2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files
2012-07-01 22:23 . 2012-07-06 14:47 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012
2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG
2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG
2012-07-01 22:18 . 2012-07-06 14:47 -------- d-----w- c:\programdata\MFAData
2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars
2012-07-01 22:16 . 2012-07-06 18:45 -------- d-----w- c:\program files\blekkotb_031
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031
2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro
2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data
2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE
2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel
2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 16:12 . 2012-07-04 16:55 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 30564131
*NewlyCreated* - ASWMBR
*Deregistered* - 30564131
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 14:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-06 14:49:41
ComboFix-quarantined-files.txt 2012-07-06 18:49
ComboFix2.txt 2012-07-06 04:46
ComboFix3.txt 2012-07-04 07:14
.
Pre-Run: 15,417,815,040 bytes free
Post-Run: 15,365,451,776 bytes free
.
- - End Of File - - 2007045B78FE54BB542DA2827B4EC817
===================================================================
4) Computer is running fine now, no lagging or slowness. No more prompts of viruses or trojans.
I uninstalled AVG anti-virus. Only running Norton now.
Norton is enabled now. Hasn't alerted me to any threats yet.
Thank you!
-
Hello!
1) When I booted up my computer, Malwarebytes Pro didn't start up.
Instead I got this message:
[OpenEvent] Failed to perform desired action. Error Code: 2
I clicked ok and proceeded.
2) Disabled AVG and Norton anti-virus.
3) Ran TDSSKiller. Here is the log:
10:41:04.0949 6984 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
10:41:05.0271 6984 ============================================================
10:41:05.0271 6984 Current date / time: 2012/07/06 10:41:05.0271
10:41:05.0271 6984 SystemInfo:
10:41:05.0271 6984
10:41:05.0271 6984 OS Version: 6.0.6002 ServicePack: 2.0
10:41:05.0271 6984 Product type: Workstation
10:41:05.0271 6984 ComputerName: NEETU-PC
10:41:05.0272 6984 UserName: Neetu
10:41:05.0272 6984 Windows directory: C:\Windows
10:41:05.0272 6984 System windows directory: C:\Windows
10:41:05.0272 6984 Processor architecture: Intel x86
10:41:05.0272 6984 Number of processors: 2
10:41:05.0272 6984 Page size: 0x1000
10:41:05.0272 6984 Boot type: Normal boot
10:41:05.0272 6984 ============================================================
10:41:09.0183 6984 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:41:09.0217 6984 ============================================================
10:41:09.0217 6984 \Device\Harddisk0\DR0:
10:41:09.0236 6984 MBR partitions:
10:41:09.0236 6984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800
10:41:09.0236 6984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000
10:41:09.0236 6984 ============================================================
10:41:09.0751 6984 C: <-> \Device\Harddisk0\DR0\Partition0
10:41:09.0879 6984 D: <-> \Device\Harddisk0\DR0\Partition1
10:41:09.0880 6984 ============================================================
10:41:09.0880 6984 Initialize success
10:41:09.0880 6984 ============================================================
10:41:50.0186 3720 ============================================================
10:41:50.0186 3720 Scan started
10:41:50.0186 3720 Mode: Manual;
10:41:50.0186 3720 ============================================================
10:41:53.0766 3720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:41:53.0773 3720 ACPI - ok
10:41:53.0848 3720 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
10:41:53.0858 3720 adp94xx - ok
10:41:53.0900 3720 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
10:41:53.0908 3720 adpahci - ok
10:41:53.0937 3720 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
10:41:53.0941 3720 adpu160m - ok
10:41:53.0971 3720 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
10:41:53.0975 3720 adpu320 - ok
10:41:54.0029 3720 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
10:41:54.0031 3720 AeLookupSvc - ok
10:41:54.0122 3720 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
10:41:54.0128 3720 AFD - ok
10:41:54.0202 3720 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
10:41:54.0204 3720 AgereModemAudio - ok
10:41:54.0322 3720 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys
10:41:54.0350 3720 AgereSoftModem - ok
10:41:54.0412 3720 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
10:41:54.0415 3720 agp440 - ok
10:41:54.0453 3720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:41:54.0456 3720 aic78xx - ok
10:41:54.0498 3720 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
10:41:54.0499 3720 ALG - ok
10:41:54.0513 3720 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
10:41:54.0515 3720 aliide - ok
10:41:54.0547 3720 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
10:41:54.0549 3720 amdagp - ok
10:41:54.0583 3720 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
10:41:54.0585 3720 amdide - ok
10:41:54.0620 3720 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
10:41:54.0622 3720 AmdK7 - ok
10:41:54.0733 3720 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
10:41:54.0736 3720 AmdK8 - ok
10:41:54.0802 3720 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
10:41:54.0803 3720 Appinfo - ok
10:41:54.0849 3720 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
10:41:54.0852 3720 arc - ok
10:41:54.0886 3720 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
10:41:54.0889 3720 arcsas - ok
10:41:55.0108 3720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
10:41:55.0220 3720 aspnet_state - ok
10:41:55.0278 3720 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:41:55.0281 3720 AsyncMac - ok
10:41:55.0330 3720 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:41:55.0376 3720 atapi - ok
10:41:56.0408 3720 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys
10:41:56.0678 3720 athr - ok
10:41:57.0461 3720 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:41:57.0498 3720 AudioEndpointBuilder - ok
10:41:57.0512 3720 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
10:41:57.0518 3720 Audiosrv - ok
10:41:59.0112 3720 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
10:41:59.0284 3720 Automatic LiveUpdate Scheduler - ok
10:42:06.0030 3720 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files\AVG\AVG2012\avgidsagent.exe
10:42:08.0300 3720 AVGIDSAgent - ok
10:42:10.0965 3720 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
10:42:10.0971 3720 AVGIDSDriver - ok
10:42:11.0124 3720 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
10:42:11.0126 3720 AVGIDSFilter - ok
10:42:11.0217 3720 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
10:42:11.0236 3720 AVGIDSHX - ok
10:42:11.0334 3720 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
10:42:11.0351 3720 AVGIDSShim - ok
10:42:11.0668 3720 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
10:42:11.0695 3720 Avgldx86 - ok
10:42:11.0831 3720 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:42:11.0851 3720 Avgmfx86 - ok
10:42:12.0064 3720 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:42:12.0075 3720 Avgrkx86 - ok
10:42:12.0833 3720 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
10:42:12.0870 3720 Avgtdix - ok
10:42:13.0490 3720 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
10:42:13.0533 3720 avgwd - ok
10:42:14.0275 3720 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:42:14.0386 3720 b57nd60x - ok
10:42:14.0897 3720 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:42:15.0160 3720 BCM43XV - ok
10:42:15.0194 3720 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:42:15.0200 3720 BCM43XX - ok
10:42:15.0279 3720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:42:15.0296 3720 Beep - ok
10:42:15.0798 3720 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
10:42:15.0825 3720 BFE - ok
10:42:16.0962 3720 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
10:42:17.0709 3720 BHDrvx86 - ok
10:42:19.0403 3720 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
10:42:19.0823 3720 BITS - ok
10:42:19.0885 3720 blbdrive - ok
10:42:20.0365 3720 Bonjour Service (cc4e72a0fa7f62175c8bb42ba2caa3d5) C:\Program Files\Bonjour\mDNSResponder.exe
10:42:20.0372 3720 Bonjour Service - ok
10:42:20.0783 3720 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:42:20.0826 3720 bowser - ok
10:42:21.0192 3720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:42:21.0267 3720 BrFiltLo - ok
10:42:21.0411 3720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:42:21.0467 3720 BrFiltUp - ok
10:42:21.0842 3720 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
10:42:21.0868 3720 Browser - ok
10:42:22.0113 3720 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:42:22.0163 3720 Brserid - ok
10:42:22.0384 3720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:42:22.0399 3720 BrSerWdm - ok
10:42:22.0463 3720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:42:22.0476 3720 BrUsbMdm - ok
10:42:22.0679 3720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:42:22.0682 3720 BrUsbSer - ok
10:42:22.0895 3720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:42:22.0899 3720 BTHMODEM - ok
10:42:27.0096 3720 catchme - ok
10:42:29.0136 3720 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys
10:42:29.0260 3720 ccHP - ok
10:42:29.0874 3720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:42:29.0920 3720 cdfs - ok
10:42:30.0292 3720 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:42:30.0350 3720 cdrom - ok
10:42:30.0542 3720 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:42:30.0562 3720 CertPropSvc - ok
10:42:30.0912 3720 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
10:42:30.0923 3720 circlass - ok
10:42:31.0934 3720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:42:32.0000 3720 CLFS - ok
10:42:32.0798 3720 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:42:32.0976 3720 clr_optimization_v2.0.50727_32 - ok
10:42:33.0908 3720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:42:34.0474 3720 clr_optimization_v4.0.30319_32 - ok
10:42:34.0801 3720 CLTNetCnService - ok
10:42:34.0923 3720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:42:34.0940 3720 CmBatt - ok
10:42:35.0046 3720 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
10:42:35.0059 3720 cmdide - ok
10:42:35.0218 3720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:42:35.0233 3720 Compbatt - ok
10:42:35.0240 3720 COMSysApp - ok
10:42:35.0351 3720 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
10:42:35.0353 3720 crcdisk - ok
10:42:35.0465 3720 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
10:42:35.0473 3720 Crusoe - ok
10:42:35.0957 3720 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
10:42:35.0991 3720 CryptSvc - ok
10:42:37.0830 3720 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:42:38.0073 3720 DcomLaunch - ok
10:42:38.0414 3720 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
10:42:38.0460 3720 DfsC - ok
10:42:41.0499 3720 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
10:42:41.0765 3720 DFSR - ok
10:42:42.0310 3720 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
10:42:42.0333 3720 Dhcp - ok
10:42:42.0613 3720 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:42:42.0674 3720 disk - ok
10:42:43.0030 3720 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
10:42:43.0118 3720 DKbFltr - ok
10:42:43.0568 3720 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
10:42:43.0571 3720 Dnscache - ok
10:42:45.0903 3720 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
10:42:46.0011 3720 dot3svc - ok
10:42:48.0395 3720 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
10:42:48.0813 3720 Dot4 - ok
10:42:49.0333 3720 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:42:49.0351 3720 Dot4Print - ok
10:42:49.0821 3720 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
10:42:49.0860 3720 dot4usb - ok
10:42:51.0236 3720 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
10:42:51.0283 3720 DPS - ok
10:42:51.0428 3720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:42:51.0479 3720 drmkaud - ok
10:42:53.0529 3720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:42:53.0827 3720 DXGKrnl - ok
10:42:54.0851 3720 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:42:54.0887 3720 E1G60 - ok
10:42:55.0264 3720 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
10:42:55.0311 3720 EapHost - ok
10:42:57.0936 3720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:42:58.0621 3720 Ecache - ok
10:43:05.0086 3720 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
10:43:05.0298 3720 eDataSecurity Service - ok
10:43:08.0556 3720 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:43:09.0030 3720 eeCtrl - ok
10:43:13.0376 3720 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
10:43:13.0677 3720 ehRecvr - ok
10:43:14.0871 3720 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
10:43:14.0962 3720 ehSched - ok
10:43:15.0235 3720 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
10:43:15.0266 3720 ehstart - ok
10:43:15.0649 3720 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
10:43:15.0693 3720 eLockService - ok
10:43:26.0490 3720 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
10:43:26.0585 3720 elxstor - ok
10:43:29.0043 3720 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
10:43:29.0240 3720 EMDMgmt - ok
10:43:30.0525 3720 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe
10:43:30.0678 3720 eNet Service - ok
10:43:31.0719 3720 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:43:31.0733 3720 EraserUtilRebootDrv - ok
10:43:32.0061 3720 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
10:43:32.0087 3720 eRecoveryService - ok
10:43:32.0254 3720 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
10:43:32.0285 3720 eSettingsService - ok
10:43:33.0223 3720 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
10:43:33.0361 3720 EventSystem - ok
10:43:34.0341 3720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:43:34.0375 3720 exfat - ok
10:43:34.0638 3720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:43:34.0765 3720 fastfat - ok
10:43:34.0907 3720 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
10:43:34.0910 3720 fdc - ok
10:43:34.0987 3720 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
10:43:34.0990 3720 fdPHost - ok
10:43:35.0171 3720 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
10:43:35.0201 3720 FDResPub - ok
10:43:35.0447 3720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:43:35.0482 3720 FileInfo - ok
10:43:35.0764 3720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:43:35.0944 3720 Filetrace - ok
10:43:36.0065 3720 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
10:43:36.0078 3720 flpydisk - ok
10:43:36.0503 3720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:43:36.0949 3720 FltMgr - ok
10:43:40.0933 3720 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
10:43:41.0466 3720 FontCache - ok
10:43:41.0874 3720 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:43:41.0882 3720 FontCache3.0.0.0 - ok
10:43:42.0035 3720 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
10:43:42.0063 3720 Fs_Rec - ok
10:43:42.0525 3720 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
10:43:42.0556 3720 gagp30kx - ok
10:43:42.0736 3720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:43:42.0791 3720 GEARAspiWDM - ok
10:43:45.0196 3720 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
10:43:45.0499 3720 gpsvc - ok
10:43:45.0782 3720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:43:45.0815 3720 HdAudAddService - ok
10:43:46.0904 3720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:43:47.0295 3720 HDAudBus - ok
10:43:47.0438 3720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:43:47.0553 3720 HidBth - ok
10:43:48.0027 3720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:43:48.0036 3720 HidIr - ok
10:43:48.0477 3720 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
10:43:48.0486 3720 hidserv - ok
10:43:48.0695 3720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:43:48.0767 3720 HidUsb - ok
10:43:49.0095 3720 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
10:43:49.0129 3720 hkmsvc - ok
10:43:49.0231 3720 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
10:43:49.0254 3720 HpCISSs - ok
10:43:50.0610 3720 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:43:50.0776 3720 HSFHWAZL - ok
10:43:52.0565 3720 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
10:43:53.0143 3720 HSF_DPV - ok
10:43:53.0318 3720 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:43:53.0514 3720 HTTP - ok
10:43:54.0362 3720 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
10:43:54.0405 3720 i2omp - ok
10:43:56.0223 3720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:43:56.0315 3720 i8042prt - ok
10:43:57.0477 3720 IAANTMON (204a73a56751c68c6031e9d5d611ec98) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
10:43:57.0527 3720 IAANTMON - ok
10:44:14.0279 3720 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:44:15.0362 3720 ialm - ok
10:44:17.0657 3720 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
10:44:17.0662 3720 iaStor - ok
10:44:18.0075 3720 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
10:44:18.0182 3720 iaStorV - ok
10:44:18.0649 3720 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
10:44:18.0691 3720 IDriverT - ok
10:44:20.0798 3720 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:44:21.0215 3720 idsvc - ok
10:44:26.0103 3720 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120705.001\IDSvix86.sys
10:44:26.0821 3720 IDSVix86 - ok
10:44:40.0666 3720 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
10:44:40.0685 3720 igfx - ok
10:44:42.0731 3720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:44:42.0733 3720 iirsp - ok
10:44:44.0520 3720 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
10:44:44.0602 3720 IKEEXT - ok
10:44:44.0739 3720 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys
10:44:44.0749 3720 int15 - ok
10:44:49.0610 3720 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys
10:44:50.0498 3720 IntcAzAudAddService - ok
10:44:52.0531 3720 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:44:52.0548 3720 intelide - ok
10:44:52.0797 3720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:44:52.0967 3720 intelppm - ok
10:44:53.0291 3720 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
10:44:53.0350 3720 IPBusEnum - ok
10:44:53.0648 3720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:44:53.0651 3720 IpFilterDriver - ok
10:44:54.0195 3720 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
10:44:54.0370 3720 iphlpsvc - ok
10:44:54.0379 3720 IpInIp - ok
10:44:54.0498 3720 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
10:44:54.0532 3720 IPMIDRV - ok
10:44:55.0291 3720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:44:55.0420 3720 IPNAT - ok
10:44:56.0136 3720 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
10:44:56.0154 3720 irda - ok
10:44:56.0394 3720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:44:56.0452 3720 IRENUM - ok
10:44:57.0040 3720 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll
10:44:57.0099 3720 Irmon - ok
10:44:57.0423 3720 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
10:44:57.0454 3720 isapnp - ok
10:44:58.0069 3720 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:44:58.0178 3720 iScsiPrt - ok
10:44:58.0372 3720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:44:58.0375 3720 iteatapi - ok
10:44:58.0547 3720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:44:58.0574 3720 iteraid - ok
10:44:58.0834 3720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:44:58.0870 3720 kbdclass - ok
10:44:58.0978 3720 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
10:44:59.0012 3720 kbdhid - ok
10:44:59.0156 3720 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:44:59.0170 3720 KeyIso - ok
10:45:01.0219 3720 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
10:45:01.0362 3720 KSecDD - ok
10:45:02.0382 3720 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
10:45:02.0540 3720 KtmRm - ok
10:45:03.0138 3720 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
10:45:03.0151 3720 LanmanServer - ok
10:45:03.0795 3720 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
10:45:03.0826 3720 LanmanWorkstation - ok
10:45:04.0256 3720 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:45:04.0259 3720 LightScribeService - ok
10:45:05.0370 3720 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
10:45:05.0482 3720 LiveUpdate - ok
10:45:06.0758 3720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:45:06.0761 3720 lltdio - ok
10:45:06.0962 3720 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
10:45:06.0968 3720 lltdsvc - ok
10:45:07.0143 3720 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
10:45:07.0160 3720 lmhosts - ok
10:45:07.0244 3720 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
10:45:07.0247 3720 LSI_FC - ok
10:45:07.0291 3720 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
10:45:07.0294 3720 LSI_SAS - ok
10:45:07.0335 3720 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
10:45:07.0338 3720 LSI_SCSI - ok
10:45:07.0382 3720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:45:07.0386 3720 luafv - ok
10:45:07.0486 3720 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
10:45:07.0501 3720 MBAMProtector - ok
10:45:07.0990 3720 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
10:45:08.0005 3720 MBAMService - ok
10:45:08.0037 3720 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
10:45:08.0042 3720 Mcx2Svc - ok
10:45:08.0085 3720 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
10:45:08.0087 3720 megasas - ok
10:45:08.0182 3720 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:45:08.0186 3720 Microsoft Office Groove Audit Service - ok
10:45:08.0237 3720 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:45:08.0240 3720 MMCSS - ok
10:45:08.0296 3720 MobilityService - ok
10:45:08.0402 3720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:45:08.0404 3720 Modem - ok
10:45:08.0482 3720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:45:08.0484 3720 monitor - ok
10:45:08.0595 3720 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:45:08.0597 3720 mouclass - ok
10:45:08.0645 3720 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:45:08.0650 3720 mouhid - ok
10:45:08.0794 3720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:45:08.0798 3720 MountMgr - ok
10:45:08.0962 3720 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
10:45:08.0966 3720 mpio - ok
10:45:09.0107 3720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:45:09.0110 3720 mpsdrv - ok
10:45:09.0172 3720 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
10:45:09.0221 3720 MpsSvc - ok
10:45:09.0306 3720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:45:09.0309 3720 Mraid35x - ok
10:45:09.0355 3720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:45:09.0358 3720 MRxDAV - ok
10:45:09.0411 3720 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:45:09.0415 3720 mrxsmb - ok
10:45:09.0508 3720 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:45:09.0551 3720 mrxsmb10 - ok
10:45:09.0575 3720 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:45:09.0578 3720 mrxsmb20 - ok
10:45:09.0628 3720 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
10:45:09.0630 3720 msahci - ok
10:45:09.0652 3720 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
10:45:09.0696 3720 msdsm - ok
10:45:09.0797 3720 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
10:45:09.0802 3720 MSDTC - ok
10:45:09.0903 3720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:45:09.0906 3720 Msfs - ok
10:45:09.0957 3720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:45:09.0959 3720 msisadrv - ok
10:45:10.0021 3720 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
10:45:10.0025 3720 MSiSCSI - ok
10:45:10.0059 3720 msiserver - ok
10:45:10.0091 3720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:45:10.0093 3720 MSKSSRV - ok
10:45:10.0143 3720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:45:10.0145 3720 MSPCLOCK - ok
10:45:10.0156 3720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:45:10.0158 3720 MSPQM - ok
10:45:10.0283 3720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:45:10.0288 3720 MsRPC - ok
10:45:10.0358 3720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:45:10.0360 3720 mssmbios - ok
10:45:10.0418 3720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:45:10.0420 3720 MSTEE - ok
10:45:10.0454 3720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:45:10.0456 3720 Mup - ok
10:45:11.0011 3720 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
10:45:11.0038 3720 N360 - ok
10:45:11.0250 3720 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
10:45:11.0281 3720 napagent - ok
10:45:12.0895 3720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:45:12.0919 3720 NativeWifiP - ok
10:45:13.0397 3720 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.036\NAVENG.SYS
10:45:13.0402 3720 NAVENG - ok
10:45:14.0083 3720 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.036\NAVEX15.SYS
10:45:14.0174 3720 NAVEX15 - ok
10:45:15.0071 3720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:45:15.0087 3720 NDIS - ok
10:45:15.0209 3720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:45:15.0222 3720 NdisTapi - ok
10:45:15.0254 3720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:45:15.0256 3720 Ndisuio - ok
10:45:15.0390 3720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:45:15.0394 3720 NdisWan - ok
10:45:15.0825 3720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:45:16.0056 3720 NDProxy - ok
10:45:16.0268 3720 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
10:45:16.0272 3720 Net Driver HPZ12 - ok
10:45:16.0497 3720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:45:16.0526 3720 NetBIOS - ok
10:45:16.0560 3720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:45:16.0565 3720 netbt - ok
10:45:16.0612 3720 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:16.0614 3720 Netlogon - ok
10:45:17.0112 3720 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
10:45:17.0125 3720 Netman - ok
10:45:17.0490 3720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:17.0513 3720 NetMsmqActivator - ok
10:45:17.0526 3720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:17.0530 3720 NetPipeActivator - ok
10:45:18.0108 3720 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
10:45:18.0116 3720 netprofm - ok
10:45:18.0126 3720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:18.0128 3720 NetTcpActivator - ok
10:45:18.0137 3720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
10:45:18.0139 3720 NetTcpPortSharing - ok
10:45:19.0379 3720 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
10:45:20.0245 3720 NETw3v32 - ok
10:45:20.0727 3720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:45:20.0731 3720 nfrd960 - ok
10:45:21.0045 3720 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
10:45:21.0079 3720 NlaSvc - ok
10:45:21.0175 3720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:45:21.0189 3720 Npfs - ok
10:45:21.0278 3720 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
10:45:21.0281 3720 NSCIRDA - ok
10:45:21.0378 3720 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
10:45:21.0381 3720 nsi - ok
10:45:21.0444 3720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:45:21.0466 3720 nsiproxy - ok
10:45:22.0182 3720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:45:22.0378 3720 Ntfs - ok
10:45:22.0488 3720 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
10:45:22.0514 3720 NTIDrvr - ok
10:45:22.0534 3720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:45:22.0536 3720 ntrigdigi - ok
10:45:22.0590 3720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:45:22.0603 3720 Null - ok
10:45:22.0810 3720 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
10:45:22.0814 3720 nvraid - ok
10:45:22.0883 3720 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
10:45:22.0886 3720 nvstor - ok
10:45:22.0965 3720 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
10:45:22.0969 3720 nv_agp - ok
10:45:22.0976 3720 NwlnkFlt - ok
10:45:22.0995 3720 NwlnkFwd - ok
10:45:23.0641 3720 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:45:23.0655 3720 odserv - ok
10:45:23.0822 3720 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
10:45:23.0824 3720 ohci1394 - ok
10:45:23.0880 3720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:45:23.0915 3720 ose - ok
10:45:24.0172 3720 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:24.0196 3720 p2pimsvc - ok
10:45:24.0212 3720 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:24.0220 3720 p2psvc - ok
10:45:24.0269 3720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:45:24.0273 3720 Parport - ok
10:45:24.0341 3720 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
10:45:24.0351 3720 partmgr - ok
10:45:24.0429 3720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:45:24.0432 3720 Parvdm - ok
10:45:25.0126 3720 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
10:45:25.0129 3720 PcaSvc - ok
10:45:25.0236 3720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:45:25.0242 3720 pci - ok
10:45:25.0346 3720 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
10:45:25.0360 3720 pciide - ok
10:45:26.0040 3720 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
10:45:26.0047 3720 pcmcia - ok
10:45:27.0975 3720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:45:28.0257 3720 PEAUTH - ok
10:45:30.0678 3720 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
10:45:31.0252 3720 pla - ok
10:45:32.0189 3720 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
10:45:32.0236 3720 PlugPlay - ok
10:45:32.0322 3720 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
10:45:32.0332 3720 Pml Driver HPZ12 - ok
10:45:32.0851 3720 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:32.0859 3720 PNRPAutoReg - ok
10:45:32.0876 3720 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
10:45:32.0884 3720 PNRPsvc - ok
10:45:34.0057 3720 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
10:45:34.0092 3720 PolicyAgent - ok
10:45:34.0919 3720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:45:34.0937 3720 PptpMiniport - ok
10:45:34.0980 3720 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
10:45:34.0983 3720 Processor - ok
10:45:35.0216 3720 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
10:45:35.0306 3720 ProfSvc - ok
10:45:35.0389 3720 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:45:35.0391 3720 ProtectedStorage - ok
10:45:35.0995 3720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:45:36.0005 3720 PSched - ok
10:45:36.0128 3720 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys
10:45:36.0130 3720 PSDFilter - ok
10:45:36.0224 3720 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys
10:45:36.0227 3720 PSDNServ - ok
10:45:36.0524 3720 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys
10:45:36.0540 3720 psdvdisk - ok
10:45:36.0729 3720 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
10:45:36.0747 3720 PxHelp20 - ok
10:45:42.0810 3720 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
10:45:43.0392 3720 ql2300 - ok
10:45:43.0703 3720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:45:43.0715 3720 ql40xx - ok
10:45:43.0942 3720 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
10:45:43.0965 3720 QWAVE - ok
10:45:44.0122 3720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:45:44.0126 3720 QWAVEdrv - ok
10:45:44.0194 3720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:45:44.0197 3720 RasAcd - ok
10:45:44.0535 3720 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
10:45:44.0581 3720 RasAuto - ok
10:45:44.0902 3720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:45:44.0910 3720 Rasl2tp - ok
10:45:45.0197 3720 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
10:45:45.0209 3720 RasMan - ok
10:45:45.0361 3720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:45:45.0411 3720 RasPppoe - ok
10:45:45.0891 3720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:45:46.0296 3720 RasSstp - ok
10:45:46.0811 3720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:45:46.0817 3720 rdbss - ok
10:45:46.0920 3720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:45:46.0948 3720 RDPCDD - ok
10:45:47.0068 3720 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
10:45:47.0074 3720 rdpdr - ok
10:45:47.0126 3720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:45:47.0139 3720 RDPENCDD - ok
10:45:47.0701 3720 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
10:45:54.0720 3720 RDPWD - ok
10:45:55.0781 3720 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
10:45:56.0339 3720 RemoteAccess - ok
10:45:57.0741 3720 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
10:45:58.0518 3720 RemoteRegistry - ok
10:45:59.0617 3720 RichVideo (2de0a33a7e58bedc8d70b1940e0ffe28) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
10:46:00.0782 3720 RichVideo - ok
10:46:00.0844 3720 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
10:46:00.0879 3720 RpcLocator - ok
10:46:01.0187 3720 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
10:46:01.0765 3720 RpcSs - ok
10:46:02.0946 3720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:46:03.0254 3720 rspndr - ok
10:46:03.0334 3720 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:46:03.0459 3720 RTL8169 - ok
10:46:03.0543 3720 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
10:46:04.0336 3720 SamSs - ok
10:46:04.0413 3720 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:46:04.0930 3720 sbp2port - ok
10:46:06.0049 3720 SBSDWSCService (a0c00a6265949ac72ab51b711743ca6d) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
10:46:07.0222 3720 SBSDWSCService - ok
10:46:07.0549 3720 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
10:46:07.0802 3720 SCardSvr - ok
10:46:08.0383 3720 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
10:46:08.0925 3720 Schedule - ok
10:46:08.0972 3720 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
10:46:09.0856 3720 SCPolicySvc - ok
10:46:10.0261 3720 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
10:46:10.0663 3720 sdbus - ok
10:46:10.0716 3720 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
10:46:10.0732 3720 SDRSVC - ok
10:46:11.0284 3720 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:46:11.0877 3720 SeaPort - ok
10:46:12.0245 3720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:46:12.0271 3720 secdrv - ok
10:46:12.0571 3720 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
10:46:12.0638 3720 seclogon - ok
10:46:13.0049 3720 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
10:46:13.0131 3720 SENS - ok
10:46:13.0152 3720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:46:13.0249 3720 Serenum - ok
10:46:13.0580 3720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:46:13.0749 3720 Serial - ok
10:46:13.0860 3720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:46:14.0733 3720 sermouse - ok
10:46:14.0889 3720 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
10:46:14.0904 3720 SessionEnv - ok
10:46:14.0982 3720 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
10:46:15.0101 3720 sffdisk - ok
10:46:15.0214 3720 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
10:46:15.0421 3720 sffp_mmc - ok
10:46:15.0593 3720 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
10:46:16.0653 3720 sffp_sd - ok
10:46:16.0701 3720 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
10:46:16.0843 3720 sfloppy - ok
10:46:17.0052 3720 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
10:46:17.0096 3720 SharedAccess - ok
10:46:17.0165 3720 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
10:46:17.0917 3720 ShellHWDetection - ok
10:46:17.0957 3720 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
10:46:18.0066 3720 sisagp - ok
10:46:18.0405 3720 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
10:46:18.0532 3720 SiSRaid2 - ok
10:46:19.0318 3720 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
10:46:20.0236 3720 SiSRaid4 - ok
10:46:23.0943 3720 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
10:46:25.0705 3720 Skype C2C Service - ok
10:46:25.0996 3720 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
10:46:28.0025 3720 SkypeUpdate - ok
10:46:29.0463 3720 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
10:46:30.0394 3720 slsvc - ok
10:46:31.0049 3720 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
10:46:31.0235 3720 SLUINotify - ok
10:46:31.0310 3720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:46:31.0412 3720 Smb - ok
10:46:31.0452 3720 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
10:46:31.0459 3720 SNMPTRAP - ok
10:46:31.0725 3720 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys
10:46:32.0076 3720 SNP2UVC - ok
10:46:32.0502 3720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:46:32.0509 3720 spldr - ok
10:46:32.0592 3720 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
10:46:32.0802 3720 Spooler - ok
10:46:32.0974 3720 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS
10:46:33.0120 3720 SRTSP - ok
10:46:33.0162 3720 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS
10:46:33.0244 3720 SRTSPX - ok
10:46:33.0295 3720 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:46:33.0433 3720 srv - ok
10:46:33.0477 3720 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
10:46:33.0548 3720 srv2 - ok
10:46:33.0592 3720 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
10:46:33.0654 3720 srvnet - ok
10:46:33.0711 3720 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
10:46:33.0722 3720 SSDPSRV - ok
10:46:33.0765 3720 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
10:46:33.0806 3720 SstpSvc - ok
10:46:33.0899 3720 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
10:46:33.0972 3720 StillCam - ok
10:46:34.0032 3720 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
10:46:34.0728 3720 stisvc - ok
10:46:34.0906 3720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:46:34.0967 3720 swenum - ok
10:46:35.0196 3720 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
10:46:35.0320 3720 swprv - ok
10:46:35.0420 3720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:46:35.0521 3720 Symc8xx - ok
10:46:35.0677 3720 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS
10:46:36.0081 3720 SymDS - ok
10:46:36.0416 3720 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS
10:46:36.0729 3720 SymEFA - ok
10:46:37.0027 3720 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS
10:46:37.0282 3720 SymEvent - ok
10:46:37.0548 3720 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS
10:46:38.0001 3720 SymIRON - ok
10:46:38.0094 3720 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS
10:46:38.0308 3720 SYMTDIv - ok
10:46:38.0367 3720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:46:38.0477 3720 Sym_hi - ok
10:46:38.0584 3720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:46:38.0649 3720 Sym_u3 - ok
10:46:38.0758 3720 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys
10:46:39.0049 3720 SynTP - ok
10:46:39.0433 3720 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
10:46:39.0532 3720 SysMain - ok
10:46:39.0599 3720 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
10:46:39.0609 3720 TabletInputService - ok
10:46:39.0678 3720 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
10:46:39.0768 3720 TapiSrv - ok
10:46:39.0956 3720 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
10:46:40.0013 3720 TBS - ok
10:46:40.0327 3720 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
10:46:40.0427 3720 Tcpip - ok
10:46:40.0444 3720 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
10:46:40.0453 3720 Tcpip6 - ok
10:46:40.0710 3720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:46:41.0188 3720 tcpipreg - ok
10:46:41.0257 3720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:46:41.0362 3720 TDPIPE - ok
10:46:41.0422 3720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:46:41.0554 3720 TDTCP - ok
10:46:42.0394 3720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:46:42.0516 3720 tdx - ok
10:46:42.0562 3720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:46:42.0725 3720 TermDD - ok
10:46:42.0998 3720 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
10:46:43.0075 3720 TermService - ok
10:46:43.0154 3720 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
10:46:43.0159 3720 Themes - ok
10:46:43.0217 3720 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
10:46:43.0230 3720 THREADORDER - ok
10:46:43.0399 3720 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys
10:46:43.0578 3720 tifm21 - ok
10:46:43.0649 3720 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
10:46:43.0661 3720 TrkWks - ok
10:46:43.0747 3720 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
10:46:43.0804 3720 TrustedInstaller - ok
10:46:44.0125 3720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:46:44.0404 3720 tssecsrv - ok
10:46:44.0476 3720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:46:44.0546 3720 tunmp - ok
10:46:44.0592 3720 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:46:44.0636 3720 tunnel - ok
10:46:44.0708 3720 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
10:46:44.0817 3720 uagp35 - ok
10:46:46.0396 3720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:46:46.0799 3720 udfs - ok
10:46:47.0615 3720 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
10:46:47.0629 3720 UI0Detect - ok
10:46:48.0668 3720 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
10:46:49.0759 3720 uliagpkx - ok
10:46:51.0912 3720 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
10:46:52.0415 3720 uliahci - ok
10:46:53.0760 3720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:46:53.0986 3720 UlSata - ok
10:46:54.0562 3720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:46:55.0273 3720 ulsata2 - ok
10:46:55.0529 3720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:46:56.0111 3720 umbus - ok
10:47:00.0387 3720 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
10:47:00.0858 3720 upnphost - ok
10:47:01.0469 3720 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:47:01.0614 3720 usbccgp - ok
10:47:01.0674 3720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:47:01.0759 3720 usbcir - ok
10:47:01.0833 3720 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:47:02.0401 3720 usbehci - ok
10:47:02.0531 3720 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:47:02.0864 3720 usbhub - ok
10:47:03.0143 3720 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:47:03.0225 3720 usbohci - ok
10:47:03.0294 3720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:47:03.0383 3720 usbprint - ok
10:47:04.0339 3720 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:47:04.0404 3720 usbscan - ok
10:47:04.0451 3720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:47:04.0542 3720 USBSTOR - ok
10:47:05.0148 3720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:47:05.0216 3720 usbuhci - ok
10:47:05.0283 3720 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
10:47:05.0347 3720 usbvideo - ok
10:47:05.0415 3720 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
10:47:05.0557 3720 UxSms - ok
10:47:06.0064 3720 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
10:47:06.0379 3720 vds - ok
10:47:06.0418 3720 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
10:47:06.0507 3720 vga - ok
10:47:06.0554 3720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:47:06.0598 3720 VgaSave - ok
10:47:06.0962 3720 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
10:47:07.0003 3720 viaagp - ok
10:47:07.0214 3720 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
10:47:07.0533 3720 ViaC7 - ok
10:47:07.0579 3720 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
10:47:07.0649 3720 viaide - ok
10:47:08.0012 3720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:47:08.0031 3720 volmgr - ok
10:47:08.0105 3720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:47:08.0192 3720 volmgrx - ok
10:47:08.0255 3720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:47:08.0297 3720 volsnap - ok
10:47:08.0704 3720 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
10:47:08.0776 3720 vsmraid - ok
10:47:09.0504 3720 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
10:47:09.0555 3720 VSS - ok
10:47:10.0196 3720 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
10:47:10.0698 3720 vToolbarUpdater11.2.0 - ok
10:47:10.0964 3720 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
10:47:11.0072 3720 W32Time - ok
10:47:11.0205 3720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:47:11.0281 3720 WacomPen - ok
10:47:11.0325 3720 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:11.0432 3720 Wanarp - ok
10:47:11.0439 3720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:47:11.0441 3720 Wanarpv6 - ok
10:47:11.0825 3720 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
10:47:12.0222 3720 wcncsvc - ok
10:47:12.0566 3720 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
10:47:12.0612 3720 WcsPlugInService - ok
10:47:12.0765 3720 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
10:47:12.0875 3720 Wd - ok
10:47:14.0904 3720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:47:15.0164 3720 Wdf01000 - ok
10:47:15.0818 3720 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:47:15.0954 3720 WdiServiceHost - ok
10:47:15.0961 3720 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
10:47:15.0966 3720 WdiSystemHost - ok
10:47:16.0927 3720 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
10:47:17.0112 3720 WebClient - ok
10:47:18.0090 3720 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
10:47:18.0310 3720 Wecsvc - ok
10:47:18.0748 3720 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
10:47:18.0815 3720 wercplsupport - ok
10:47:19.0250 3720 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
10:47:19.0504 3720 WerSvc - ok
10:47:20.0731 3720 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
10:47:20.0875 3720 winachsf - ok
10:47:21.0839 3720 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
10:47:22.0382 3720 WinDefend - ok
10:47:22.0399 3720 WinHttpAutoProxySvc - ok
10:47:23.0574 3720 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
10:47:24.0275 3720 Winmgmt - ok
10:47:25.0242 3720 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
10:47:25.0838 3720 WinRM - ok
10:47:26.0104 3720 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
10:47:26.0208 3720 Wlansvc - ok
10:47:26.0787 3720 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:47:27.0082 3720 wlidsvc - ok
10:47:28.0696 3720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:47:28.0741 3720 WmiAcpi - ok
10:47:28.0839 3720 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
10:47:28.0890 3720 wmiApSrv - ok
10:47:29.0038 3720 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
10:47:29.0155 3720 WMIService - ok
10:47:29.0308 3720 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:47:29.0395 3720 WMPNetworkSvc - ok
10:47:29.0833 3720 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
10:47:29.0970 3720 WPCSvc - ok
10:47:30.0045 3720 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
10:47:30.0144 3720 WPDBusEnum - ok
10:47:30.0276 3720 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
10:47:30.0335 3720 WpdUsb - ok
10:47:30.0683 3720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:47:31.0132 3720 WPFFontCache_v0400 - ok
10:47:31.0340 3720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:47:31.0393 3720 ws2ifsl - ok
10:47:31.0491 3720 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
10:47:31.0605 3720 wscsvc - ok
10:47:31.0617 3720 WSearch - ok
10:47:32.0355 3720 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:47:32.0731 3720 wuauserv - ok
10:47:33.0132 3720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:47:33.0191 3720 WUDFRd - ok
10:47:33.0266 3720 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
10:47:33.0276 3720 wudfsvc - ok
10:47:33.0386 3720 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl
10:47:33.0398 3720 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok
10:47:33.0422 3720 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0
10:47:37.0559 3720 \Device\Harddisk0\DR0 - ok
10:47:37.0592 3720 Boot (0x1200) (0ad4c135ddd5c7c558f1b37433dd641f) \Device\Harddisk0\DR0\Partition0
10:47:37.0594 3720 \Device\Harddisk0\DR0\Partition0 - ok
10:47:37.0614 3720 Boot (0x1200) (1785dd7402a53f688825e4069d107f1f) \Device\Harddisk0\DR0\Partition1
10:47:37.0616 3720 \Device\Harddisk0\DR0\Partition1 - ok
10:47:37.0617 3720 ============================================================
10:47:37.0617 3720 Scan finished
10:47:37.0617 3720 ============================================================
10:47:37.0643 7168 Detected object count: 0
10:47:37.0643 7168 Actual detected object count: 0
4) I ran aswMBR. Here is the log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-06 10:52:31
-----------------------------
10:52:31.947 OS Version: Windows 6.0.6002 Service Pack 2
10:52:31.947 Number of processors: 2 586 0xF0D
10:52:31.949 ComputerName: NEETU-PC UserName: Neetu
10:52:42.303 Initialize success
10:56:25.112 AVAST engine defs: 12070600
10:59:36.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:59:36.665 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3
10:59:36.698 Disk 0 MBR read successfully
10:59:36.704 Disk 0 MBR scan
10:59:36.719 Disk 0 unknown MBR code
10:59:36.735 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048
10:59:36.766 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048
10:59:36.799 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264
10:59:36.821 Disk 0 scanning sectors +312578048
10:59:36.895 Disk 0 scanning C:\Windows\system32\drivers
11:00:08.164 Service scanning
11:00:54.338 Modules scanning
11:01:07.063 Disk 0 trace - called modules:
11:01:07.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
11:01:07.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860d8ac8]
11:01:07.162 3 CLASSPNP.SYS[87fb98b3] -> nt!IofCallDriver -> [0x84e0f798]
11:01:07.175 5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e15030]
11:01:08.069 AVAST engine scan C:\Windows
11:01:37.906 AVAST engine scan C:\Windows\system32
11:07:48.536 AVAST engine scan C:\Windows\system32\drivers
11:08:10.626 AVAST engine scan C:\Users\Neetu
11:14:10.076 AVAST engine scan C:\ProgramData
11:22:32.629 Scan finished successfully
11:25:49.921 Disk 0 MBR has been saved successfully to "C:\Users\Neetu\Desktop\Downloads\MBR.dat"
11:25:49.932 The log file has been saved successfully to "C:\Users\Neetu\Desktop\Downloads\aswMBR.txt"
Thank you!
-
1) I booted up the PC. Immediately Norton fired up saying "Security threats were found. These have been fixed"
2) Disabled antivirus (AVG and Norton)
3) Ran Combofix
Got an error message "Error Opening file for writing: C:\32788R22FW\pev.3XE"
Retry didn't work, so I clicked "Ignore" and proceeded
Then it executed without much fuss.
PC is performing slow.
Here is the log:
ComboFix 12-07-05.04 - Neetu 07/06/2012 0:25.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.600 [GMT -4:00]
Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC\Desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\BSTIEPrintCtl1.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))
.
.
2012-07-06 04:41 . 2012-07-06 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-04 21:14 . 2012-07-04 21:14 -------- d-----w- C:\FRST
2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee
2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files
2012-07-01 22:23 . 2012-07-06 04:04 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012
2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG
2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG
2012-07-01 22:18 . 2012-07-06 04:05 -------- d-----w- c:\programdata\MFAData
2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\program files\blekkotb_031
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031
2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro
2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data
2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE
2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel
2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 16:12 . 2012-07-04 16:55 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-06 00:42
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-06 00:46:00
ComboFix-quarantined-files.txt 2012-07-06 04:45
ComboFix2.txt 2012-07-04 07:14
.
Pre-Run: 17,980,375,040 bytes free
Post-Run: 17,534,480,384 bytes free
.
- - End Of File - - DF2F39B1F26271DD6E4E91D43E7BDAE9
-
Duhhh! Sorry and thank you!Here is the requested log (Fixlog.txt)
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-05 19:38:58 Run:1
Running from D:\
==============================================
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} moved successfully.
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} moved successfully.
==== End of Fixlog ====
-
Hello,
Sorry bit of a noob here. I wasn't fully able to understand your previous post
1) I saved the code to my flash drive as fixlist.txt
2) I entered the System Recovery Options
3) I am stuck here. Do I launch "Command Prompt" from here and then run FRST64?
If yes, what command do I type for it?
Also, where is FRST64 located?
Thanks.
-
Hello! Sorry for the delay in getting back to you.
Please find the requested log (Search.txt):
Farbar Recovery Scan Tool Version: 04-07-2012 01
Ran by SYSTEM at 2012-07-05 10:50:17
Running from D:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-08-04 18:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-06-25 06:02] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\System32\services.exe
[2009-08-04 18:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843
=== End Of Search ===
-
Hi Gringo thank you for the quick reply.
Please find the log that you requested (FRST.txt):
Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 04-07-2012 01
Ran by SYSTEM at 04-07-2012 13:15:00
Running from F:\
Windows Vista Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [45056 2007-04-24] ( )
HKLM\...\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)
HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2007-02-07] ()
HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)
HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [850704 2007-06-14] (Dritek System Inc.)
HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] ()
HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup [3383296 2007-02-02] (Leader Technologies)
HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-01-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-01-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-01-02] (Intel Corporation)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [155648 2008-05-06] (Apple Computer, Inc.)
HKLM\...\Run: [skytel] Skytel.exe [x]
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe [35328 2006-11-21] ()
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2009-07-06] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [722256 2008-12-11] (CANON INC.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-09-16] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))
HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1107552 2012-07-01] ()
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Neetu\...\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)
HKU\Neetu\...\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [4670704 2007-08-30] (Yahoo! Inc.)
HKU\Neetu\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\Neetu\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2634048 2010-07-06] (Veoh Networks)
HKU\Neetu\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Neetu\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [10555904 2012-07-01] (The Weather Channel)
HKU\Neetu\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk
ShortcutTarget: Device Detector 2.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
Startup: C:\Users\Neetu\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk
ShortcutTarget: OpenOffice.org 2.3.lnk -> C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()
================================ Services (Whitelisted) ==================
2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation)
2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5161080 2012-06-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-04-25] (HiTRSUT)
2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.)
2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.)
2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.)
2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] ()
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
2 Irmon; C:\Windows\System32\irmon.dll [17920 2006-11-02] (Microsoft Corporation)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [107008 2006-11-24] ()
2 N360; "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-04-02] ()
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [810320 2008-01-28] (Safer Networking Ltd.)
2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-06-19] (Skype Technologies S.A.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
2 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-01] ()
2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer)
2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]
4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]
========================== Drivers (Whitelisted) =============
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation)
3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21264 2007-06-14] (Dritek System Inc.)
1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)
1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120702.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)
2 int15; \??\C:\Windows\system32\drivers\int15.sys [76584 2007-03-02] ()
2 irda; C:\Windows\System32\DRIVERS\irda.sys [95744 2008-01-18] (Microsoft Corporation)
4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120703.017\NAVENG.SYS [87928 2012-05-16] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120703.017\NAVEX15.SYS [1589752 2012-05-16] (Symantec Corporation)
3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [30720 2008-01-18] (National Semiconductor Corporation)
3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-08-25] (NewTech Infosystems, Inc.)
0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)
0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)
0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)
3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-02-07] ()
1 SRTSP; C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2009-10-14] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2011-01-01] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation)
2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-07-03 23:14 - 2012-07-03 23:14 - 00019389 ____A C:\ComboFix.txt
2012-07-03 23:00 - 2012-07-03 23:01 - 00000000 ____D C:\6788cb2bf9deb48900de59dea34775ee
2012-07-03 22:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-03 22:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-03 22:25 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-03 22:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-03 22:24 - 2012-07-03 23:14 - 00000000 ____D C:\ComboFix
2012-07-03 21:50 - 2012-07-03 23:14 - 00000000 ____D C:\Qoobox
2012-07-03 21:50 - 2012-07-03 23:11 - 00000000 ____D C:\Windows\erdnt
2012-07-03 21:49 - 2012-07-03 21:49 - 00001500 ____A C:\Users\Neetu\Desktop\checkup.txt
2012-07-03 18:18 - 2012-07-03 18:18 - 00025040 ____A C:\Users\Neetu\Desktop\DDS.txt
2012-07-03 18:18 - 2012-07-03 18:18 - 00013435 ____A C:\Users\Neetu\Desktop\Attach.txt
2012-07-03 18:16 - 2012-07-03 18:16 - 00013435 ____A C:\Users\Neetu\Documents\Attach.txt
2012-07-03 14:11 - 2012-07-03 14:11 - 00000000 ____D C:\Users\Neetu\AppData\Local\{96A5A0B0-3C35-478F-B52F-98599CAE6458}
2012-07-03 14:10 - 2012-07-03 14:11 - 00000000 ____D C:\Users\Neetu\AppData\Local\{C49A0691-CD44-4865-921D-E9F316C50626}
2012-07-03 12:55 - 2012-07-03 12:56 - 00000000 ____D C:\Users\Neetu\AppData\Local\{03A696AC-E90B-4315-B7E3-AA64E255829E}
2012-07-03 12:54 - 2012-07-03 12:55 - 00000000 ____D C:\Users\Neetu\AppData\Local\{B019819B-3271-46F0-81D0-985B303AE82C}
2012-07-03 09:30 - 2012-07-03 09:30 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-03 09:30 - 2012-07-03 09:30 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Malwarebytes
2012-07-03 09:29 - 2012-07-03 09:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-07-03 09:29 - 2012-07-03 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-03 09:29 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 09:15 - 2012-07-03 09:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Neetu\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-03 09:15 - 2012-07-03 09:15 - 00000000 ____D C:\Users\Neetu\AppData\Local\{C3ABB107-7F6A-4438-AF82-A464E6ECB267}
2012-07-03 09:14 - 2012-07-03 09:14 - 00000000 ____D C:\Users\Neetu\AppData\Local\{2F4D5299-68E3-4338-B34D-5A3BE24F52DE}
2012-07-01 14:40 - 2012-07-01 14:41 - 00000000 ____D C:\Users\Neetu\AppData\Local\{3F590268-1497-49B6-8033-3E4F328DEA10}
2012-07-01 14:39 - 2012-07-01 14:40 - 00000000 ____D C:\Users\Neetu\AppData\Local\{6C8453B7-95A2-4C17-96EE-A6278176B168}
2012-07-01 14:26 - 2012-07-01 14:26 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\AVG2012
2012-07-01 14:25 - 2012-07-02 04:26 - 00000846 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-01 14:25 - 2012-07-01 14:25 - 00000000 ____D C:\Users\Neetu\AppData\Local\AVG Secure Search
2012-07-01 14:25 - 2012-07-01 14:25 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-07-01 14:24 - 2012-07-01 14:25 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2012-07-01 14:24 - 2012-07-01 14:25 - 00000000 ____D C:\Program Files\AVG Secure Search
2012-07-01 14:23 - 2012-07-04 04:59 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-01 14:23 - 2012-07-01 14:27 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-01 14:23 - 2012-07-01 14:23 - 00000000 ____D C:\$AVG
2012-07-01 14:22 - 2012-07-01 14:22 - 00000000 ____D C:\Program Files\AVG
2012-07-01 14:18 - 2012-07-04 05:00 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-01 14:18 - 2012-07-01 14:18 - 03879304 ____A (AVG Technologies) C:\Users\Neetu\Downloads\avg_free_stb_all_2012_2180_cnet.exe
2012-07-01 14:17 - 2012-07-01 14:17 - 00000000 ____D C:\Users\Neetu\Documents\Simply Super Software
2012-07-01 14:17 - 2012-06-15 12:39 - 00169744 ____A C:\Windows\System32\ztvunrar36.dll
2012-07-01 14:17 - 2012-06-15 12:35 - 00185616 ____A C:\Windows\System32\ztvunrar39.dll
2012-07-01 14:17 - 2012-06-15 12:33 - 00605968 ____A (Igor Pavlov) C:\Windows\System32\ztv7z.dll
2012-07-01 14:17 - 2012-06-15 12:33 - 00077072 ____A (Microsoft Corporation) C:\Windows\System32\ztvcabinet.dll
2012-07-01 14:17 - 2005-08-25 21:50 - 00077312 ____A C:\Windows\System32\ztvunace26.dll
2012-07-01 14:17 - 2003-02-02 16:06 - 00153088 ____A C:\Windows\System32\unrar3.dll
2012-07-01 14:17 - 2002-03-05 21:00 - 00075264 ____A C:\Windows\System32\unacev2.dll
2012-07-01 14:16 - 2012-07-01 14:17 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Simply Super Software
2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\Neetu\AppData\Local\blekkotb_031
2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\Simply Super Software
2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\blekko toolbars
2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Program Files\blekkotb_031
2012-07-01 14:15 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-07-01 14:15 - 2012-07-01 14:15 - 12308848 ____A (Simply Super Software ) C:\Users\Neetu\Downloads\trj684.exe
2012-07-01 14:14 - 2012-07-01 14:15 - 00463080 ____A (CNET Download.com) C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe
2012-07-01 13:52 - 2012-07-01 13:52 - 00000781 ____A C:\Users\Neetu\Desktop\PC Cleaner Pro.lnk
2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\PCPro
2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\PC Cleaners
2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\All Users\PC1Data
2012-07-01 13:52 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-07-01 13:51 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Users\Neetu\Downloads\PC_Pro_Installer.exe
2012-07-01 13:40 - 2012-07-01 13:40 - 00000000 ____D C:\Users\Neetu\AppData\Local\{882D2F6C-BD61-4D20-B929-C1A041A2E13F}
2012-07-01 13:39 - 2012-07-01 13:39 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8D807900-7F4A-4CB0-8A47-E016CDD121EA}
2012-07-01 13:30 - 2012-07-01 13:51 - 00000000 ____D C:\Users\Neetu\AppData\Local\NPE
2012-07-01 13:29 - 2012-07-01 13:30 - 02841104 ____A (Symantec Corporation) C:\Users\Neetu\Downloads\NPE.exe
2012-07-01 09:39 - 2012-07-01 09:39 - 00001105 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2012-07-01 09:33 - 2012-07-01 09:33 - 00000000 ____D C:\Users\Neetu\AppData\Local\{F139DA26-DEB0-4A11-AFC2-D9872F5EF462}
2012-07-01 09:33 - 2012-07-01 09:33 - 00000000 ____D C:\Program Files\The Weather Channel
2012-07-01 09:32 - 2012-07-01 09:33 - 00000000 ____D C:\Users\Neetu\AppData\Local\{FA2FA6D5-9F0A-420B-8D02-514DEFCA6761}
2012-06-28 15:04 - 2012-06-28 15:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-27 20:49 - 2012-06-27 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-25 19:32 - 2012-06-25 19:32 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Mozilla
2012-06-23 00:41 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-23 00:41 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-23 00:41 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-23 00:41 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-23 00:40 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-23 00:40 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-23 00:40 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-23 00:39 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-23 00:39 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-14 04:37 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 04:37 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 04:37 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 04:36 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 04:36 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 04:36 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 04:36 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 04:36 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 04:36 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 04:36 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 04:36 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 04:36 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 04:36 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 04:36 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 00:10 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 00:10 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 00:10 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 00:09 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 00:09 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-08 08:12 - 2012-07-04 08:55 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Skype
2012-06-08 08:12 - 2012-06-08 08:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-08 08:12 - 2012-06-08 08:12 - 00000000 ___RD C:\Program Files\Skype
2012-06-08 08:12 - 2012-06-08 08:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-06-08 08:09 - 2012-06-08 08:09 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Neetu\Downloads\SkypeSetup.exe
2012-06-08 05:51 - 2012-06-08 05:52 - 00000000 ____D C:\Users\Neetu\AppData\Local\{89A46BBA-E89D-4E57-998E-B4702D63D27D}
2012-06-08 05:51 - 2012-06-08 05:51 - 00000000 ____D C:\Users\Neetu\AppData\Local\{D08E103D-FCC9-4B50-B48E-1B8CB525A1A0}
2012-06-07 11:08 - 2012-06-07 11:08 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8285022C-173F-4724-9223-B468237A3046}
2012-06-07 11:08 - 2012-06-07 11:08 - 00000000 ____D C:\Users\Neetu\AppData\Local\{75E89D35-3E13-433C-9202-0F7A09117920}
2012-06-07 09:57 - 2012-06-07 09:57 - 00000000 ____D C:\Users\Neetu\AppData\Local\{F967FD96-05E8-4260-B059-FF1E1003E7AB}
2012-06-07 09:57 - 2012-06-07 09:57 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8A0C59AA-440E-42D8-B5CD-8D056DAC399D}
2012-06-06 19:22 - 2012-06-06 19:22 - 00000000 ____D C:\Users\Neetu\AppData\Local\{54CFE2E8-42DF-443B-8BEE-3C83468B5020}
2012-06-06 19:21 - 2012-06-06 19:21 - 00000000 ____D C:\Users\Neetu\AppData\Local\{44B58133-73DA-491A-82A6-51545C7432B8}
============ 3 Months Modified Files ========================
2012-07-04 09:07 - 2006-11-02 05:01 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-04 09:07 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-04 09:05 - 2009-06-30 22:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job
2012-07-04 09:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-04 09:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-04 08:57 - 2007-10-09 11:03 - 01144365 ____A C:\Windows\WindowsUpdate.log
2012-07-03 23:14 - 2012-07-03 23:14 - 00019389 ____A C:\ComboFix.txt
2012-07-03 23:06 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2012-07-03 23:03 - 2007-08-25 21:36 - 00452068 ____A C:\Windows\PFRO.log
2012-07-03 23:02 - 2006-11-02 02:22 - 54001664 ____A C:\Windows\System32\config\SOFTWARE.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\COMPON~1.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 26476544 ____A C:\Windows\System32\config\SYSTEM.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak
2012-07-03 23:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SAM.bak
2012-07-03 21:49 - 2012-07-03 21:49 - 00001500 ____A C:\Users\Neetu\Desktop\checkup.txt
2012-07-03 18:18 - 2012-07-03 18:18 - 00025040 ____A C:\Users\Neetu\Desktop\DDS.txt
2012-07-03 18:18 - 2012-07-03 18:18 - 00013435 ____A C:\Users\Neetu\Desktop\Attach.txt
2012-07-03 18:16 - 2012-07-03 18:16 - 00013435 ____A C:\Users\Neetu\Documents\Attach.txt
2012-07-03 17:59 - 2006-11-02 02:33 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-03 14:30 - 2008-05-06 15:11 - 00054156 ___AH C:\Windows\QTFont.qfn
2012-07-03 09:30 - 2012-07-03 09:30 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-03 09:15 - 2012-07-03 09:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Neetu\Downloads\mbam-setup-1.61.0.1400.exe
2012-07-02 16:05 - 2009-06-30 22:56 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job
2012-07-02 04:26 - 2012-07-01 14:25 - 00000846 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-01 14:18 - 2012-07-01 14:18 - 03879304 ____A (AVG Technologies) C:\Users\Neetu\Downloads\avg_free_stb_all_2012_2180_cnet.exe
2012-07-01 14:15 - 2012-07-01 14:15 - 12308848 ____A (Simply Super Software ) C:\Users\Neetu\Downloads\trj684.exe
2012-07-01 14:15 - 2012-07-01 14:14 - 00463080 ____A (CNET Download.com) C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe
2012-07-01 13:52 - 2012-07-01 13:52 - 00000781 ____A C:\Users\Neetu\Desktop\PC Cleaner Pro.lnk
2012-07-01 13:51 - 2012-07-01 13:52 - 04447544 ____A (PC Cleaners) C:\Windows\uninst.exe
2012-07-01 13:51 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Users\Neetu\Downloads\PC_Pro_Installer.exe
2012-07-01 13:30 - 2012-07-01 13:29 - 02841104 ____A (Symantec Corporation) C:\Users\Neetu\Downloads\NPE.exe
2012-07-01 09:39 - 2012-07-01 09:39 - 00001105 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk
2012-06-30 20:27 - 2006-11-02 04:52 - 00070810 ____A C:\Windows\setupact.log
2012-06-27 20:49 - 2012-06-27 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-27 20:49 - 2012-01-11 19:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-15 12:39 - 2012-07-01 14:17 - 00169744 ____A C:\Windows\System32\ztvunrar36.dll
2012-06-15 12:35 - 2012-07-01 14:17 - 00185616 ____A C:\Windows\System32\ztvunrar39.dll
2012-06-15 12:33 - 2012-07-01 14:17 - 00605968 ____A (Igor Pavlov) C:\Windows\System32\ztv7z.dll
2012-06-15 12:33 - 2012-07-01 14:17 - 00077072 ____A (Microsoft Corporation) C:\Windows\System32\ztvcabinet.dll
2012-06-14 06:03 - 2006-11-02 04:47 - 00389968 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-08 08:12 - 2012-06-08 08:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-08 08:09 - 2012-06-08 08:09 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Neetu\Downloads\SkypeSetup.exe
2012-06-03 19:35 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-02 14:19 - 2012-06-23 00:41 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-23 00:41 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-23 00:41 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-23 00:40 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-23 00:40 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-23 00:41 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-23 00:40 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-23 00:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-23 00:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-17 15:11 - 2012-06-14 04:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-14 04:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-14 04:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-14 04:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-14 04:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 04:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-14 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-14 04:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 04:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-14 04:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 04:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-14 04:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 04:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 04:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 06:19 - 2012-05-17 06:19 - 00035810 ____A C:\Users\Neetu\Downloads\Voicemail_20120517125400Z (1).wav
2012-05-17 06:18 - 2012-05-17 06:18 - 00035810 ____A C:\Users\Neetu\Downloads\Voicemail_20120517125400Z.wav
2012-05-15 11:51 - 2012-06-13 00:09 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 07:56 - 2008-01-15 10:02 - 00000680 ____A C:\Users\Neetu\AppData\Local\d3d9caps.dat
2012-05-09 09:54 - 2008-05-06 15:18 - 04031488 ___RA C:\Users\Public\Documents\ESBK.mbb
2012-05-09 09:54 - 2008-05-06 15:18 - 01915904 ___RA C:\Users\Public\Documents\ESBK.mb
2012-05-01 06:03 - 2012-06-13 00:09 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-23 08:00 - 2012-06-13 00:10 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:00 - 2012-06-13 00:10 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:00 - 2012-06-13 00:10 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-19 00:50 - 2012-04-19 00:50 - 00024896 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys
2012-04-11 23:33 - 2012-04-11 23:33 - 00138824 ____A C:\Windows\Minidump\Mini041212-01.dmp
2012-04-11 23:32 - 2009-08-25 06:36 - 329419551 ____A C:\Windows\MEMORY.DMP
ZeroAccess:
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U
ZeroAccess:
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2009-08-04 18:18] - [2009-04-10 22:28] - 0314368 ____A (Microsoft Corporation)
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 2037.81 MB
Available physical RAM: 1752.02 MB
Total Pagefile: 1969.71 MB
Available Pagefile: 1826.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB
======================= Partitions =========================
1 Drive c: (ACER) (Fixed) (Total:69.65 GB) (Free:11.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:6.71 GB) NTFS
4 Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:0.81 GB) FAT32
5 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.87 GB) FAT32
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 1849 KB
Disk 1 Online 7640 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 10 GB 1024 KB
Partition 2 Primary 70 GB 10 GB
Partition 3 Primary 70 GB 79 GB
==================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 X PQSERVICE FAT32 Partition 10 GB Healthy Hidden
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C ACER NTFS Partition 70 GB Healthy
==================================================================================
Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D DATA NTFS Partition 70 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7636 MB 4032 KB
==================================================================================
Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F KINGSTON FAT32 Removable 7636 MB Healthy
==================================================================================
==========================================================
Last Boot: 2012-07-03 23:38
======================= End Of Log ==========================
-
Hello Gringo_pr,
Thank you for helping me with my request.
I have followed your instructions carefully.
If anything is still amiss please let me know and I will re-do it.
1) Dump of Checkup.txt
Results of screen317's Security Check version 0.99.42
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Norton Security Suite
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
PC Cleaners
Java 6 Update 26
Java 6 Update 3
Java 6 Update 5
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Empowering Technology eSettings Service capuserv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
============================================================================
2) Log from Combofix
ComboFix 12-07-02.01 - Neetu 07/04/2012 2:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.671 [GMT -4:00]
Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\@
c:\users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\n
c:\users\Neetu\AppData\Roaming\8434.677
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\00000004.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\1afb2d56
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\201d3dde
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\55490ac4
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\n
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\00000004.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\00000008.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\000000cb.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000000.@
c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000032.@
c:\windows\system32\Nagasoft
c:\windows\system32\Nagasoft\32.ICO
c:\windows\system32\Nagasoft\Codecs\asyncflt.ax
c:\windows\system32\Nagasoft\Codecs\atrc.dll
c:\windows\system32\Nagasoft\Codecs\cook.dll
c:\windows\system32\Nagasoft\Codecs\drvc.dll
c:\windows\system32\Nagasoft\Codecs\raac.dll
c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll
c:\windows\system32\Nagasoft\FFVJPlayer.exe
c:\windows\system32\Nagasoft\GifShower.dll
c:\windows\system32\Nagasoft\Uninstall.exe
c:\windows\system32\Nagasoft\vjocx.dll
c:\windows\system32\Nagasoft\vjocx.exe
.
c:\windows\system32\Services.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vvdsvc
-------\Service_vvdsvc
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee
2012-07-04 06:58 . 2012-07-04 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 17:30 . 2012-07-03 17:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search
2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search
2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files
2012-07-01 22:23 . 2012-07-03 22:59 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012
2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG
2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG
2012-07-01 22:18 . 2012-07-03 22:59 -------- d-----w- c:\programdata\MFAData
2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll
2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\program files\blekkotb_031
2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031
2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro
2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe
2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data
2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE
2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel
2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-08 16:12 . 2012-07-04 06:02 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype
2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]
"Skytel"="Skytel.exe" [2007-05-29 1826816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
vvdsvc REG_MULTI_SZ vvdsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job
- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
HKLM-Run-PC Cleaners - c:\program files\PC Cleaners\PCCleaners.exe
AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
AddRemove-VJOcx2.0 - c:\windows\system32\Nagasoft\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 03:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5076)
c:\program files\Microsoft Office\Office12\GrooveMisc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\acer\Empowering Technology\eNet\eNet Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\acer\Empowering Technology\eSettings\Service\capuserv.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe
c:\windows\system32\DllHost.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-07-04 03:14:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 07:14
.
Pre-Run: 12,636,794,880 bytes free
Post-Run: 12,372,754,432 bytes free
.
- - End Of File - - 4827DEDBE3A758232EC3D25C76C44195
===================================================================
3) Issues Encountered:
a) Combofix took three attempts to run
b) First time it seemed to execute but gave very quick 2-3 pop us (that were gone before I could read) and then nothing happened.
c) I rebooted and tried a second time. This time the command prompt window showed me that combofix was executing but halfway through it I saw it freeze.
I was not running any other applications or processes. Both anti virus were disabled (AVG and Norton).
I did however get a pop up message saying "Running Combofix in Compatibility mode may damage the machine!"
d) I rebooted and tried a third time. Third time was a charm,
It ran through and then said trying to create a restore point and started completing various stages. Like some 38-40 stages or so.
Then it said "System file infected" and showed this location "C:\Windows\System 32\System.exe"
After some time time it popped up a message saying something like - normal cleanup failed - trying other methods and deeper scan.
After some more time it generated the log.
This entire process in item c described here took over 45 minutes.
===================================================================
4) How is the computer doing:
I tried to open Norton Anti-Virus to enable it but got the message "Illegal operation attempted on a registery key that has been marked for deletion."
So as per your instructions I re-started the computer and this time Norton and AVG launched without any problem.
But as soon as the computer reboot I did get a couple of messages from Norton
a) One for Trojan.gen.2
b) Other as under:
Severity: High
Activity: )Trojan.Zeroaccess.B) detected by Auto-Protect
Status: Manual Removal Required
Otherwise the computer seems to be running ok.
Performance is much improved (not much lag seen).
So far no malicious websites have been opened.
Other than the two instances where I was flagged about the trojans above there have been no other
pop ups from my anti virus indicating viruses.
Earlier (before I ran your instructions) I was getting hit with like 1-2 pop us a minute from my anti virus
about the trojans.
Thank you for the very detailed and clear instructions.
I am not using the computer yet other than to provide you what you have asked for.
What would you like me to do next.
Thanks again!
-
Hello Forum,
My PC is infected with some Trojan viruses.
I purchased Malware Bytes Pro and ran a full scan.
It detected some trojan's and notified me that they had been removed but my computer continues to be under attack.
1) The computer is awfully slow.
2) IE is opening up malicious websites.
3) My anti-virus continues to prompt me with pop-ups notifying of the virus "Threat Detected"
4) Here are some of the messages:
- Trojan.Gen.2 detected
- Location: C:\Windows\System 32\System.exe
- Infection: Trojan horse Patched_c.LYT
Says "Detected on open"
5) Also shows Trojan.Zeroaccess.B - says manual removal required
6) Attached are the logs requested (DDS and Attach).
Appreciate any help this forum can provide.
Thank you much in advance!
Infected with Trojan.Gen.2
in Resolved Malware Removal Logs
Posted
Hello,
Couple of questions:
1) The volume indicator doesn't show anymore. When I increase or decrease the volume the bars appear towards of the bottom of the screen.
They no longer appear. The volume does get adjusted but the bars don't show anymore.
2) Youtube record function is no longer working. Keeps prompting for apple quick time to be added to start up.
Even after doing so, the recording option from youtube is blocked. Not sure what did that.
Otherwise the computer seems to be doing well.
Thanks again for your tremendous help!