Jump to content

I think my computer has a bug

berrylion

By berrylion
in Resolved Malware Removal Logs

 Share

Recommended Posts

berrylion

berrylion

Posted
Posted

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.6001.19170

Run by new joint at 7:34:14 on 2012-02-14

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4028.2131 [GMT -5:00]

.

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Fingerprint Sensor\ATService.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dldtcoms.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cbarsvc.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\ehome\ehtray.exe

C:\Users\susan\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Users\susan\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

C:\Users\new joint\Documents\SuperFreshFood_Rewards_AutoEARN\sufrt.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DigitalPersona\Bin\DPAgent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Users\new joint\Documents\SuperFreshFood_Rewards_AutoEARN\sufrp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cmedint.exe

C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cmedint.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer provided by Dell

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: N/A: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cSrcAs.dll

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: DigitalPersona Fingerprint Software Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Toolbar BHO: {ac3eb537-a86d-4a88-802a-79918db4abe7} - C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Search Assistant BHO: {d76689d9-6555-42ee-a94f-ba89fb29ceb1} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cSrcAs.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Super Fresh Food Rewards AutoEARN v1.0: {e8be2447-0b1e-4013-8c98-30ef0f2ef23f} - C:\Users\new joint\Documents\SuperFreshFood_Rewards_AutoEARN\sufrb.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Maps4PC: {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [sufrm] "C:\Users\new joint\Documents\SuperFreshFood_Rewards_AutoEARN\sufrt.exe"

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce: [Launcher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: internet

Trusted Zone: mcafee.com

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{05EC2A8E-20CB-4594-854F-E505938D7749} : DhcpNameServer = 203.2.193.67 202.135.30.4

TCP: Interfaces\{5456B354-09EF-4E95-B23B-8275046A72DF} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{D19C466D-913F-42CE-84DA-7249FFEE04A1} : DhcpNameServer = 203.2.193.67 202.135.30.4

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

LSA: Notification Packages = scecli DPPWDFLT

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: DigitalPersona Fingerprint Software Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll

BHO-X64: DigitalPersona Fingerprint Software Extension - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Toolbar BHO: {ac3eb537-a86d-4a88-802a-79918db4abe7} - C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cbar.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Search Assistant BHO: {d76689d9-6555-42ee-a94f-ba89fb29ceb1} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cSrcAs.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Super Fresh Food Rewards AutoEARN v1.0: {E8BE2447-0B1E-4013-8C98-30EF0F2EF23F} - C:\Users\new joint\Documents\SuperFreshFood_Rewards_AutoEARN\sufrb.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Maps4PC: {32bfba07-b1fc-4764-bc21-4af8c6188ca5} - C:\Program Files (x86)\Maps4PC_0c\bar\1.bin\0cbar.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRunOnce-x64: [Launcher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120126.003\IDSviA64.sys [2012-1-27 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]

R2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2008-12-22 2479864]

R2 BPPROT;Intel® WiMAX Link Protocol Driver;C:\Windows\system32\DRIVERS\bpprot.sys --> C:\Windows\system32\DRIVERS\bpprot.sys [?]

R2 dldt_device;dldt_device;C:\Windows\system32\dldtcoms.exe -service --> C:\Windows\system32\dldtcoms.exe -service [?]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2008-12-11 399872]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 Maps4PC_0cService;Maps4PC Service;C:\PROGRA~2\MAPS4P~2\bar\1.bin\0cbarsvc.exe [2011-7-20 34864]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-13 652360]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-8-1 130008]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-7-26 636144]

R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-9 288768]

R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2011-3-9 1066896]

R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2011-3-9 491920]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2008-12-11 3551744]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\Windows\system32\Drivers\ATSwpWDF.sys --> C:\Windows\system32\Drivers\ATSwpWDF.sys [?]

R3 bpenum;Intel® WiMAX Link Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpusb;Intel® WiMAX Link 5050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA001Ufd.sys --> C:\Windows\system32\DRIVERS\OA001Ufd.sys [?]

R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\system32\DRIVERS\OA001Vid.sys --> C:\Windows\system32\DRIVERS\OA001Vid.sys [?]

S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys [2012-1-23 1157240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 136176]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S3 bpmp;Intel® WiMAX Link 5050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-7-26 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-7-26 79360]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-9 138360]

S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys --> C:\Windows\system32\DRIVERS\ewusbnet.sys [?]

S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 136176]

S3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys --> C:\Windows\system32\DRIVERS\ewusbfake.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-7-26 79360]

S3 SRS_WOWHD_DivX_Service;WOW HD DivX Edition;C:\Windows\system32\drivers\SRS_DivX_amd64.sys --> C:\Windows\system32\drivers\SRS_DivX_amd64.sys [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-02-14 03:46:54 -------- d-----w- C:\Users\new joint\AppData\Roaming\Malwarebytes

2012-02-14 03:46:49 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-14 03:46:49 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-14 03:46:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-14 03:42:59 -------- d--h--w- C:\ProgramData\Common Files

2012-02-14 03:40:42 -------- d-----w- C:\ProgramData\MFAData

2012-02-14 02:31:13 -------- d-----w- C:\Program Files (x86)\PC Tools

2012-02-14 02:28:50 -------- d-----w- C:\ProgramData\PC Tools

2012-02-14 02:28:49 -------- d-----w- C:\Users\new joint\AppData\Roaming\TestApp

2012-01-26 13:29:25 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-01-26 13:29:25 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-01-26 13:29:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-01-26 13:29:25 1689600 ----a-w- C:\Windows\System32\lsasrv.dll

2012-01-26 13:29:24 94720 ----a-w- C:\Windows\System32\secur32.dll

2012-01-26 13:29:24 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-01-26 13:29:24 442368 ----a-w- C:\Windows\System32\winhttp.dll

2012-01-26 13:29:24 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll

2012-01-26 13:29:24 11264 ----a-w- C:\Windows\System32\lsass.exe

2012-01-25 13:08:59 -------- d-----w- C:\Users\new joint\AppData\Local\{1DB6DF0C-4A20-45E3-938C-C0A1D0E67D59}

2012-01-25 13:08:41 -------- d-----w- C:\Users\new joint\AppData\Local\{99BA8271-40A4-476D-93BE-6E6E0FFE8A82}

2012-01-20 21:23:48 -------- d-----w- C:\Users\new joint\AppData\Local\{F13EAA4B-CC9C-48FB-BE9E-B998BC89E7BC}

.

==================== Find3M ====================

.

2011-11-30 21:05:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll

2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys

2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll

2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll

2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll

.

My Norton Internet Security stopped working. When I click on it nothing happens. I cant even uninstall it. I did a system restore hoping it would fix the problem. Didnt work. I purchased malwarebytes latest version. I ran a scan that didnt detect anything. I cannnot update the malwarebytes software. Any suggestions welcomed

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hello and :welcome:

Lets first also run a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites
berrylion

berrylion

Posted
  • Author
Posted

Hi, no threats were found.08:37:23.0437 4104 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

08:37:23.0484 4104 ============================================================

08:37:23.0484 4104 Current date / time: 2012/02/15 08:37:23.0484

08:37:23.0484 4104 SystemInfo:

08:37:23.0484 4104

08:37:23.0484 4104 OS Version: 6.0.6002 ServicePack: 2.0

08:37:23.0484 4104 Product type: Workstation

08:37:23.0484 4104 ComputerName: NEWJOINT-PC

08:37:23.0484 4104 UserName: new joint

08:37:23.0484 4104 Windows directory: C:\Windows

08:37:23.0484 4104 System windows directory: C:\Windows

08:37:23.0484 4104 Running under WOW64

08:37:23.0484 4104 Processor architecture: Intel x64

08:37:23.0484 4104 Number of processors: 2

08:37:23.0484 4104 Page size: 0x1000

08:37:23.0484 4104 Boot type: Normal boot

08:37:23.0484 4104 ============================================================

08:37:24.0451 4104 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

08:37:24.0466 4104 \Device\Harddisk0\DR0:

08:37:24.0466 4104 MBR used

08:37:24.0466 4104 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x27800, BlocksNum 0x1E00000

08:37:24.0466 4104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E27800, BlocksNum 0x23606800

08:37:24.0544 4104 Initialize success

08:37:24.0544 4104 ============================================================

08:37:27.0306 4760 ============================================================

08:37:27.0306 4760 Scan started

08:37:27.0306 4760 Mode: Manual;

08:37:27.0306 4760 ============================================================

08:37:29.0599 4760 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

08:37:29.0599 4760 ACPI - ok

08:37:29.0708 4760 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

08:37:29.0708 4760 adp94xx - ok

08:37:29.0739 4760 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

08:37:29.0739 4760 adpahci - ok

08:37:29.0755 4760 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

08:37:29.0755 4760 adpu160m - ok

08:37:29.0770 4760 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

08:37:29.0786 4760 adpu320 - ok

08:37:29.0848 4760 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

08:37:29.0848 4760 AFD - ok

08:37:29.0880 4760 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

08:37:29.0880 4760 agp440 - ok

08:37:29.0895 4760 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

08:37:29.0911 4760 aic78xx - ok

08:37:29.0942 4760 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys

08:37:29.0942 4760 aliide - ok

08:37:29.0942 4760 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

08:37:29.0958 4760 amdide - ok

08:37:29.0973 4760 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

08:37:29.0973 4760 AmdK8 - ok

08:37:30.0020 4760 ApfiltrService (3cc4531f11648a6081a7ba3aa4924d04) C:\Windows\system32\DRIVERS\Apfiltr.sys

08:37:30.0036 4760 ApfiltrService - ok

08:37:30.0051 4760 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

08:37:30.0051 4760 arc - ok

08:37:30.0067 4760 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

08:37:30.0067 4760 arcsas - ok

08:37:30.0082 4760 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

08:37:30.0098 4760 AsyncMac - ok

08:37:30.0129 4760 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

08:37:30.0129 4760 atapi - ok

08:37:30.0192 4760 ATSwpWDF (468a011338170f0fd2e2b8966217c503) C:\Windows\system32\Drivers\ATSwpWDF.sys

08:37:30.0223 4760 ATSwpWDF - ok

08:37:30.0472 4760 BHDrvx64 (1d757a7e020c577c4259a755f21b7152) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120121.002\BHDrvx64.sys

08:37:30.0519 4760 BHDrvx64 - ok

08:37:30.0628 4760 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

08:37:30.0628 4760 blbdrive - ok

08:37:30.0706 4760 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

08:37:30.0706 4760 bowser - ok

08:37:30.0753 4760 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys

08:37:30.0753 4760 bpenum - ok

08:37:30.0800 4760 bpmp (158880cede44562c5f260140267e1b42) C:\Windows\system32\DRIVERS\bpmp.sys

08:37:30.0816 4760 bpmp - ok

08:37:30.0847 4760 BPPROT (03228e15fe50300f2bdb7d42a018b373) C:\Windows\system32\DRIVERS\bpprot.sys

08:37:30.0847 4760 BPPROT - ok

08:37:30.0894 4760 bpusb (ae29d95f2fda67b48577bea6c9b83c17) C:\Windows\system32\Drivers\bpusb.sys

08:37:30.0894 4760 bpusb - ok

08:37:30.0925 4760 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

08:37:30.0925 4760 BrFiltLo - ok

08:37:30.0940 4760 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

08:37:30.0940 4760 BrFiltUp - ok

08:37:30.0972 4760 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

08:37:30.0972 4760 Brserid - ok

08:37:31.0003 4760 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

08:37:31.0003 4760 BrSerWdm - ok

08:37:31.0018 4760 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

08:37:31.0018 4760 BrUsbMdm - ok

08:37:31.0050 4760 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

08:37:31.0050 4760 BrUsbSer - ok

08:37:31.0065 4760 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

08:37:31.0065 4760 BTHMODEM - ok

08:37:31.0112 4760 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

08:37:31.0112 4760 cdfs - ok

08:37:31.0159 4760 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

08:37:31.0159 4760 cdrom - ok

08:37:31.0190 4760 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys

08:37:31.0190 4760 circlass - ok

08:37:31.0221 4760 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

08:37:31.0237 4760 CLFS - ok

08:37:31.0284 4760 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys

08:37:31.0299 4760 CmBatt - ok

08:37:31.0315 4760 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

08:37:31.0315 4760 cmdide - ok

08:37:31.0330 4760 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys

08:37:31.0330 4760 Compbatt - ok

08:37:31.0346 4760 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

08:37:31.0346 4760 crcdisk - ok

08:37:31.0393 4760 CtClsFlt (fc1f55ba03832fbb0daf965f746c47bb) C:\Windows\system32\DRIVERS\CtClsFlt.sys

08:37:31.0408 4760 CtClsFlt - ok

08:37:31.0440 4760 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

08:37:31.0440 4760 DfsC - ok

08:37:31.0486 4760 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

08:37:31.0502 4760 disk - ok

08:37:31.0549 4760 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

08:37:31.0549 4760 drmkaud - ok

08:37:31.0611 4760 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

08:37:31.0627 4760 DXGKrnl - ok

08:37:31.0674 4760 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys

08:37:31.0674 4760 e1express - ok

08:37:31.0705 4760 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

08:37:31.0705 4760 E1G60 - ok

08:37:31.0752 4760 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

08:37:31.0752 4760 Ecache - ok

08:37:31.0861 4760 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys

08:37:31.0876 4760 eeCtrl - ok

08:37:31.0986 4760 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

08:37:31.0986 4760 elxstor - ok

08:37:32.0095 4760 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

08:37:32.0095 4760 EraserUtilRebootDrv - ok

08:37:32.0157 4760 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys

08:37:32.0157 4760 ErrDev - ok

08:37:32.0251 4760 ewusbnet (251af86e0a4ddf3a6b181ed5103b06b1) C:\Windows\system32\DRIVERS\ewusbnet.sys

08:37:32.0251 4760 ewusbnet - ok

08:37:32.0298 4760 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

08:37:32.0298 4760 exfat - ok

08:37:32.0329 4760 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

08:37:32.0344 4760 fastfat - ok

08:37:32.0376 4760 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

08:37:32.0376 4760 fdc - ok

08:37:32.0407 4760 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

08:37:32.0407 4760 FileInfo - ok

08:37:32.0438 4760 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

08:37:32.0454 4760 Filetrace - ok

08:37:32.0469 4760 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

08:37:32.0469 4760 flpydisk - ok

08:37:32.0500 4760 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

08:37:32.0516 4760 FltMgr - ok

08:37:32.0563 4760 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

08:37:32.0563 4760 fssfltr - ok

08:37:32.0578 4760 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

08:37:32.0578 4760 Fs_Rec - ok

08:37:32.0610 4760 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

08:37:32.0610 4760 gagp30kx - ok

08:37:32.0641 4760 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:37:32.0641 4760 GEARAspiWDM - ok

08:37:32.0719 4760 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:37:32.0750 4760 HDAudBus - ok

08:37:32.0781 4760 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

08:37:32.0781 4760 HidBth - ok

08:37:32.0812 4760 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys

08:37:32.0812 4760 HidIr - ok

08:37:32.0875 4760 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

08:37:32.0875 4760 HidUsb - ok

08:37:32.0922 4760 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

08:37:32.0922 4760 HpCISSs - ok

08:37:32.0984 4760 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

08:37:33.0000 4760 HTTP - ok

08:37:33.0046 4760 hwdatacard (4b5c07db91a0099272faae732e1152bd) C:\Windows\system32\DRIVERS\ewusbmdm.sys

08:37:33.0046 4760 hwdatacard - ok

08:37:33.0093 4760 hwusbfake (9c13a2691ac410cc7469f298684dca5d) C:\Windows\system32\DRIVERS\ewusbfake.sys

08:37:33.0093 4760 hwusbfake - ok

08:37:33.0124 4760 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

08:37:33.0124 4760 i2omp - ok

08:37:33.0140 4760 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

08:37:33.0156 4760 i8042prt - ok

08:37:33.0171 4760 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

08:37:33.0187 4760 iaStorV - ok

08:37:33.0374 4760 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120126.003\IDSvia64.sys

08:37:33.0374 4760 IDSVia64 - ok

08:37:33.0702 4760 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys

08:37:33.0920 4760 igfx - ok

08:37:33.0967 4760 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

08:37:33.0967 4760 iirsp - ok

08:37:34.0014 4760 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys

08:37:34.0014 4760 IntcHdmiAddService - ok

08:37:34.0045 4760 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

08:37:34.0045 4760 intelide - ok

08:37:34.0076 4760 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

08:37:34.0092 4760 intelppm - ok

08:37:34.0138 4760 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:37:34.0138 4760 IpFilterDriver - ok

08:37:34.0154 4760 IpInIp - ok

08:37:34.0185 4760 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

08:37:34.0185 4760 IPMIDRV - ok

08:37:34.0216 4760 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

08:37:34.0216 4760 IPNAT - ok

08:37:34.0263 4760 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

08:37:34.0263 4760 IRENUM - ok

08:37:34.0294 4760 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

08:37:34.0294 4760 isapnp - ok

08:37:34.0326 4760 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

08:37:34.0341 4760 iScsiPrt - ok

08:37:34.0372 4760 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

08:37:34.0372 4760 iteatapi - ok

08:37:34.0404 4760 itecir (e157d6b89d87a1b467ecdd66d280a1c2) C:\Windows\system32\DRIVERS\itecir.sys

08:37:34.0419 4760 itecir - ok

08:37:34.0435 4760 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

08:37:34.0435 4760 iteraid - ok

08:37:34.0466 4760 k57nd60a (2798447996feb5a58b584c8443acad02) C:\Windows\system32\DRIVERS\k57nd60a.sys

08:37:34.0482 4760 k57nd60a - ok

08:37:34.0528 4760 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

08:37:34.0544 4760 kbdclass - ok

08:37:34.0684 4760 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys

08:37:34.0684 4760 kbdhid - ok

08:37:34.0731 4760 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

08:37:34.0731 4760 KSecDD - ok

08:37:34.0762 4760 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

08:37:34.0762 4760 ksthunk - ok

08:37:34.0794 4760 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

08:37:34.0794 4760 lltdio - ok

08:37:34.0825 4760 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

08:37:34.0825 4760 LSI_FC - ok

08:37:34.0856 4760 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

08:37:34.0856 4760 LSI_SAS - ok

08:37:34.0872 4760 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

08:37:34.0872 4760 LSI_SCSI - ok

08:37:34.0903 4760 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

08:37:34.0903 4760 luafv - ok

08:37:34.0965 4760 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

08:37:34.0981 4760 MBAMProtector - ok

08:37:35.0012 4760 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

08:37:35.0012 4760 megasas - ok

08:37:35.0028 4760 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

08:37:35.0043 4760 MegaSR - ok

08:37:35.0074 4760 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

08:37:35.0074 4760 Modem - ok

08:37:35.0090 4760 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

08:37:35.0090 4760 monitor - ok

08:37:35.0106 4760 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

08:37:35.0106 4760 mouclass - ok

08:37:35.0121 4760 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

08:37:35.0137 4760 mouhid - ok

08:37:35.0152 4760 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

08:37:35.0152 4760 MountMgr - ok

08:37:35.0184 4760 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

08:37:35.0184 4760 mpio - ok

08:37:35.0199 4760 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

08:37:35.0215 4760 mpsdrv - ok

08:37:35.0230 4760 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

08:37:35.0230 4760 Mraid35x - ok

08:37:35.0277 4760 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

08:37:35.0293 4760 MRxDAV - ok

08:37:35.0340 4760 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:37:35.0340 4760 mrxsmb - ok

08:37:35.0371 4760 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:37:35.0386 4760 mrxsmb10 - ok

08:37:35.0402 4760 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:37:35.0402 4760 mrxsmb20 - ok

08:37:35.0433 4760 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys

08:37:35.0433 4760 msahci - ok

08:37:35.0464 4760 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

08:37:35.0464 4760 msdsm - ok

08:37:35.0480 4760 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

08:37:35.0480 4760 Msfs - ok

08:37:35.0511 4760 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

08:37:35.0511 4760 msisadrv - ok

08:37:35.0558 4760 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

08:37:35.0558 4760 MSKSSRV - ok

08:37:35.0589 4760 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

08:37:35.0589 4760 MSPCLOCK - ok

08:37:35.0620 4760 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

08:37:35.0620 4760 MSPQM - ok

08:37:35.0652 4760 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

08:37:35.0667 4760 MsRPC - ok

08:37:35.0683 4760 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

08:37:35.0683 4760 mssmbios - ok

08:37:35.0714 4760 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

08:37:35.0714 4760 MSTEE - ok

08:37:35.0730 4760 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

08:37:35.0745 4760 Mup - ok

08:37:35.0808 4760 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

08:37:35.0808 4760 NativeWifiP - ok

08:37:35.0964 4760 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120127.019\ENG64.SYS

08:37:35.0979 4760 NAVENG - ok

08:37:36.0057 4760 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120127.019\EX64.SYS

08:37:36.0073 4760 NAVEX15 - ok

08:37:36.0182 4760 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

08:37:36.0198 4760 NDIS - ok

08:37:36.0244 4760 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

08:37:36.0260 4760 NdisTapi - ok

08:37:36.0276 4760 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

08:37:36.0276 4760 Ndisuio - ok

08:37:36.0307 4760 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

08:37:36.0322 4760 NdisWan - ok

08:37:36.0338 4760 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

08:37:36.0338 4760 NDProxy - ok

08:37:36.0369 4760 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

08:37:36.0369 4760 NetBIOS - ok

08:37:36.0416 4760 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

08:37:36.0416 4760 netbt - ok

08:37:36.0588 4760 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys

08:37:36.0728 4760 NETw5v64 - ok

08:37:36.0790 4760 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

08:37:36.0790 4760 nfrd960 - ok

08:37:36.0837 4760 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

08:37:36.0837 4760 Npfs - ok

08:37:36.0868 4760 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

08:37:36.0868 4760 nsiproxy - ok

08:37:36.0946 4760 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

08:37:36.0978 4760 Ntfs - ok

08:37:36.0993 4760 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

08:37:36.0993 4760 Null - ok

08:37:37.0024 4760 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

08:37:37.0024 4760 nvraid - ok

08:37:37.0040 4760 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

08:37:37.0040 4760 nvstor - ok

08:37:37.0056 4760 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

08:37:37.0071 4760 nv_agp - ok

08:37:37.0071 4760 NwlnkFlt - ok

08:37:37.0087 4760 NwlnkFwd - ok

08:37:37.0134 4760 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys

08:37:37.0134 4760 OA001Ufd - ok

08:37:37.0149 4760 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys

08:37:37.0149 4760 OA001Vid - ok

08:37:37.0196 4760 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

08:37:37.0196 4760 ohci1394 - ok

08:37:37.0227 4760 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

08:37:37.0227 4760 Parport - ok

08:37:37.0274 4760 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

08:37:37.0274 4760 partmgr - ok

08:37:37.0321 4760 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

08:37:37.0321 4760 pci - ok

08:37:37.0352 4760 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys

08:37:37.0352 4760 pciide - ok

08:37:37.0383 4760 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

08:37:37.0383 4760 pcmcia - ok

08:37:37.0414 4760 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

08:37:37.0446 4760 PEAUTH - ok

08:37:37.0508 4760 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

08:37:37.0508 4760 PptpMiniport - ok

08:37:37.0539 4760 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

08:37:37.0539 4760 Processor - ok

08:37:37.0586 4760 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

08:37:37.0586 4760 PSched - ok

08:37:37.0617 4760 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

08:37:37.0617 4760 PxHlpa64 - ok

08:37:37.0680 4760 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

08:37:37.0711 4760 ql2300 - ok

08:37:37.0726 4760 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

08:37:37.0726 4760 ql40xx - ok

08:37:37.0758 4760 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

08:37:37.0758 4760 QWAVEdrv - ok

08:37:37.0851 4760 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys

08:37:37.0914 4760 R300 - ok

08:37:37.0929 4760 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

08:37:37.0929 4760 RasAcd - ok

08:37:37.0976 4760 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:37:37.0976 4760 Rasl2tp - ok

08:37:38.0023 4760 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

08:37:38.0023 4760 RasPppoe - ok

08:37:38.0054 4760 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

08:37:38.0054 4760 RasSstp - ok

08:37:38.0101 4760 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

08:37:38.0116 4760 rdbss - ok

08:37:38.0132 4760 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:37:38.0132 4760 RDPCDD - ok

08:37:38.0163 4760 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

08:37:38.0163 4760 rdpdr - ok

08:37:38.0179 4760 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

08:37:38.0179 4760 RDPENCDD - ok

08:37:38.0210 4760 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

08:37:38.0210 4760 RDPWD - ok

08:37:38.0257 4760 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys

08:37:38.0272 4760 rimmptsk - ok

08:37:38.0288 4760 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys

08:37:38.0288 4760 rimsptsk - ok

08:37:38.0335 4760 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys

08:37:38.0335 4760 rismxdp - ok

08:37:38.0350 4760 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

08:37:38.0350 4760 rspndr - ok

08:37:38.0382 4760 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

08:37:38.0382 4760 sbp2port - ok

08:37:38.0444 4760 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys

08:37:38.0444 4760 sdbus - ok

08:37:38.0460 4760 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:37:38.0460 4760 secdrv - ok

08:37:38.0491 4760 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys

08:37:38.0491 4760 Serenum - ok

08:37:38.0522 4760 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys

08:37:38.0522 4760 Serial - ok

08:37:38.0553 4760 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

08:37:38.0553 4760 sermouse - ok

08:37:38.0616 4760 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:\Windows\system32\DRIVERS\sffdisk.sys

08:37:38.0616 4760 sffdisk - ok

08:37:38.0631 4760 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

08:37:38.0631 4760 sffp_mmc - ok

08:37:38.0678 4760 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:\Windows\system32\DRIVERS\sffp_sd.sys

08:37:38.0678 4760 sffp_sd - ok

08:37:38.0709 4760 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

08:37:38.0709 4760 sfloppy - ok

08:37:38.0725 4760 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

08:37:38.0740 4760 SiSRaid2 - ok

08:37:38.0756 4760 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

08:37:38.0756 4760 SiSRaid4 - ok

08:37:38.0803 4760 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

08:37:38.0803 4760 Smb - ok

08:37:38.0865 4760 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

08:37:38.0865 4760 spldr - ok

08:37:38.0912 4760 SRS_WOWHD_DivX_Service (1e5941dc058e88464448e48c59d20385) C:\Windows\system32\drivers\SRS_DivX_amd64.sys

08:37:38.0912 4760 SRS_WOWHD_DivX_Service - ok

08:37:39.0037 4760 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS

08:37:39.0052 4760 SRTSP - ok

08:37:39.0068 4760 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS

08:37:39.0068 4760 SRTSPX - ok

08:37:39.0130 4760 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

08:37:39.0130 4760 srv - ok

08:37:39.0177 4760 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

08:37:39.0193 4760 srv2 - ok

08:37:39.0224 4760 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

08:37:39.0240 4760 srvnet - ok

08:37:39.0286 4760 STHDA (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys

08:37:39.0286 4760 STHDA - ok

08:37:39.0333 4760 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

08:37:39.0333 4760 swenum - ok

08:37:39.0349 4760 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

08:37:39.0349 4760 Symc8xx - ok

08:37:39.0427 4760 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS

08:37:39.0442 4760 SymDS - ok

08:37:39.0520 4760 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS

08:37:39.0552 4760 SymEFA - ok

08:37:39.0630 4760 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

08:37:39.0630 4760 SymEvent - ok

08:37:39.0661 4760 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS

08:37:39.0676 4760 SymIRON - ok

08:37:39.0723 4760 SYMTDIv (6cb70a5d30e4322bab4ad52866b0a4b8) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS

08:37:39.0723 4760 SYMTDIv - ok

08:37:39.0786 4760 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

08:37:39.0786 4760 Sym_hi - ok

08:37:39.0801 4760 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

08:37:39.0801 4760 Sym_u3 - ok

08:37:39.0864 4760 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys

08:37:39.0895 4760 Tcpip - ok

08:37:39.0942 4760 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys

08:37:39.0942 4760 Tcpip6 - ok

08:37:39.0988 4760 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

08:37:39.0988 4760 tcpipreg - ok

08:37:40.0020 4760 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

08:37:40.0020 4760 TDPIPE - ok

08:37:40.0051 4760 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

08:37:40.0051 4760 TDTCP - ok

08:37:40.0082 4760 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

08:37:40.0082 4760 tdx - ok

08:37:40.0113 4760 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

08:37:40.0113 4760 TermDD - ok

08:37:40.0144 4760 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:37:40.0144 4760 tssecsrv - ok

08:37:40.0160 4760 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

08:37:40.0160 4760 tunmp - ok

08:37:40.0191 4760 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

08:37:40.0191 4760 tunnel - ok

08:37:40.0222 4760 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

08:37:40.0222 4760 uagp35 - ok

08:37:40.0269 4760 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

08:37:40.0285 4760 udfs - ok

08:37:40.0316 4760 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

08:37:40.0316 4760 uliagpkx - ok

08:37:40.0332 4760 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

08:37:40.0347 4760 uliahci - ok

08:37:40.0363 4760 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

08:37:40.0363 4760 UlSata - ok

08:37:40.0378 4760 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

08:37:40.0394 4760 ulsata2 - ok

08:37:40.0410 4760 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

08:37:40.0410 4760 umbus - ok

08:37:40.0456 4760 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

08:37:40.0456 4760 usbaudio - ok

08:37:40.0488 4760 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

08:37:40.0488 4760 usbccgp - ok

08:37:40.0519 4760 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

08:37:40.0519 4760 usbcir - ok

08:37:40.0550 4760 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

08:37:40.0550 4760 usbehci - ok

08:37:40.0612 4760 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

08:37:40.0628 4760 usbhub - ok

08:37:40.0659 4760 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

08:37:40.0659 4760 usbohci - ok

08:37:40.0690 4760 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

08:37:40.0690 4760 usbprint - ok

08:37:40.0737 4760 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

08:37:40.0737 4760 usbscan - ok

08:37:40.0784 4760 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:37:40.0784 4760 USBSTOR - ok

08:37:40.0831 4760 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

08:37:40.0831 4760 usbuhci - ok

08:37:40.0878 4760 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys

08:37:40.0878 4760 usbvideo - ok

08:37:40.0924 4760 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

08:37:40.0924 4760 vga - ok

08:37:40.0956 4760 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

08:37:40.0956 4760 VgaSave - ok

08:37:40.0987 4760 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

08:37:40.0987 4760 viaide - ok

08:37:41.0018 4760 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

08:37:41.0034 4760 volmgr - ok

08:37:41.0080 4760 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

08:37:41.0080 4760 volmgrx - ok

08:37:41.0112 4760 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

08:37:41.0112 4760 volsnap - ok

08:37:41.0143 4760 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

08:37:41.0158 4760 vsmraid - ok

08:37:41.0174 4760 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

08:37:41.0174 4760 WacomPen - ok

08:37:41.0221 4760 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

08:37:41.0221 4760 Wanarp - ok

08:37:41.0221 4760 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

08:37:41.0221 4760 Wanarpv6 - ok

08:37:41.0252 4760 wanatw (eceb715bece47e101ddec06b11126066) C:\Windows\system32\DRIVERS\wanatw64.sys

08:37:41.0268 4760 wanatw - ok

08:37:41.0299 4760 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

08:37:41.0299 4760 Wd - ok

08:37:41.0314 4760 WDC_SAM - ok

08:37:41.0377 4760 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:37:41.0408 4760 Wdf01000 - ok

08:37:41.0502 4760 WinUSB (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\WinUSB.sys

08:37:41.0517 4760 WinUSB - ok

08:37:41.0580 4760 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

08:37:41.0580 4760 WmiAcpi - ok

08:37:41.0658 4760 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

08:37:41.0658 4760 WpdUsb - ok

08:37:41.0720 4760 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

08:37:41.0736 4760 ws2ifsl - ok

08:37:41.0767 4760 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys

08:37:41.0767 4760 WSDPrintDevice - ok

08:37:41.0814 4760 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

08:37:41.0814 4760 WudfPf - ok

08:37:41.0860 4760 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:37:41.0876 4760 WUDFRd - ok

08:37:41.0938 4760 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

08:37:42.0001 4760 \Device\Harddisk0\DR0 - ok

08:37:42.0016 4760 Boot (0x1200) (ae13875b0640c48bb99b55ced590f1c7) \Device\Harddisk0\DR0\Partition0

08:37:42.0016 4760 \Device\Harddisk0\DR0\Partition0 - ok

08:37:42.0016 4760 Boot (0x1200) (9439d17677f2dc211ce6ac2ca37ee8a3) \Device\Harddisk0\DR0\Partition1

08:37:42.0032 4760 \Device\Harddisk0\DR0\Partition1 - ok

08:37:42.0032 4760 ============================================================

08:37:42.0032 4760 Scan finished

08:37:42.0032 4760 ============================================================

08:37:42.0032 2484 Detected object count: 0

08:37:42.0032 2484 Actual detected object count: 0

08:38:09.0940 3852 Deinitialize success

Link to post
Share on other sites
Elise

Elise

Posted
Posted

That is good news. I did not see evidence of one, but there are a few very common rootkit variants out there, which makes it good to check for them as a rule.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites
berrylion

berrylion

Posted
  • Author
Posted

here is the log

ComboFix 12-02-13.01 - new joint 02/15/2012 9:03.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4028.2155 [GMT -5:00]

Running from: c:\users\new joint\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll

c:\programdata\PCDr\5907\Downloads\8d357f17-07ad-4392-ba06-fb67564c98cd.dll

c:\programdata\PCDr\5907\Downloads\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll

c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll

c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll

c:\programdata\SPL2184.tmp

c:\programdata\SPL43E2.tmp

c:\programdata\SPL606B.tmp

c:\programdata\SPL8761.tmp

c:\programdata\SPL9D86.tmp

c:\programdata\SPLA6BF.tmp

c:\programdata\SPLADAC.tmp

c:\programdata\SPLB145.tmp

c:\programdata\SPLC2A8.tmp

c:\programdata\SPLCE36.tmp

c:\programdata\SPLD374.tmp

c:\programdata\SPLDF27.tmp

c:\programdata\SPLF271.tmp

c:\programdata\SPLFFC1.tmp

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))

.

.

2012-02-15 14:12 . 2012-02-15 14:16 -------- d-----w- c:\users\new joint\AppData\Local\temp

2012-02-15 14:12 . 2012-02-15 14:12 -------- d-----w- c:\users\susan\AppData\Local\temp

2012-02-14 04:07 . 2012-02-14 04:07 -------- d-----w- c:\users\susan\AppData\Roaming\Malwarebytes

2012-02-14 03:46 . 2012-02-14 03:46 -------- d-----w- c:\users\new joint\AppData\Roaming\Malwarebytes

2012-02-14 03:46 . 2012-02-14 04:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-02-14 03:46 . 2012-02-14 03:46 -------- d-----w- c:\programdata\Malwarebytes

2012-02-14 03:46 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-14 03:42 . 2012-02-14 03:42 -------- d--h--w- c:\programdata\Common Files

2012-02-14 03:40 . 2012-02-14 03:42 -------- d-----w- c:\programdata\MFAData

2012-02-14 02:31 . 2012-02-14 02:51 -------- d-----w- c:\program files (x86)\PC Tools

2012-02-14 02:28 . 2012-02-14 02:50 -------- d-----w- c:\programdata\PC Tools

2012-02-14 02:28 . 2012-02-14 02:28 -------- d-----w- c:\users\new joint\AppData\Roaming\TestApp

2012-02-12 20:20 . 2012-02-12 20:20 -------- d-----w- c:\users\susan\AppData\Roaming\.minecraft

2012-01-26 13:29 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-26 13:29 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll

2012-01-26 13:29 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll

2012-01-26 13:29 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll

2012-01-26 13:29 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll

2012-01-26 13:29 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll

2012-01-26 13:29 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll

2012-01-26 13:29 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll

2012-01-26 13:29 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-02 23:48 . 2012-01-02 23:48 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2011-11-30 21:05 . 2011-05-19 22:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-25 16:25 . 2012-01-11 11:37 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:57 . 2011-12-14 02:19 2764800 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 20:55 . 2012-01-11 11:37 1585152 ----a-w- c:\windows\system32\ntdll.dll

2011-11-18 20:55 . 2012-01-11 11:37 1167984 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-11-18 18:07 . 2012-01-11 11:37 76800 ----a-w- c:\windows\system32\packager.dll

2011-11-18 17:47 . 2012-01-11 11:37 66560 ----a-w- c:\windows\SysWow64\packager.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d76689d9-6555-42ee-a94f-ba89fb29ceb1}]

2011-07-20 22:42 59344 ----a-w- c:\program files (x86)\Maps4PC_0c\bar\1.bin\0cSrcAs.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{E8BE2447-0B1E-4013-8C98-30EF0F2EF23F}"= "c:\users\new joint\Documents\SuperFreshFood_Rewards_AutoEARN\sufrb.dll" [2010-04-27 333216]

.

[HKEY_CLASSES_ROOT\clsid\{e8be2447-0b1e-4013-8c98-30ef0f2ef23f}]

[HKEY_CLASSES_ROOT\Loader.MToolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{F3AFB623-17EC-4f04-97E6-B9FFD29F5646}]

[HKEY_CLASSES_ROOT\Loader.MToolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]

"sufrm"="c:\users\new joint\Documents\SuperFreshFood_Rewards_AutoEARN\sufrt.exe" [2010-04-27 574880]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-11-07 67456]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-12-09 237693]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-04-17 165104]

.

c:\users\susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-31 1995344]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 01:18]

.

2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-28 01:18]

.

2010-11-29 c:\windows\Tasks\Install_NSS.job

- c:\program files (x86)\DivX\Symantec\scstubinstaller.exe [2010-03-08 18:00]

.

2012-02-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

2012-02-15 c:\windows\Tasks\RegistryBooster.job

- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-12-25 08:26]

.

2012-02-15 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{5FEB2F64-3812-4C90-8376-041CCB750798}.job

- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]

.

2012-02-15 c:\windows\Tasks\User_Feed_Synchronization-{CAD0909F-A42D-459C-B99A-1C2167D12791}.job

- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-27 309760]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"combofix"="c:\combofix\CF8061.3XE" [2008-01-21 363008]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.0.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe

HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe

c:\program files (x86)\Common Files\AOL\ACS\AOLAcsd.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\progra~2\MAPS4P~2\bar\1.bin\0cbarsvc.exe

c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE

c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe

c:\users\new joint\Documents\SuperFreshFood_Rewards_AutoEARN\sufrp.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

.

**************************************************************************

.

Completion time: 2012-02-15 09:21:24 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-15 14:21

.

Pre-Run: 177,658,241,024 bytes free

Post-Run: 183,850,311,680 bytes free

.

- - End Of File - - ECC30B7B59DFD4D3C242E96D431EBED0

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Hi again,

Please press windows key + R, type appwiz.cpl and press enter. Uninstall the following programs.

Maps4PC

MediaBar

I also recommend you to uninstall Uniblue Registry Booster. At best a registry cleaner doesn't improve anything on your computer, but in worst case it can do quite some damage.

P2P WARNING

-------------------

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u2.
  • Look for "JDK 7u2 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

The free (downloaded) version comes standard with a 30 day trial. If you have bought a license, open MBAM and click the Protection tab. In the bottom section click the Register button and insert the data you received. That should activate MBAM. If you have any trouble with this, please let me know and I'll ask someone to look into it.

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

Link to post
Share on other sites
berrylion

berrylion

Posted
  • Author
Posted

I got the right malwarebytes , it now says Pro. Here is the log from the scan

Farbar Service Scanner Version: 14-02-2012

Ran by new joint (administrator) on 15-02-2012 at 20:20:16

Running from "C:\Users\new joint\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXTDCP1P"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Yahoo IP is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall"=DWORD:0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall"=DWORD:0

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

File Check:

========

C:\Windows\System32\nsisvc.dll

[2008-01-20 21:49] - [2008-01-20 21:49] - 0024576 ____A (Microsoft Corporation) ACB62BAA1C319B17752553DF3026EEEB

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcsvc.dll

[2009-12-03 07:25] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll

[2011-04-12 19:37] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll

[2009-12-03 07:26] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll

[2009-12-03 07:25] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll

[2008-01-20 21:47] - [2008-01-20 21:47] - 0128000 ____A (Microsoft Corporation) 4FF71B076A7760FE75EA5AE2D0EE0018

C:\Windows\System32\vssvc.exe

[2009-12-03 07:26] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll

[2009-12-03 07:25] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll

[2009-12-03 07:25] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll

[2009-10-03 09:51] - [2009-08-06 21:24] - 2424024 ____A (Microsoft Corporation) FB3796754FE00F0BDC87A36F164A5F4D

C:\Windows\System32\qmgr.dll

[2009-12-03 07:26] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll

[2009-12-03 07:26] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll

[2009-12-03 07:25] - [2009-04-11 02:11] - 0166912 ____A (Microsoft Corporation) 18918613E63F387CDE4D95CA7D49DCF7

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll

[2009-12-03 07:26] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF

**** End of log ****

Link to post
Share on other sites
Elise

Elise

Posted
Posted

Yes, you can install one of the following. :)

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

After installing an AV please run a full scan with it and let me know what it found if anything.

Link to post
Share on other sites
Elise

Elise

Posted
Posted

That is excellent news! :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites
  • 1 month later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.