Jump to content
needhelp1968

Infected with Trojan.Gen.2

Recommended Posts

Hello Forum,

My PC is infected with some Trojan viruses.

I purchased Malware Bytes Pro and ran a full scan.

It detected some trojan's and notified me that they had been removed but my computer continues to be under attack.

1) The computer is awfully slow.

2) IE is opening up malicious websites.

3) My anti-virus continues to prompt me with pop-ups notifying of the virus "Threat Detected"

4) Here are some of the messages:

- Trojan.Gen.2 detected

- Location: C:\Windows\System 32\System.exe

- Infection: Trojan horse Patched_c.LYT

Says "Detected on open"

5) Also shows Trojan.Zeroaccess.B - says manual removal required

6) Attached are the logs requested (DDS and Attach).

Appreciate any help this forum can provide.

Thank you much in advance!

DDS.txtAttach.txt

Share this post


Link to post
Share on other sites

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Share this post


Link to post
Share on other sites

Hello Gringo_pr,

Thank you for helping me with my request.

I have followed your instructions carefully.

If anything is still amiss please let me know and I will re-do it.

1) Dump of Checkup.txt

Results of screen317's Security Check version 0.99.42

Windows Vista Service Pack 2 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Norton Security Suite

WMI entry may not exist for antivirus; attempting automatic update.

AVG2012 successfully updated!

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Malwarebytes Anti-Malware version 1.61.0.1400

PC Cleaners

Java 6 Update 26

Java 6 Update 3

Java 6 Update 5

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Flash Player 10.0.32.18 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

AVG avgwdsvc.exe

AVG avgtray.exe

AVG avgrsx.exe

AVG avgnsx.exe

AVG avgemc.exe

Empowering Technology eSettings Service capuserv.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1 %

````````````````````End of Log``````````````````````

============================================================================

2) Log from Combofix

ComboFix 12-07-02.01 - Neetu 07/04/2012 2:29.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.671 [GMT -4:00]

Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\@

c:\users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\n

c:\users\Neetu\AppData\Roaming\8434.677

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\@

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\00000004.@

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\1afb2d56

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\201d3dde

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L\55490ac4

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\n

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\00000004.@

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\00000008.@

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\000000cb.@

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000000.@

c:\windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000032.@

c:\windows\system32\Nagasoft

c:\windows\system32\Nagasoft\32.ICO

c:\windows\system32\Nagasoft\Codecs\asyncflt.ax

c:\windows\system32\Nagasoft\Codecs\atrc.dll

c:\windows\system32\Nagasoft\Codecs\cook.dll

c:\windows\system32\Nagasoft\Codecs\drvc.dll

c:\windows\system32\Nagasoft\Codecs\raac.dll

c:\windows\system32\Nagasoft\Codecs\RealMediaSplitter.ax

c:\windows\system32\Nagasoft\Codecs\WMFDemux.dll

c:\windows\system32\Nagasoft\FFVJPlayer.exe

c:\windows\system32\Nagasoft\GifShower.dll

c:\windows\system32\Nagasoft\Uninstall.exe

c:\windows\system32\Nagasoft\vjocx.dll

c:\windows\system32\Nagasoft\vjocx.exe

.

c:\windows\system32\Services.exe . . . is infected!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_vvdsvc

-------\Service_vvdsvc

.

.

((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))

.

.

2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee

2012-07-04 06:58 . 2012-07-04 06:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-03 17:30 . 2012-07-03 17:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes

2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes

2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012

2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search

2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files

2012-07-01 22:23 . 2012-07-03 22:59 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012

2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG

2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG

2012-07-01 22:18 . 2012-07-03 22:59 -------- d-----w- c:\programdata\MFAData

2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll

2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll

2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll

2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll

2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll

2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\program files\blekkotb_031

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031

2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro

2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data

2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE

2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel

2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-08 16:12 . 2012-07-04 06:02 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype

2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype

2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]

2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]

"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]

"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]

"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]

"Skytel"="Skytel.exe" [2007-05-29 1826816]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

vvdsvc REG_MULTI_SZ vvdsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job

- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job

- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = about:blank

mStart Page = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe

HKLM-Run-Acer Tour - (no file)

HKLM-Run-eRecoveryService - (no file)

HKLM-Run-PC Cleaners - c:\program files\PC Cleaners\PCCleaners.exe

AddRemove-The Weather Channel Desktop 6 - c:\program files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe

AddRemove-VJOcx2.0 - c:\windows\system32\Nagasoft\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-04 03:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(5076)

c:\program files\Microsoft Office\Office12\GrooveMisc.dll

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\AVG\AVG2012\avgwdsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\acer\Empowering Technology\eDataSecurity\eDSService.exe

c:\acer\Empowering Technology\eLock\Service\eLockServ.exe

c:\acer\Empowering Technology\eNet\eNet Service.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\acer\Mobility Center\MobilityService.exe

c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\acer\Empowering Technology\ePower\ePowerSvc.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe

c:\acer\Empowering Technology\eSettings\Service\capuserv.exe

c:\program files\Spybot - Search & Destroy\SDWinSec.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

c:\windows\system32\DllHost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

.

**************************************************************************

.

Completion time: 2012-07-04 03:14:39 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-04 07:14

.

Pre-Run: 12,636,794,880 bytes free

Post-Run: 12,372,754,432 bytes free

.

- - End Of File - - 4827DEDBE3A758232EC3D25C76C44195

===================================================================

3) Issues Encountered:

a) Combofix took three attempts to run

b) First time it seemed to execute but gave very quick 2-3 pop us (that were gone before I could read) and then nothing happened.

c) I rebooted and tried a second time. This time the command prompt window showed me that combofix was executing but halfway through it I saw it freeze.

I was not running any other applications or processes. Both anti virus were disabled (AVG and Norton).

I did however get a pop up message saying "Running Combofix in Compatibility mode may damage the machine!"

d) I rebooted and tried a third time. Third time was a charm,

It ran through and then said trying to create a restore point and started completing various stages. Like some 38-40 stages or so.

Then it said "System file infected" and showed this location "C:\Windows\System 32\System.exe"

After some time time it popped up a message saying something like - normal cleanup failed - trying other methods and deeper scan.

After some more time it generated the log.

This entire process in item c described here took over 45 minutes.

===================================================================

4) How is the computer doing:

I tried to open Norton Anti-Virus to enable it but got the message "Illegal operation attempted on a registery key that has been marked for deletion."

So as per your instructions I re-started the computer and this time Norton and AVG launched without any problem.

But as soon as the computer reboot I did get a couple of messages from Norton

a) One for Trojan.gen.2

b) Other as under:

Severity: High

Activity: )Trojan.Zeroaccess.B) detected by Auto-Protect

Status: Manual Removal Required

Otherwise the computer seems to be running ok.

Performance is much improved (not much lag seen).

So far no malicious websites have been opened.

Other than the two instances where I was flagged about the trojans above there have been no other

pop ups from my anti virus indicating viruses.

Earlier (before I ran your instructions) I was getting hit with like 1-2 pop us a minute from my anti virus

about the trojans.

Thank you for the very detailed and clear instructions.

I am not using the computer yet other than to provide you what you have asked for.

What would you like me to do next.

Thanks again!

Share this post


Link to post
Share on other sites

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Gringo

Share this post


Link to post
Share on other sites

Hi Gringo thank you for the quick reply.

Please find the log that you requested (FRST.txt):

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 04-07-2012 01

Ran by SYSTEM at 04-07-2012 13:15:00

Running from F:\

Windows Vista Home Premium (X86) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)

HKLM\...\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting [45056 2007-04-24] ( )

HKLM\...\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-07-12] (Intel Corporation)

HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [71216 2007-03-14] (Cyberlink Corp.)

HKLM\...\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [54832 2007-02-07] ()

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [457216 2007-04-25] (HiTRUST)

HKLM\...\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe [850704 2007-06-14] (Dritek System Inc.)

HKLM\...\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe [1261568 2007-02-02] ()

HKLM\...\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup [3383296 2007-02-02] (Leader Technologies)

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [141848 2008-01-02] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [166424 2008-01-02] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [133656 2008-01-02] (Intel Corporation)

HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [155648 2008-05-06] (Apple Computer, Inc.)

HKLM\...\Run: [skytel] Skytel.exe [x]

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe [35328 2006-11-21] ()

HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1848648 2009-07-06] (CANON INC.)

HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [722256 2008-12-11] (CANON INC.)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-09-16] ()

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)

HKLM\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2012-05-03] (Visicom Media Inc. (Powered by Panda Security))

HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1107552 2012-07-01] ()

HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)

HKU\Neetu\...\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe [151552 2007-05-22] (Acer Inc.)

HKU\Neetu\...\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [4670704 2007-08-30] (Yahoo! Inc.)

HKU\Neetu\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)

HKU\Neetu\...\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2634048 2010-07-06] (Veoh Networks)

HKU\Neetu\...\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)

HKU\Neetu\...\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe" [10555904 2012-07-01] (The Weather Channel)

HKU\Neetu\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk

ShortcutTarget: Device Detector 2.lnk -> C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

Startup: C:\Users\Neetu\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk

ShortcutTarget: OpenOffice.org 2.3.lnk -> C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe ()

================================ Services (Whitelisted) ==================

2 Automatic LiveUpdate Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [554352 2007-09-12] (Symantec Corporation)

2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5161080 2012-06-12] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" [457512 2007-04-25] (HiTRSUT)

2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-04-23] (Acer Inc.)

2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [135168 2007-06-13] (Acer Inc.)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [53248 2007-07-03] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-06-28] ()

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)

2 Irmon; C:\Windows\System32\irmon.dll [17920 2006-11-02] (Microsoft Corporation)

3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)

2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe -p [107008 2006-11-24] ()

2 N360; "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe" /s "N360" /m "C:\Program Files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [272024 2007-04-02] ()

2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [810320 2008-01-28] (Safer Networking Ltd.)

2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3048136 2012-06-19] (Skype Technologies S.A.)

2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)

2 vToolbarUpdater11.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-07-01] ()

2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [167936 2007-06-13] (acer)

2 CLTNetCnService; "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]

4 NetMsmqActivator; "c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [x]

4 NetPipeActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]

4 NetTcpActivator; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]

4 NetTcpPortSharing; c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [x]

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )

3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )

1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-22] (AVG Technologies CZ, s.r.o.)

1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)

0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)

1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-19] (AVG Technologies CZ, s.r.o.)

1 BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys [821920 2012-06-18] (Symantec Corporation)

1 ccHP; C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys [485512 2011-08-03] (Symantec Corporation)

3 DKbFltr; C:\Windows\System32\DRIVERS\DKbFltr.sys [21264 2007-06-14] (Dritek System Inc.)

1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-05-30] (Symantec Corporation)

3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2012-05-30] (Symantec Corporation)

1 IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120702.001\IDSvix86.sys [382624 2012-06-14] (Symantec Corporation)

2 int15; \??\C:\Windows\system32\drivers\int15.sys [76584 2007-03-02] ()

2 irda; C:\Windows\System32\DRIVERS\irda.sys [95744 2008-01-18] (Microsoft Corporation)

4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Integrated Technology Express, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-04-04] (Malwarebytes Corporation)

3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120703.017\NAVENG.SYS [87928 2012-05-16] (Symantec Corporation)

3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120703.017\NAVEX15.SYS [1589752 2012-05-16] (Symantec Corporation)

3 NSCIRDA; C:\Windows\System32\DRIVERS\nscirda.sys [30720 2008-01-18] (National Semiconductor Corporation)

3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2007-08-25] (NewTech Infosystems, Inc.)

0 PSDFilter; C:\Windows\System32\DRIVERS\psdfilter.sys [20776 2007-04-25] (HiTRUST)

0 PSDNServ; C:\Windows\System32\drivers\PSDNServ.sys [16680 2007-04-25] (HiTRUST)

0 psdvdisk; C:\Windows\System32\drivers\psdvdisk.sys [60712 2007-04-25] (HiTRUST)

3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1729152 2007-02-07] ()

1 SRTSP; C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS [325680 2010-04-21] (Symantec Corporation)

1 SRTSPX; C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)

0 SymDS; C:\Windows\System32\drivers\N360\0404000.00C\SYMDS.SYS [328752 2009-10-14] (Symantec Corporation)

0 SymEFA; C:\Windows\System32\drivers\N360\0404000.00C\SYMEFA.SYS [173176 2011-08-21] (Symantec Corporation)

3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2011-01-01] (Symantec Corporation)

1 SymIRON; C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS [116784 2010-04-28] (Symantec Corporation)

1 SYMTDIv; C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS [340088 2011-08-21] (Symantec Corporation)

2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)

4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-03 23:14 - 2012-07-03 23:14 - 00019389 ____A C:\ComboFix.txt

2012-07-03 23:00 - 2012-07-03 23:01 - 00000000 ____D C:\6788cb2bf9deb48900de59dea34775ee

2012-07-03 22:25 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-07-03 22:25 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-07-03 22:25 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-07-03 22:25 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-07-03 22:25 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-07-03 22:25 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-07-03 22:25 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-07-03 22:25 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-07-03 22:24 - 2012-07-03 23:14 - 00000000 ____D C:\ComboFix

2012-07-03 21:50 - 2012-07-03 23:14 - 00000000 ____D C:\Qoobox

2012-07-03 21:50 - 2012-07-03 23:11 - 00000000 ____D C:\Windows\erdnt

2012-07-03 21:49 - 2012-07-03 21:49 - 00001500 ____A C:\Users\Neetu\Desktop\checkup.txt

2012-07-03 18:18 - 2012-07-03 18:18 - 00025040 ____A C:\Users\Neetu\Desktop\DDS.txt

2012-07-03 18:18 - 2012-07-03 18:18 - 00013435 ____A C:\Users\Neetu\Desktop\Attach.txt

2012-07-03 18:16 - 2012-07-03 18:16 - 00013435 ____A C:\Users\Neetu\Documents\Attach.txt

2012-07-03 14:11 - 2012-07-03 14:11 - 00000000 ____D C:\Users\Neetu\AppData\Local\{96A5A0B0-3C35-478F-B52F-98599CAE6458}

2012-07-03 14:10 - 2012-07-03 14:11 - 00000000 ____D C:\Users\Neetu\AppData\Local\{C49A0691-CD44-4865-921D-E9F316C50626}

2012-07-03 12:55 - 2012-07-03 12:56 - 00000000 ____D C:\Users\Neetu\AppData\Local\{03A696AC-E90B-4315-B7E3-AA64E255829E}

2012-07-03 12:54 - 2012-07-03 12:55 - 00000000 ____D C:\Users\Neetu\AppData\Local\{B019819B-3271-46F0-81D0-985B303AE82C}

2012-07-03 09:30 - 2012-07-03 09:30 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-03 09:30 - 2012-07-03 09:30 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Malwarebytes

2012-07-03 09:29 - 2012-07-03 09:30 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-07-03 09:29 - 2012-07-03 09:29 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-03 09:29 - 2012-04-04 11:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 09:15 - 2012-07-03 09:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Neetu\Downloads\mbam-setup-1.61.0.1400.exe

2012-07-03 09:15 - 2012-07-03 09:15 - 00000000 ____D C:\Users\Neetu\AppData\Local\{C3ABB107-7F6A-4438-AF82-A464E6ECB267}

2012-07-03 09:14 - 2012-07-03 09:14 - 00000000 ____D C:\Users\Neetu\AppData\Local\{2F4D5299-68E3-4338-B34D-5A3BE24F52DE}

2012-07-01 14:40 - 2012-07-01 14:41 - 00000000 ____D C:\Users\Neetu\AppData\Local\{3F590268-1497-49B6-8033-3E4F328DEA10}

2012-07-01 14:39 - 2012-07-01 14:40 - 00000000 ____D C:\Users\Neetu\AppData\Local\{6C8453B7-95A2-4C17-96EE-A6278176B168}

2012-07-01 14:26 - 2012-07-01 14:26 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\AVG2012

2012-07-01 14:25 - 2012-07-02 04:26 - 00000846 ____A C:\Users\Public\Desktop\AVG 2012.lnk

2012-07-01 14:25 - 2012-07-01 14:25 - 00000000 ____D C:\Users\Neetu\AppData\Local\AVG Secure Search

2012-07-01 14:25 - 2012-07-01 14:25 - 00000000 ____D C:\Users\All Users\AVG Secure Search

2012-07-01 14:24 - 2012-07-01 14:25 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search

2012-07-01 14:24 - 2012-07-01 14:25 - 00000000 ____D C:\Program Files\AVG Secure Search

2012-07-01 14:23 - 2012-07-04 04:59 - 00000000 ____D C:\Windows\System32\Drivers\AVG

2012-07-01 14:23 - 2012-07-01 14:27 - 00000000 ____D C:\Users\All Users\AVG2012

2012-07-01 14:23 - 2012-07-01 14:23 - 00000000 ____D C:\$AVG

2012-07-01 14:22 - 2012-07-01 14:22 - 00000000 ____D C:\Program Files\AVG

2012-07-01 14:18 - 2012-07-04 05:00 - 00000000 ____D C:\Users\All Users\MFAData

2012-07-01 14:18 - 2012-07-01 14:18 - 03879304 ____A (AVG Technologies) C:\Users\Neetu\Downloads\avg_free_stb_all_2012_2180_cnet.exe

2012-07-01 14:17 - 2012-07-01 14:17 - 00000000 ____D C:\Users\Neetu\Documents\Simply Super Software

2012-07-01 14:17 - 2012-06-15 12:39 - 00169744 ____A C:\Windows\System32\ztvunrar36.dll

2012-07-01 14:17 - 2012-06-15 12:35 - 00185616 ____A C:\Windows\System32\ztvunrar39.dll

2012-07-01 14:17 - 2012-06-15 12:33 - 00605968 ____A (Igor Pavlov) C:\Windows\System32\ztv7z.dll

2012-07-01 14:17 - 2012-06-15 12:33 - 00077072 ____A (Microsoft Corporation) C:\Windows\System32\ztvcabinet.dll

2012-07-01 14:17 - 2005-08-25 21:50 - 00077312 ____A C:\Windows\System32\ztvunace26.dll

2012-07-01 14:17 - 2003-02-02 16:06 - 00153088 ____A C:\Windows\System32\unrar3.dll

2012-07-01 14:17 - 2002-03-05 21:00 - 00075264 ____A C:\Windows\System32\unacev2.dll

2012-07-01 14:16 - 2012-07-01 14:17 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Simply Super Software

2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\Neetu\AppData\Local\blekkotb_031

2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\Simply Super Software

2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\blekko toolbars

2012-07-01 14:16 - 2012-07-01 14:16 - 00000000 ____D C:\Program Files\blekkotb_031

2012-07-01 14:15 - 2012-07-01 14:16 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor

2012-07-01 14:15 - 2012-07-01 14:15 - 12308848 ____A (Simply Super Software ) C:\Users\Neetu\Downloads\trj684.exe

2012-07-01 14:14 - 2012-07-01 14:15 - 00463080 ____A (CNET Download.com) C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe

2012-07-01 13:52 - 2012-07-01 13:52 - 00000781 ____A C:\Users\Neetu\Desktop\PC Cleaner Pro.lnk

2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\PCPro

2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\PC Cleaners

2012-07-01 13:52 - 2012-07-01 13:52 - 00000000 ____D C:\Users\All Users\PC1Data

2012-07-01 13:52 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Windows\uninst.exe

2012-07-01 13:51 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Users\Neetu\Downloads\PC_Pro_Installer.exe

2012-07-01 13:40 - 2012-07-01 13:40 - 00000000 ____D C:\Users\Neetu\AppData\Local\{882D2F6C-BD61-4D20-B929-C1A041A2E13F}

2012-07-01 13:39 - 2012-07-01 13:39 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8D807900-7F4A-4CB0-8A47-E016CDD121EA}

2012-07-01 13:30 - 2012-07-01 13:51 - 00000000 ____D C:\Users\Neetu\AppData\Local\NPE

2012-07-01 13:29 - 2012-07-01 13:30 - 02841104 ____A (Symantec Corporation) C:\Users\Neetu\Downloads\NPE.exe

2012-07-01 09:39 - 2012-07-01 09:39 - 00001105 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk

2012-07-01 09:33 - 2012-07-01 09:33 - 00000000 ____D C:\Users\Neetu\AppData\Local\{F139DA26-DEB0-4A11-AFC2-D9872F5EF462}

2012-07-01 09:33 - 2012-07-01 09:33 - 00000000 ____D C:\Program Files\The Weather Channel

2012-07-01 09:32 - 2012-07-01 09:33 - 00000000 ____D C:\Users\Neetu\AppData\Local\{FA2FA6D5-9F0A-420B-8D02-514DEFCA6761}

2012-06-28 15:04 - 2012-06-28 15:04 - 00000000 __SHD C:\Windows\System32\%APPDATA%

2012-06-27 20:49 - 2012-06-27 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-06-25 19:32 - 2012-06-25 19:32 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Mozilla

2012-06-23 00:41 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-23 00:41 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-23 00:41 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-23 00:41 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-23 00:40 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-23 00:40 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-23 00:40 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-23 00:39 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-23 00:39 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-14 04:37 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-14 04:37 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-14 04:37 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-14 04:36 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-14 04:36 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-14 04:36 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-14 04:36 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-14 04:36 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-14 04:36 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-14 04:36 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-14 04:36 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-14 04:36 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-14 04:36 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-14 04:36 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-13 00:10 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-06-13 00:10 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-06-13 00:10 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-06-13 00:09 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-13 00:09 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-06-08 08:12 - 2012-07-04 08:55 - 00000000 ____D C:\Users\Neetu\AppData\Roaming\Skype

2012-06-08 08:12 - 2012-06-08 08:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk

2012-06-08 08:12 - 2012-06-08 08:12 - 00000000 ___RD C:\Program Files\Skype

2012-06-08 08:12 - 2012-06-08 08:12 - 00000000 ____D C:\Program Files\Common Files\Skype

2012-06-08 08:09 - 2012-06-08 08:09 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Neetu\Downloads\SkypeSetup.exe

2012-06-08 05:51 - 2012-06-08 05:52 - 00000000 ____D C:\Users\Neetu\AppData\Local\{89A46BBA-E89D-4E57-998E-B4702D63D27D}

2012-06-08 05:51 - 2012-06-08 05:51 - 00000000 ____D C:\Users\Neetu\AppData\Local\{D08E103D-FCC9-4B50-B48E-1B8CB525A1A0}

2012-06-07 11:08 - 2012-06-07 11:08 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8285022C-173F-4724-9223-B468237A3046}

2012-06-07 11:08 - 2012-06-07 11:08 - 00000000 ____D C:\Users\Neetu\AppData\Local\{75E89D35-3E13-433C-9202-0F7A09117920}

2012-06-07 09:57 - 2012-06-07 09:57 - 00000000 ____D C:\Users\Neetu\AppData\Local\{F967FD96-05E8-4260-B059-FF1E1003E7AB}

2012-06-07 09:57 - 2012-06-07 09:57 - 00000000 ____D C:\Users\Neetu\AppData\Local\{8A0C59AA-440E-42D8-B5CD-8D056DAC399D}

2012-06-06 19:22 - 2012-06-06 19:22 - 00000000 ____D C:\Users\Neetu\AppData\Local\{54CFE2E8-42DF-443B-8BEE-3C83468B5020}

2012-06-06 19:21 - 2012-06-06 19:21 - 00000000 ____D C:\Users\Neetu\AppData\Local\{44B58133-73DA-491A-82A6-51545C7432B8}

============ 3 Months Modified Files ========================

2012-07-04 09:07 - 2006-11-02 05:01 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-04 09:07 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-04 09:05 - 2009-06-30 22:57 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job

2012-07-04 09:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-04 09:04 - 2006-11-02 04:47 - 00003568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-04 08:57 - 2007-10-09 11:03 - 01144365 ____A C:\Windows\WindowsUpdate.log

2012-07-03 23:14 - 2012-07-03 23:14 - 00019389 ____A C:\ComboFix.txt

2012-07-03 23:06 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini

2012-07-03 23:03 - 2007-08-25 21:36 - 00452068 ____A C:\Windows\PFRO.log

2012-07-03 23:02 - 2006-11-02 02:22 - 54001664 ____A C:\Windows\System32\config\SOFTWARE.bak

2012-07-03 23:02 - 2006-11-02 02:22 - 42205184 ____A C:\Windows\System32\config\COMPON~1.bak

2012-07-03 23:02 - 2006-11-02 02:22 - 26476544 ____A C:\Windows\System32\config\SYSTEM.bak

2012-07-03 23:02 - 2006-11-02 02:22 - 00524288 ____A C:\Windows\System32\config\DEFAULT.bak

2012-07-03 23:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak

2012-07-03 23:02 - 2006-11-02 02:22 - 00262144 ____A C:\Windows\System32\config\SAM.bak

2012-07-03 21:49 - 2012-07-03 21:49 - 00001500 ____A C:\Users\Neetu\Desktop\checkup.txt

2012-07-03 18:18 - 2012-07-03 18:18 - 00025040 ____A C:\Users\Neetu\Desktop\DDS.txt

2012-07-03 18:18 - 2012-07-03 18:18 - 00013435 ____A C:\Users\Neetu\Desktop\Attach.txt

2012-07-03 18:16 - 2012-07-03 18:16 - 00013435 ____A C:\Users\Neetu\Documents\Attach.txt

2012-07-03 17:59 - 2006-11-02 02:33 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-03 14:30 - 2008-05-06 15:11 - 00054156 ___AH C:\Windows\QTFont.qfn

2012-07-03 09:30 - 2012-07-03 09:30 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-03 09:15 - 2012-07-03 09:15 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\Neetu\Downloads\mbam-setup-1.61.0.1400.exe

2012-07-02 16:05 - 2009-06-30 22:56 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job

2012-07-02 04:26 - 2012-07-01 14:25 - 00000846 ____A C:\Users\Public\Desktop\AVG 2012.lnk

2012-07-01 14:18 - 2012-07-01 14:18 - 03879304 ____A (AVG Technologies) C:\Users\Neetu\Downloads\avg_free_stb_all_2012_2180_cnet.exe

2012-07-01 14:15 - 2012-07-01 14:15 - 12308848 ____A (Simply Super Software ) C:\Users\Neetu\Downloads\trj684.exe

2012-07-01 14:15 - 2012-07-01 14:14 - 00463080 ____A (CNET Download.com) C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe

2012-07-01 13:52 - 2012-07-01 13:52 - 00000781 ____A C:\Users\Neetu\Desktop\PC Cleaner Pro.lnk

2012-07-01 13:51 - 2012-07-01 13:52 - 04447544 ____A (PC Cleaners) C:\Windows\uninst.exe

2012-07-01 13:51 - 2012-07-01 13:51 - 04447544 ____A (PC Cleaners) C:\Users\Neetu\Downloads\PC_Pro_Installer.exe

2012-07-01 13:30 - 2012-07-01 13:29 - 02841104 ____A (Symantec Corporation) C:\Users\Neetu\Downloads\NPE.exe

2012-07-01 09:39 - 2012-07-01 09:39 - 00001105 ____A C:\Users\Public\Desktop\The Weather Channel App.lnk

2012-06-30 20:27 - 2006-11-02 04:52 - 00070810 ____A C:\Windows\setupact.log

2012-06-27 20:49 - 2012-06-27 20:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-06-27 20:49 - 2012-01-11 19:47 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-06-15 12:39 - 2012-07-01 14:17 - 00169744 ____A C:\Windows\System32\ztvunrar36.dll

2012-06-15 12:35 - 2012-07-01 14:17 - 00185616 ____A C:\Windows\System32\ztvunrar39.dll

2012-06-15 12:33 - 2012-07-01 14:17 - 00605968 ____A (Igor Pavlov) C:\Windows\System32\ztv7z.dll

2012-06-15 12:33 - 2012-07-01 14:17 - 00077072 ____A (Microsoft Corporation) C:\Windows\System32\ztvcabinet.dll

2012-06-14 06:03 - 2006-11-02 04:47 - 00389968 ____A C:\Windows\System32\FNTCACHE.DAT

2012-06-08 08:12 - 2012-06-08 08:12 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk

2012-06-08 08:09 - 2012-06-08 08:09 - 00944304 ____A (Skype Technologies S.A.) C:\Users\Neetu\Downloads\SkypeSetup.exe

2012-06-03 19:35 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-06-02 14:19 - 2012-06-23 00:41 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-23 00:41 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-23 00:41 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-23 00:40 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-23 00:40 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:12 - 2012-06-23 00:41 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:12 - 2012-06-23 00:40 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 11:19 - 2012-06-23 00:39 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 11:12 - 2012-06-23 00:39 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-05-17 15:11 - 2012-06-14 04:36 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-05-17 14:48 - 2012-06-14 04:36 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-05-17 14:45 - 2012-06-14 04:36 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-05-17 14:36 - 2012-06-14 04:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-05-17 14:35 - 2012-06-14 04:36 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-05-17 14:35 - 2012-06-14 04:36 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-05-17 14:33 - 2012-06-14 04:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-05-17 14:31 - 2012-06-14 04:36 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-05-17 14:29 - 2012-06-14 04:36 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-05-17 14:29 - 2012-06-14 04:36 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-05-17 14:27 - 2012-06-14 04:37 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-05-17 14:25 - 2012-06-14 04:37 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-05-17 14:24 - 2012-06-14 04:37 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-05-17 14:20 - 2012-06-14 04:36 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-05-17 06:19 - 2012-05-17 06:19 - 00035810 ____A C:\Users\Neetu\Downloads\Voicemail_20120517125400Z (1).wav

2012-05-17 06:18 - 2012-05-17 06:18 - 00035810 ____A C:\Users\Neetu\Downloads\Voicemail_20120517125400Z.wav

2012-05-15 11:51 - 2012-06-13 00:09 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-05-11 07:56 - 2008-01-15 10:02 - 00000680 ____A C:\Users\Neetu\AppData\Local\d3d9caps.dat

2012-05-09 09:54 - 2008-05-06 15:18 - 04031488 ___RA C:\Users\Public\Documents\ESBK.mbb

2012-05-09 09:54 - 2008-05-06 15:18 - 01915904 ___RA C:\Users\Public\Documents\ESBK.mb

2012-05-01 06:03 - 2012-06-13 00:09 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-23 08:00 - 2012-06-13 00:10 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 08:00 - 2012-06-13 00:10 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 08:00 - 2012-06-13 00:10 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-19 00:50 - 2012-04-19 00:50 - 00024896 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidshx.sys

2012-04-11 23:33 - 2012-04-11 23:33 - 00138824 ____A C:\Windows\Minidump\Mini041212-01.dmp

2012-04-11 23:32 - 2009-08-25 06:36 - 329419551 ____A C:\Windows\MEMORY.DMP

ZeroAccess:

C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}

C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L

C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U

ZeroAccess:

C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}

C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\L

C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe

[2009-08-04 18:18] - [2009-04-10 22:28] - 0314368 ____A (Microsoft Corporation)

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 2037.81 MB

Available physical RAM: 1752.02 MB

Total Pagefile: 1969.71 MB

Available Pagefile: 1826.8 MB

Total Virtual: 2047.88 MB

Available Virtual: 1983.72 MB

======================= Partitions =========================

1 Drive c: (ACER) (Fixed) (Total:69.65 GB) (Free:11.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:69.64 GB) (Free:6.71 GB) NTFS

4 Drive f: (KINGSTON) (Removable) (Total:7.45 GB) (Free:0.81 GB) FAT32

5 Drive x: (PQSERVICE) (Fixed) (Total:9.76 GB) (Free:3.87 GB) FAT32

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 149 GB 1849 KB

Disk 1 Online 7640 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 10 GB 1024 KB

Partition 2 Primary 70 GB 10 GB

Partition 3 Primary 70 GB 79 GB

==================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 X PQSERVICE FAT32 Partition 10 GB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C ACER NTFS Partition 70 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D DATA NTFS Partition 70 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7636 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 F KINGSTON FAT32 Removable 7636 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-03 23:38

======================= End Of Log ==========================

Share this post


Link to post
Share on other sites

Greetings

Ok lets see if we can find a replacement for the infected file

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo

Share this post


Link to post
Share on other sites

Hello! Sorry for the delay in getting back to you.

Please find the requested log (Search.txt):

Farbar Recovery Scan Tool Version: 04-07-2012 01

Ran by SYSTEM at 2012-07-05 10:50:17

Running from D:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

[2009-08-04 18:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

[2008-06-25 06:02] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe

[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0

C:\Windows\System32\services.exe

[2009-08-04 18:18] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843

=== End Of Search ===

Share this post


Link to post
Share on other sites

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt


Replace: C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe C:\Windows\System32\services.exe
C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}
C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo

Share this post


Link to post
Share on other sites

Hello,

Sorry bit of a noob here. I wasn't fully able to understand your previous post

1) I saved the code to my flash drive as fixlist.txt

2) I entered the System Recovery Options

3) I am stuck here. Do I launch "Command Prompt" from here and then run FRST64?

If yes, what command do I type for it?

Also, where is FRST64 located?

Thanks.

Share this post


Link to post
Share on other sites

Greetings

you do it just like you did before - and when the program opens you press the fix button

the program we need to run you have run it twice already - first time we used scan - second time we used search and now this time we are going to use fix

gringo

Share this post


Link to post
Share on other sites

Duhhh! Sorry and thank you!

Here is the requested log (Fixlog.txt)

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-07-2012 01

Ran by SYSTEM at 2012-07-05 19:38:58 Run:1

Running from D:\

==============================================

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe

C:\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} moved successfully.

C:\Users\Neetu\AppData\Local\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b} moved successfully.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

1) I booted up the PC. Immediately Norton fired up saying "Security threats were found. These have been fixed"

2) Disabled antivirus (AVG and Norton)

3) Ran Combofix

Got an error message "Error Opening file for writing: C:\32788R22FW\pev.3XE"

Retry didn't work, so I clicked "Ignore" and proceeded

Then it executed without much fuss.

PC is performing slow.

Here is the log:

ComboFix 12-07-05.04 - Neetu 07/06/2012 0:25.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.600 [GMT -4:00]

Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\assembly\GAC\Desktop.ini

c:\windows\system32\AutoRun.inf

c:\windows\system32\BSTIEPrintCtl1.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))

.

.

2012-07-06 04:41 . 2012-07-06 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-04 21:14 . 2012-07-04 21:14 -------- d-----w- C:\FRST

2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee

2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes

2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes

2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012

2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search

2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files

2012-07-01 22:23 . 2012-07-06 04:04 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012

2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG

2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG

2012-07-01 22:18 . 2012-07-06 04:05 -------- d-----w- c:\programdata\MFAData

2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll

2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll

2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll

2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll

2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll

2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\program files\blekkotb_031

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031

2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro

2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data

2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE

2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel

2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-08 16:12 . 2012-07-04 16:55 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype

2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype

2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]

2012-05-18 19:44 85288 ----a-w- c:\program files\blekkotb_031\blekkotb_019X.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{8769adce-dba5-48e9-afb5-67b12cdf2e61}"= "c:\program files\blekkotb_031\blekkotb_019X.dll" [2012-05-18 85288]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]

"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]

"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]

"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]

"Skytel"="Skytel.exe" [2007-05-29 1826816]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

vvdsvc REG_MULTI_SZ vvdsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job

- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job

- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = about:blank

mStart Page = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-06 00:42

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2012-07-06 00:46:00

ComboFix-quarantined-files.txt 2012-07-06 04:45

ComboFix2.txt 2012-07-04 07:14

.

Pre-Run: 17,980,375,040 bytes free

Post-Run: 17,534,480,384 bytes free

.

- - End Of File - - DF2F39B1F26271DD6E4E91D43E7BDAE9

Share this post


Link to post
Share on other sites

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Share this post


Link to post
Share on other sites

Hello!

1) When I booted up my computer, Malwarebytes Pro didn't start up.

Instead I got this message:

[OpenEvent] Failed to perform desired action. Error Code: 2

I clicked ok and proceeded.

2) Disabled AVG and Norton anti-virus.

3) Ran TDSSKiller. Here is the log:

10:41:04.0949 6984 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

10:41:05.0271 6984 ============================================================

10:41:05.0271 6984 Current date / time: 2012/07/06 10:41:05.0271

10:41:05.0271 6984 SystemInfo:

10:41:05.0271 6984

10:41:05.0271 6984 OS Version: 6.0.6002 ServicePack: 2.0

10:41:05.0271 6984 Product type: Workstation

10:41:05.0271 6984 ComputerName: NEETU-PC

10:41:05.0272 6984 UserName: Neetu

10:41:05.0272 6984 Windows directory: C:\Windows

10:41:05.0272 6984 System windows directory: C:\Windows

10:41:05.0272 6984 Processor architecture: Intel x86

10:41:05.0272 6984 Number of processors: 2

10:41:05.0272 6984 Page size: 0x1000

10:41:05.0272 6984 Boot type: Normal boot

10:41:05.0272 6984 ============================================================

10:41:09.0183 6984 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:41:09.0217 6984 ============================================================

10:41:09.0217 6984 \Device\Harddisk0\DR0:

10:41:09.0236 6984 MBR partitions:

10:41:09.0236 6984 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x8B4A800

10:41:09.0236 6984 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9ED3000, BlocksNum 0x8B46000

10:41:09.0236 6984 ============================================================

10:41:09.0751 6984 C: <-> \Device\Harddisk0\DR0\Partition0

10:41:09.0879 6984 D: <-> \Device\Harddisk0\DR0\Partition1

10:41:09.0880 6984 ============================================================

10:41:09.0880 6984 Initialize success

10:41:09.0880 6984 ============================================================

10:41:50.0186 3720 ============================================================

10:41:50.0186 3720 Scan started

10:41:50.0186 3720 Mode: Manual;

10:41:50.0186 3720 ============================================================

10:41:53.0766 3720 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

10:41:53.0773 3720 ACPI - ok

10:41:53.0848 3720 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

10:41:53.0858 3720 adp94xx - ok

10:41:53.0900 3720 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

10:41:53.0908 3720 adpahci - ok

10:41:53.0937 3720 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

10:41:53.0941 3720 adpu160m - ok

10:41:53.0971 3720 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

10:41:53.0975 3720 adpu320 - ok

10:41:54.0029 3720 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll

10:41:54.0031 3720 AeLookupSvc - ok

10:41:54.0122 3720 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

10:41:54.0128 3720 AFD - ok

10:41:54.0202 3720 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe

10:41:54.0204 3720 AgereModemAudio - ok

10:41:54.0322 3720 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys

10:41:54.0350 3720 AgereSoftModem - ok

10:41:54.0412 3720 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

10:41:54.0415 3720 agp440 - ok

10:41:54.0453 3720 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

10:41:54.0456 3720 aic78xx - ok

10:41:54.0498 3720 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe

10:41:54.0499 3720 ALG - ok

10:41:54.0513 3720 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

10:41:54.0515 3720 aliide - ok

10:41:54.0547 3720 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

10:41:54.0549 3720 amdagp - ok

10:41:54.0583 3720 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

10:41:54.0585 3720 amdide - ok

10:41:54.0620 3720 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

10:41:54.0622 3720 AmdK7 - ok

10:41:54.0733 3720 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

10:41:54.0736 3720 AmdK8 - ok

10:41:54.0802 3720 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll

10:41:54.0803 3720 Appinfo - ok

10:41:54.0849 3720 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

10:41:54.0852 3720 arc - ok

10:41:54.0886 3720 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

10:41:54.0889 3720 arcsas - ok

10:41:55.0108 3720 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

10:41:55.0220 3720 aspnet_state - ok

10:41:55.0278 3720 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

10:41:55.0281 3720 AsyncMac - ok

10:41:55.0330 3720 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

10:41:55.0376 3720 atapi - ok

10:41:56.0408 3720 athr (6046a55f79de9c581b8d5e9c1366cc81) C:\Windows\system32\DRIVERS\athr.sys

10:41:56.0678 3720 athr - ok

10:41:57.0461 3720 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

10:41:57.0498 3720 AudioEndpointBuilder - ok

10:41:57.0512 3720 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll

10:41:57.0518 3720 Audiosrv - ok

10:41:59.0112 3720 Automatic LiveUpdate Scheduler (b5d974c1fd078a68c7536c561b031d39) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

10:41:59.0284 3720 Automatic LiveUpdate Scheduler - ok

10:42:06.0030 3720 AVGIDSAgent (55893fff154ffd7c29919d2b9218210c) C:\Program Files\AVG\AVG2012\avgidsagent.exe

10:42:08.0300 3720 AVGIDSAgent - ok

10:42:10.0965 3720 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys

10:42:10.0971 3720 AVGIDSDriver - ok

10:42:11.0124 3720 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys

10:42:11.0126 3720 AVGIDSFilter - ok

10:42:11.0217 3720 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys

10:42:11.0236 3720 AVGIDSHX - ok

10:42:11.0334 3720 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys

10:42:11.0351 3720 AVGIDSShim - ok

10:42:11.0668 3720 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys

10:42:11.0695 3720 Avgldx86 - ok

10:42:11.0831 3720 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys

10:42:11.0851 3720 Avgmfx86 - ok

10:42:12.0064 3720 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys

10:42:12.0075 3720 Avgrkx86 - ok

10:42:12.0833 3720 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys

10:42:12.0870 3720 Avgtdix - ok

10:42:13.0490 3720 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe

10:42:13.0533 3720 avgwd - ok

10:42:14.0275 3720 b57nd60x (0b92ccf7bfcbe2b33838434f2f50cb61) C:\Windows\system32\DRIVERS\b57nd60x.sys

10:42:14.0386 3720 b57nd60x - ok

10:42:14.0897 3720 BCM43XV (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys

10:42:15.0160 3720 BCM43XV - ok

10:42:15.0194 3720 BCM43XX (746f59822a5187510471fc46889b8cc9) C:\Windows\system32\DRIVERS\bcmwl6.sys

10:42:15.0200 3720 BCM43XX - ok

10:42:15.0279 3720 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

10:42:15.0296 3720 Beep - ok

10:42:15.0798 3720 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll

10:42:15.0825 3720 BFE - ok

10:42:16.0962 3720 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20120619.001\BHDrvx86.sys

10:42:17.0709 3720 BHDrvx86 - ok

10:42:19.0403 3720 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll

10:42:19.0823 3720 BITS - ok

10:42:19.0885 3720 blbdrive - ok

10:42:20.0365 3720 Bonjour Service (cc4e72a0fa7f62175c8bb42ba2caa3d5) C:\Program Files\Bonjour\mDNSResponder.exe

10:42:20.0372 3720 Bonjour Service - ok

10:42:20.0783 3720 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

10:42:20.0826 3720 bowser - ok

10:42:21.0192 3720 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

10:42:21.0267 3720 BrFiltLo - ok

10:42:21.0411 3720 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

10:42:21.0467 3720 BrFiltUp - ok

10:42:21.0842 3720 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll

10:42:21.0868 3720 Browser - ok

10:42:22.0113 3720 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

10:42:22.0163 3720 Brserid - ok

10:42:22.0384 3720 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

10:42:22.0399 3720 BrSerWdm - ok

10:42:22.0463 3720 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

10:42:22.0476 3720 BrUsbMdm - ok

10:42:22.0679 3720 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

10:42:22.0682 3720 BrUsbSer - ok

10:42:22.0895 3720 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

10:42:22.0899 3720 BTHMODEM - ok

10:42:27.0096 3720 catchme - ok

10:42:29.0136 3720 ccHP (1fa1c0e73eca849bed29a47c508f7f17) C:\Windows\system32\drivers\N360\0404000.00C\ccHPx86.sys

10:42:29.0260 3720 ccHP - ok

10:42:29.0874 3720 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

10:42:29.0920 3720 cdfs - ok

10:42:30.0292 3720 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

10:42:30.0350 3720 cdrom - ok

10:42:30.0542 3720 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

10:42:30.0562 3720 CertPropSvc - ok

10:42:30.0912 3720 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

10:42:30.0923 3720 circlass - ok

10:42:31.0934 3720 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

10:42:32.0000 3720 CLFS - ok

10:42:32.0798 3720 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:42:32.0976 3720 clr_optimization_v2.0.50727_32 - ok

10:42:33.0908 3720 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:42:34.0474 3720 clr_optimization_v4.0.30319_32 - ok

10:42:34.0801 3720 CLTNetCnService - ok

10:42:34.0923 3720 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

10:42:34.0940 3720 CmBatt - ok

10:42:35.0046 3720 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

10:42:35.0059 3720 cmdide - ok

10:42:35.0218 3720 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

10:42:35.0233 3720 Compbatt - ok

10:42:35.0240 3720 COMSysApp - ok

10:42:35.0351 3720 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

10:42:35.0353 3720 crcdisk - ok

10:42:35.0465 3720 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

10:42:35.0473 3720 Crusoe - ok

10:42:35.0957 3720 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll

10:42:35.0991 3720 CryptSvc - ok

10:42:37.0830 3720 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

10:42:38.0073 3720 DcomLaunch - ok

10:42:38.0414 3720 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

10:42:38.0460 3720 DfsC - ok

10:42:41.0499 3720 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe

10:42:41.0765 3720 DFSR - ok

10:42:42.0310 3720 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll

10:42:42.0333 3720 Dhcp - ok

10:42:42.0613 3720 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

10:42:42.0674 3720 disk - ok

10:42:43.0030 3720 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys

10:42:43.0118 3720 DKbFltr - ok

10:42:43.0568 3720 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll

10:42:43.0571 3720 Dnscache - ok

10:42:45.0903 3720 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll

10:42:46.0011 3720 dot3svc - ok

10:42:48.0395 3720 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

10:42:48.0813 3720 Dot4 - ok

10:42:49.0333 3720 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

10:42:49.0351 3720 Dot4Print - ok

10:42:49.0821 3720 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

10:42:49.0860 3720 dot4usb - ok

10:42:51.0236 3720 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll

10:42:51.0283 3720 DPS - ok

10:42:51.0428 3720 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

10:42:51.0479 3720 drmkaud - ok

10:42:53.0529 3720 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

10:42:53.0827 3720 DXGKrnl - ok

10:42:54.0851 3720 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

10:42:54.0887 3720 E1G60 - ok

10:42:55.0264 3720 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll

10:42:55.0311 3720 EapHost - ok

10:42:57.0936 3720 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

10:42:58.0621 3720 Ecache - ok

10:43:05.0086 3720 eDataSecurity Service (f54907aa07f60aff81e1e09e97af98b0) C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

10:43:05.0298 3720 eDataSecurity Service - ok

10:43:08.0556 3720 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

10:43:09.0030 3720 eeCtrl - ok

10:43:13.0376 3720 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe

10:43:13.0677 3720 ehRecvr - ok

10:43:14.0871 3720 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe

10:43:14.0962 3720 ehSched - ok

10:43:15.0235 3720 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll

10:43:15.0266 3720 ehstart - ok

10:43:15.0649 3720 eLockService (a7b5f3b9363f9ab1d4fe459baf3b15d6) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

10:43:15.0693 3720 eLockService - ok

10:43:26.0490 3720 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

10:43:26.0585 3720 elxstor - ok

10:43:29.0043 3720 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll

10:43:29.0240 3720 EMDMgmt - ok

10:43:30.0525 3720 eNet Service (207e2dda01aac6ad64f0368ca59fc179) C:\Acer\Empowering Technology\eNet\eNet Service.exe

10:43:30.0678 3720 eNet Service - ok

10:43:31.0719 3720 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

10:43:31.0733 3720 EraserUtilRebootDrv - ok

10:43:32.0061 3720 eRecoveryService (a7b084bfbbd582a843d2f5c35220f962) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

10:43:32.0087 3720 eRecoveryService - ok

10:43:32.0254 3720 eSettingsService (06484e97d22f06de8de0f8e2bec6fa9e) C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

10:43:32.0285 3720 eSettingsService - ok

10:43:33.0223 3720 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll

10:43:33.0361 3720 EventSystem - ok

10:43:34.0341 3720 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

10:43:34.0375 3720 exfat - ok

10:43:34.0638 3720 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

10:43:34.0765 3720 fastfat - ok

10:43:34.0907 3720 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

10:43:34.0910 3720 fdc - ok

10:43:34.0987 3720 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll

10:43:34.0990 3720 fdPHost - ok

10:43:35.0171 3720 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll

10:43:35.0201 3720 FDResPub - ok

10:43:35.0447 3720 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

10:43:35.0482 3720 FileInfo - ok

10:43:35.0764 3720 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

10:43:35.0944 3720 Filetrace - ok

10:43:36.0065 3720 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

10:43:36.0078 3720 flpydisk - ok

10:43:36.0503 3720 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

10:43:36.0949 3720 FltMgr - ok

10:43:40.0933 3720 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll

10:43:41.0466 3720 FontCache - ok

10:43:41.0874 3720 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

10:43:41.0882 3720 FontCache3.0.0.0 - ok

10:43:42.0035 3720 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys

10:43:42.0063 3720 Fs_Rec - ok

10:43:42.0525 3720 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

10:43:42.0556 3720 gagp30kx - ok

10:43:42.0736 3720 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:43:42.0791 3720 GEARAspiWDM - ok

10:43:45.0196 3720 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll

10:43:45.0499 3720 gpsvc - ok

10:43:45.0782 3720 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

10:43:45.0815 3720 HdAudAddService - ok

10:43:46.0904 3720 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

10:43:47.0295 3720 HDAudBus - ok

10:43:47.0438 3720 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

10:43:47.0553 3720 HidBth - ok

10:43:48.0027 3720 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

10:43:48.0036 3720 HidIr - ok

10:43:48.0477 3720 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll

10:43:48.0486 3720 hidserv - ok

10:43:48.0695 3720 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

10:43:48.0767 3720 HidUsb - ok

10:43:49.0095 3720 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll

10:43:49.0129 3720 hkmsvc - ok

10:43:49.0231 3720 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

10:43:49.0254 3720 HpCISSs - ok

10:43:50.0610 3720 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

10:43:50.0776 3720 HSFHWAZL - ok

10:43:52.0565 3720 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

10:43:53.0143 3720 HSF_DPV - ok

10:43:53.0318 3720 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

10:43:53.0514 3720 HTTP - ok

10:43:54.0362 3720 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

10:43:54.0405 3720 i2omp - ok

10:43:56.0223 3720 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

10:43:56.0315 3720 i8042prt - ok

10:43:57.0477 3720 IAANTMON (204a73a56751c68c6031e9d5d611ec98) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

10:43:57.0527 3720 IAANTMON - ok

10:44:14.0279 3720 ialm (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

10:44:15.0362 3720 ialm - ok

10:44:17.0657 3720 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys

10:44:17.0662 3720 iaStor - ok

10:44:18.0075 3720 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

10:44:18.0182 3720 iaStorV - ok

10:44:18.0649 3720 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

10:44:18.0691 3720 IDriverT - ok

10:44:20.0798 3720 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:44:21.0215 3720 idsvc - ok

10:44:26.0103 3720 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20120705.001\IDSvix86.sys

10:44:26.0821 3720 IDSVix86 - ok

10:44:40.0666 3720 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys

10:44:40.0685 3720 igfx - ok

10:44:42.0731 3720 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

10:44:42.0733 3720 iirsp - ok

10:44:44.0520 3720 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll

10:44:44.0602 3720 IKEEXT - ok

10:44:44.0739 3720 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Windows\system32\drivers\int15.sys

10:44:44.0749 3720 int15 - ok

10:44:49.0610 3720 IntcAzAudAddService (9438fe15da89c6aace8a79db2c6f60c1) C:\Windows\system32\drivers\RTKVHDA.sys

10:44:50.0498 3720 IntcAzAudAddService - ok

10:44:52.0531 3720 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

10:44:52.0548 3720 intelide - ok

10:44:52.0797 3720 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

10:44:52.0967 3720 intelppm - ok

10:44:53.0291 3720 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll

10:44:53.0350 3720 IPBusEnum - ok

10:44:53.0648 3720 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:44:53.0651 3720 IpFilterDriver - ok

10:44:54.0195 3720 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll

10:44:54.0370 3720 iphlpsvc - ok

10:44:54.0379 3720 IpInIp - ok

10:44:54.0498 3720 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

10:44:54.0532 3720 IPMIDRV - ok

10:44:55.0291 3720 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

10:44:55.0420 3720 IPNAT - ok

10:44:56.0136 3720 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys

10:44:56.0154 3720 irda - ok

10:44:56.0394 3720 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

10:44:56.0452 3720 IRENUM - ok

10:44:57.0040 3720 Irmon (cbb0d940221a281bcfeaea695bd1cda5) C:\Windows\System32\irmon.dll

10:44:57.0099 3720 Irmon - ok

10:44:57.0423 3720 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

10:44:57.0454 3720 isapnp - ok

10:44:58.0069 3720 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

10:44:58.0178 3720 iScsiPrt - ok

10:44:58.0372 3720 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

10:44:58.0375 3720 iteatapi - ok

10:44:58.0547 3720 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

10:44:58.0574 3720 iteraid - ok

10:44:58.0834 3720 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

10:44:58.0870 3720 kbdclass - ok

10:44:58.0978 3720 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

10:44:59.0012 3720 kbdhid - ok

10:44:59.0156 3720 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

10:44:59.0170 3720 KeyIso - ok

10:45:01.0219 3720 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

10:45:01.0362 3720 KSecDD - ok

10:45:02.0382 3720 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll

10:45:02.0540 3720 KtmRm - ok

10:45:03.0138 3720 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll

10:45:03.0151 3720 LanmanServer - ok

10:45:03.0795 3720 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll

10:45:03.0826 3720 LanmanWorkstation - ok

10:45:04.0256 3720 LightScribeService (793ff718477345cd5d232c50bed1e452) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

10:45:04.0259 3720 LightScribeService - ok

10:45:05.0370 3720 LiveUpdate (a97eeb81f05bce3d7aa6c81f04ef39a4) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

10:45:05.0482 3720 LiveUpdate - ok

10:45:06.0758 3720 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

10:45:06.0761 3720 lltdio - ok

10:45:06.0962 3720 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll

10:45:06.0968 3720 lltdsvc - ok

10:45:07.0143 3720 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll

10:45:07.0160 3720 lmhosts - ok

10:45:07.0244 3720 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

10:45:07.0247 3720 LSI_FC - ok

10:45:07.0291 3720 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

10:45:07.0294 3720 LSI_SAS - ok

10:45:07.0335 3720 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

10:45:07.0338 3720 LSI_SCSI - ok

10:45:07.0382 3720 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

10:45:07.0386 3720 luafv - ok

10:45:07.0486 3720 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys

10:45:07.0501 3720 MBAMProtector - ok

10:45:07.0990 3720 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:45:08.0005 3720 MBAMService - ok

10:45:08.0037 3720 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll

10:45:08.0042 3720 Mcx2Svc - ok

10:45:08.0085 3720 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

10:45:08.0087 3720 megasas - ok

10:45:08.0182 3720 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

10:45:08.0186 3720 Microsoft Office Groove Audit Service - ok

10:45:08.0237 3720 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

10:45:08.0240 3720 MMCSS - ok

10:45:08.0296 3720 MobilityService - ok

10:45:08.0402 3720 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

10:45:08.0404 3720 Modem - ok

10:45:08.0482 3720 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

10:45:08.0484 3720 monitor - ok

10:45:08.0595 3720 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

10:45:08.0597 3720 mouclass - ok

10:45:08.0645 3720 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

10:45:08.0650 3720 mouhid - ok

10:45:08.0794 3720 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

10:45:08.0798 3720 MountMgr - ok

10:45:08.0962 3720 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

10:45:08.0966 3720 mpio - ok

10:45:09.0107 3720 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

10:45:09.0110 3720 mpsdrv - ok

10:45:09.0172 3720 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll

10:45:09.0221 3720 MpsSvc - ok

10:45:09.0306 3720 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

10:45:09.0309 3720 Mraid35x - ok

10:45:09.0355 3720 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

10:45:09.0358 3720 MRxDAV - ok

10:45:09.0411 3720 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:45:09.0415 3720 mrxsmb - ok

10:45:09.0508 3720 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:45:09.0551 3720 mrxsmb10 - ok

10:45:09.0575 3720 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:45:09.0578 3720 mrxsmb20 - ok

10:45:09.0628 3720 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

10:45:09.0630 3720 msahci - ok

10:45:09.0652 3720 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

10:45:09.0696 3720 msdsm - ok

10:45:09.0797 3720 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe

10:45:09.0802 3720 MSDTC - ok

10:45:09.0903 3720 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

10:45:09.0906 3720 Msfs - ok

10:45:09.0957 3720 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

10:45:09.0959 3720 msisadrv - ok

10:45:10.0021 3720 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll

10:45:10.0025 3720 MSiSCSI - ok

10:45:10.0059 3720 msiserver - ok

10:45:10.0091 3720 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

10:45:10.0093 3720 MSKSSRV - ok

10:45:10.0143 3720 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

10:45:10.0145 3720 MSPCLOCK - ok

10:45:10.0156 3720 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

10:45:10.0158 3720 MSPQM - ok

10:45:10.0283 3720 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

10:45:10.0288 3720 MsRPC - ok

10:45:10.0358 3720 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

10:45:10.0360 3720 mssmbios - ok

10:45:10.0418 3720 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

10:45:10.0420 3720 MSTEE - ok

10:45:10.0454 3720 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

10:45:10.0456 3720 Mup - ok

10:45:11.0011 3720 N360 (b4187346f54e362daffe647b25a58d50) C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

10:45:11.0038 3720 N360 - ok

10:45:11.0250 3720 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll

10:45:11.0281 3720 napagent - ok

10:45:12.0895 3720 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

10:45:12.0919 3720 NativeWifiP - ok

10:45:13.0397 3720 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.036\NAVENG.SYS

10:45:13.0402 3720 NAVENG - ok

10:45:14.0083 3720 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20120705.036\NAVEX15.SYS

10:45:14.0174 3720 NAVEX15 - ok

10:45:15.0071 3720 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

10:45:15.0087 3720 NDIS - ok

10:45:15.0209 3720 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

10:45:15.0222 3720 NdisTapi - ok

10:45:15.0254 3720 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

10:45:15.0256 3720 Ndisuio - ok

10:45:15.0390 3720 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

10:45:15.0394 3720 NdisWan - ok

10:45:15.0825 3720 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

10:45:16.0056 3720 NDProxy - ok

10:45:16.0268 3720 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll

10:45:16.0272 3720 Net Driver HPZ12 - ok

10:45:16.0497 3720 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

10:45:16.0526 3720 NetBIOS - ok

10:45:16.0560 3720 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

10:45:16.0565 3720 netbt - ok

10:45:16.0612 3720 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

10:45:16.0614 3720 Netlogon - ok

10:45:17.0112 3720 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll

10:45:17.0125 3720 Netman - ok

10:45:17.0490 3720 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

10:45:17.0513 3720 NetMsmqActivator - ok

10:45:17.0526 3720 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

10:45:17.0530 3720 NetPipeActivator - ok

10:45:18.0108 3720 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll

10:45:18.0116 3720 netprofm - ok

10:45:18.0126 3720 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

10:45:18.0128 3720 NetTcpActivator - ok

10:45:18.0137 3720 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

10:45:18.0139 3720 NetTcpPortSharing - ok

10:45:19.0379 3720 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

10:45:20.0245 3720 NETw3v32 - ok

10:45:20.0727 3720 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

10:45:20.0731 3720 nfrd960 - ok

10:45:21.0045 3720 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll

10:45:21.0079 3720 NlaSvc - ok

10:45:21.0175 3720 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

10:45:21.0189 3720 Npfs - ok

10:45:21.0278 3720 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys

10:45:21.0281 3720 NSCIRDA - ok

10:45:21.0378 3720 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll

10:45:21.0381 3720 nsi - ok

10:45:21.0444 3720 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

10:45:21.0466 3720 nsiproxy - ok

10:45:22.0182 3720 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

10:45:22.0378 3720 Ntfs - ok

10:45:22.0488 3720 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys

10:45:22.0514 3720 NTIDrvr - ok

10:45:22.0534 3720 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

10:45:22.0536 3720 ntrigdigi - ok

10:45:22.0590 3720 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

10:45:22.0603 3720 Null - ok

10:45:22.0810 3720 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

10:45:22.0814 3720 nvraid - ok

10:45:22.0883 3720 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

10:45:22.0886 3720 nvstor - ok

10:45:22.0965 3720 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

10:45:22.0969 3720 nv_agp - ok

10:45:22.0976 3720 NwlnkFlt - ok

10:45:22.0995 3720 NwlnkFwd - ok

10:45:23.0641 3720 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:45:23.0655 3720 odserv - ok

10:45:23.0822 3720 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

10:45:23.0824 3720 ohci1394 - ok

10:45:23.0880 3720 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:45:23.0915 3720 ose - ok

10:45:24.0172 3720 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

10:45:24.0196 3720 p2pimsvc - ok

10:45:24.0212 3720 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

10:45:24.0220 3720 p2psvc - ok

10:45:24.0269 3720 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

10:45:24.0273 3720 Parport - ok

10:45:24.0341 3720 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys

10:45:24.0351 3720 partmgr - ok

10:45:24.0429 3720 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

10:45:24.0432 3720 Parvdm - ok

10:45:25.0126 3720 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll

10:45:25.0129 3720 PcaSvc - ok

10:45:25.0236 3720 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

10:45:25.0242 3720 pci - ok

10:45:25.0346 3720 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

10:45:25.0360 3720 pciide - ok

10:45:26.0040 3720 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

10:45:26.0047 3720 pcmcia - ok

10:45:27.0975 3720 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

10:45:28.0257 3720 PEAUTH - ok

10:45:30.0678 3720 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll

10:45:31.0252 3720 pla - ok

10:45:32.0189 3720 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll

10:45:32.0236 3720 PlugPlay - ok

10:45:32.0322 3720 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll

10:45:32.0332 3720 Pml Driver HPZ12 - ok

10:45:32.0851 3720 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

10:45:32.0859 3720 PNRPAutoReg - ok

10:45:32.0876 3720 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll

10:45:32.0884 3720 PNRPsvc - ok

10:45:34.0057 3720 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll

10:45:34.0092 3720 PolicyAgent - ok

10:45:34.0919 3720 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

10:45:34.0937 3720 PptpMiniport - ok

10:45:34.0980 3720 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

10:45:34.0983 3720 Processor - ok

10:45:35.0216 3720 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll

10:45:35.0306 3720 ProfSvc - ok

10:45:35.0389 3720 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

10:45:35.0391 3720 ProtectedStorage - ok

10:45:35.0995 3720 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

10:45:36.0005 3720 PSched - ok

10:45:36.0128 3720 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys

10:45:36.0130 3720 PSDFilter - ok

10:45:36.0224 3720 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys

10:45:36.0227 3720 PSDNServ - ok

10:45:36.0524 3720 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys

10:45:36.0540 3720 psdvdisk - ok

10:45:36.0729 3720 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys

10:45:36.0747 3720 PxHelp20 - ok

10:45:42.0810 3720 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

10:45:43.0392 3720 ql2300 - ok

10:45:43.0703 3720 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

10:45:43.0715 3720 ql40xx - ok

10:45:43.0942 3720 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll

10:45:43.0965 3720 QWAVE - ok

10:45:44.0122 3720 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

10:45:44.0126 3720 QWAVEdrv - ok

10:45:44.0194 3720 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

10:45:44.0197 3720 RasAcd - ok

10:45:44.0535 3720 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll

10:45:44.0581 3720 RasAuto - ok

10:45:44.0902 3720 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:45:44.0910 3720 Rasl2tp - ok

10:45:45.0197 3720 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll

10:45:45.0209 3720 RasMan - ok

10:45:45.0361 3720 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

10:45:45.0411 3720 RasPppoe - ok

10:45:45.0891 3720 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

10:45:46.0296 3720 RasSstp - ok

10:45:46.0811 3720 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

10:45:46.0817 3720 rdbss - ok

10:45:46.0920 3720 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:45:46.0948 3720 RDPCDD - ok

10:45:47.0068 3720 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

10:45:47.0074 3720 rdpdr - ok

10:45:47.0126 3720 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

10:45:47.0139 3720 RDPENCDD - ok

10:45:47.0701 3720 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys

10:45:54.0720 3720 RDPWD - ok

10:45:55.0781 3720 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll

10:45:56.0339 3720 RemoteAccess - ok

10:45:57.0741 3720 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll

10:45:58.0518 3720 RemoteRegistry - ok

10:45:59.0617 3720 RichVideo (2de0a33a7e58bedc8d70b1940e0ffe28) C:\Program Files\CyberLink\Shared Files\RichVideo.exe

10:46:00.0782 3720 RichVideo - ok

10:46:00.0844 3720 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe

10:46:00.0879 3720 RpcLocator - ok

10:46:01.0187 3720 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll

10:46:01.0765 3720 RpcSs - ok

10:46:02.0946 3720 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

10:46:03.0254 3720 rspndr - ok

10:46:03.0334 3720 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys

10:46:03.0459 3720 RTL8169 - ok

10:46:03.0543 3720 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe

10:46:04.0336 3720 SamSs - ok

10:46:04.0413 3720 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

10:46:04.0930 3720 sbp2port - ok

10:46:06.0049 3720 SBSDWSCService (a0c00a6265949ac72ab51b711743ca6d) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

10:46:07.0222 3720 SBSDWSCService - ok

10:46:07.0549 3720 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll

10:46:07.0802 3720 SCardSvr - ok

10:46:08.0383 3720 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll

10:46:08.0925 3720 Schedule - ok

10:46:08.0972 3720 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll

10:46:09.0856 3720 SCPolicySvc - ok

10:46:10.0261 3720 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

10:46:10.0663 3720 sdbus - ok

10:46:10.0716 3720 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll

10:46:10.0732 3720 SDRSVC - ok

10:46:11.0284 3720 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

10:46:11.0877 3720 SeaPort - ok

10:46:12.0245 3720 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

10:46:12.0271 3720 secdrv - ok

10:46:12.0571 3720 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll

10:46:12.0638 3720 seclogon - ok

10:46:13.0049 3720 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll

10:46:13.0131 3720 SENS - ok

10:46:13.0152 3720 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

10:46:13.0249 3720 Serenum - ok

10:46:13.0580 3720 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

10:46:13.0749 3720 Serial - ok

10:46:13.0860 3720 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

10:46:14.0733 3720 sermouse - ok

10:46:14.0889 3720 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll

10:46:14.0904 3720 SessionEnv - ok

10:46:14.0982 3720 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

10:46:15.0101 3720 sffdisk - ok

10:46:15.0214 3720 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

10:46:15.0421 3720 sffp_mmc - ok

10:46:15.0593 3720 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

10:46:16.0653 3720 sffp_sd - ok

10:46:16.0701 3720 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys

10:46:16.0843 3720 sfloppy - ok

10:46:17.0052 3720 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll

10:46:17.0096 3720 SharedAccess - ok

10:46:17.0165 3720 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll

10:46:17.0917 3720 ShellHWDetection - ok

10:46:17.0957 3720 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

10:46:18.0066 3720 sisagp - ok

10:46:18.0405 3720 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

10:46:18.0532 3720 SiSRaid2 - ok

10:46:19.0318 3720 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

10:46:20.0236 3720 SiSRaid4 - ok

10:46:23.0943 3720 Skype C2C Service (2a99850c2a6edd6c6602e822c716edaf) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

10:46:25.0705 3720 Skype C2C Service - ok

10:46:25.0996 3720 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe

10:46:28.0025 3720 SkypeUpdate - ok

10:46:29.0463 3720 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe

10:46:30.0394 3720 slsvc - ok

10:46:31.0049 3720 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll

10:46:31.0235 3720 SLUINotify - ok

10:46:31.0310 3720 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

10:46:31.0412 3720 Smb - ok

10:46:31.0452 3720 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe

10:46:31.0459 3720 SNMPTRAP - ok

10:46:31.0725 3720 SNP2UVC (53d1e2ecbf26b313ffdd2b8ba3d2f66e) C:\Windows\system32\DRIVERS\snp2uvc.sys

10:46:32.0076 3720 SNP2UVC - ok

10:46:32.0502 3720 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

10:46:32.0509 3720 spldr - ok

10:46:32.0592 3720 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe

10:46:32.0802 3720 Spooler - ok

10:46:32.0974 3720 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0404000.00C\SRTSP.SYS

10:46:33.0120 3720 SRTSP - ok

10:46:33.0162 3720 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0404000.00C\SRTSPX.SYS

10:46:33.0244 3720 SRTSPX - ok

10:46:33.0295 3720 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

10:46:33.0433 3720 srv - ok

10:46:33.0477 3720 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

10:46:33.0548 3720 srv2 - ok

10:46:33.0592 3720 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

10:46:33.0654 3720 srvnet - ok

10:46:33.0711 3720 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll

10:46:33.0722 3720 SSDPSRV - ok

10:46:33.0765 3720 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll

10:46:33.0806 3720 SstpSvc - ok

10:46:33.0899 3720 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

10:46:33.0972 3720 StillCam - ok

10:46:34.0032 3720 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll

10:46:34.0728 3720 stisvc - ok

10:46:34.0906 3720 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

10:46:34.0967 3720 swenum - ok

10:46:35.0196 3720 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll

10:46:35.0320 3720 swprv - ok

10:46:35.0420 3720 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

10:46:35.0521 3720 Symc8xx - ok

10:46:35.0677 3720 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0404000.00C\SYMDS.SYS

10:46:36.0081 3720 SymDS - ok

10:46:36.0416 3720 SymEFA (10ba64273feff4df0a7ccb0ff3b9b26b) C:\Windows\system32\drivers\N360\0404000.00C\SYMEFA.SYS

10:46:36.0729 3720 SymEFA - ok

10:46:37.0027 3720 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS

10:46:37.0282 3720 SymEvent - ok

10:46:37.0548 3720 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0404000.00C\Ironx86.SYS

10:46:38.0001 3720 SymIRON - ok

10:46:38.0094 3720 SYMTDIv (b501d61792d8355eae7eb4f7449a9d99) C:\Windows\System32\Drivers\N360\0404000.00C\SYMTDIV.SYS

10:46:38.0308 3720 SYMTDIv - ok

10:46:38.0367 3720 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

10:46:38.0477 3720 Sym_hi - ok

10:46:38.0584 3720 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

10:46:38.0649 3720 Sym_u3 - ok

10:46:38.0758 3720 SynTP (f7a4250bb3e3afcd4af100e551509352) C:\Windows\system32\DRIVERS\SynTP.sys

10:46:39.0049 3720 SynTP - ok

10:46:39.0433 3720 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll

10:46:39.0532 3720 SysMain - ok

10:46:39.0599 3720 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll

10:46:39.0609 3720 TabletInputService - ok

10:46:39.0678 3720 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll

10:46:39.0768 3720 TapiSrv - ok

10:46:39.0956 3720 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll

10:46:40.0013 3720 TBS - ok

10:46:40.0327 3720 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys

10:46:40.0427 3720 Tcpip - ok

10:46:40.0444 3720 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys

10:46:40.0453 3720 Tcpip6 - ok

10:46:40.0710 3720 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

10:46:41.0188 3720 tcpipreg - ok

10:46:41.0257 3720 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

10:46:41.0362 3720 TDPIPE - ok

10:46:41.0422 3720 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

10:46:41.0554 3720 TDTCP - ok

10:46:42.0394 3720 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

10:46:42.0516 3720 tdx - ok

10:46:42.0562 3720 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

10:46:42.0725 3720 TermDD - ok

10:46:42.0998 3720 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll

10:46:43.0075 3720 TermService - ok

10:46:43.0154 3720 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll

10:46:43.0159 3720 Themes - ok

10:46:43.0217 3720 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll

10:46:43.0230 3720 THREADORDER - ok

10:46:43.0399 3720 tifm21 (78213f01ce781f93180bef5eb5b3ad81) C:\Windows\system32\drivers\tifm21.sys

10:46:43.0578 3720 tifm21 - ok

10:46:43.0649 3720 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll

10:46:43.0661 3720 TrkWks - ok

10:46:43.0747 3720 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe

10:46:43.0804 3720 TrustedInstaller - ok

10:46:44.0125 3720 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:46:44.0404 3720 tssecsrv - ok

10:46:44.0476 3720 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

10:46:44.0546 3720 tunmp - ok

10:46:44.0592 3720 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

10:46:44.0636 3720 tunnel - ok

10:46:44.0708 3720 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

10:46:44.0817 3720 uagp35 - ok

10:46:46.0396 3720 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

10:46:46.0799 3720 udfs - ok

10:46:47.0615 3720 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe

10:46:47.0629 3720 UI0Detect - ok

10:46:48.0668 3720 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

10:46:49.0759 3720 uliagpkx - ok

10:46:51.0912 3720 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

10:46:52.0415 3720 uliahci - ok

10:46:53.0760 3720 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

10:46:53.0986 3720 UlSata - ok

10:46:54.0562 3720 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

10:46:55.0273 3720 ulsata2 - ok

10:46:55.0529 3720 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

10:46:56.0111 3720 umbus - ok

10:47:00.0387 3720 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll

10:47:00.0858 3720 upnphost - ok

10:47:01.0469 3720 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

10:47:01.0614 3720 usbccgp - ok

10:47:01.0674 3720 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

10:47:01.0759 3720 usbcir - ok

10:47:01.0833 3720 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

10:47:02.0401 3720 usbehci - ok

10:47:02.0531 3720 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

10:47:02.0864 3720 usbhub - ok

10:47:03.0143 3720 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

10:47:03.0225 3720 usbohci - ok

10:47:03.0294 3720 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

10:47:03.0383 3720 usbprint - ok

10:47:04.0339 3720 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

10:47:04.0404 3720 usbscan - ok

10:47:04.0451 3720 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:47:04.0542 3720 USBSTOR - ok

10:47:05.0148 3720 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

10:47:05.0216 3720 usbuhci - ok

10:47:05.0283 3720 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys

10:47:05.0347 3720 usbvideo - ok

10:47:05.0415 3720 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll

10:47:05.0557 3720 UxSms - ok

10:47:06.0064 3720 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe

10:47:06.0379 3720 vds - ok

10:47:06.0418 3720 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

10:47:06.0507 3720 vga - ok

10:47:06.0554 3720 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

10:47:06.0598 3720 VgaSave - ok

10:47:06.0962 3720 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

10:47:07.0003 3720 viaagp - ok

10:47:07.0214 3720 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

10:47:07.0533 3720 ViaC7 - ok

10:47:07.0579 3720 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

10:47:07.0649 3720 viaide - ok

10:47:08.0012 3720 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

10:47:08.0031 3720 volmgr - ok

10:47:08.0105 3720 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

10:47:08.0192 3720 volmgrx - ok

10:47:08.0255 3720 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

10:47:08.0297 3720 volsnap - ok

10:47:08.0704 3720 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

10:47:08.0776 3720 vsmraid - ok

10:47:09.0504 3720 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe

10:47:09.0555 3720 VSS - ok

10:47:10.0196 3720 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

10:47:10.0698 3720 vToolbarUpdater11.2.0 - ok

10:47:10.0964 3720 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll

10:47:11.0072 3720 W32Time - ok

10:47:11.0205 3720 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

10:47:11.0281 3720 WacomPen - ok

10:47:11.0325 3720 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

10:47:11.0432 3720 Wanarp - ok

10:47:11.0439 3720 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

10:47:11.0441 3720 Wanarpv6 - ok

10:47:11.0825 3720 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll

10:47:12.0222 3720 wcncsvc - ok

10:47:12.0566 3720 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll

10:47:12.0612 3720 WcsPlugInService - ok

10:47:12.0765 3720 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

10:47:12.0875 3720 Wd - ok

10:47:14.0904 3720 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

10:47:15.0164 3720 Wdf01000 - ok

10:47:15.0818 3720 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

10:47:15.0954 3720 WdiServiceHost - ok

10:47:15.0961 3720 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll

10:47:15.0966 3720 WdiSystemHost - ok

10:47:16.0927 3720 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll

10:47:17.0112 3720 WebClient - ok

10:47:18.0090 3720 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll

10:47:18.0310 3720 Wecsvc - ok

10:47:18.0748 3720 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll

10:47:18.0815 3720 wercplsupport - ok

10:47:19.0250 3720 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll

10:47:19.0504 3720 WerSvc - ok

10:47:20.0731 3720 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

10:47:20.0875 3720 winachsf - ok

10:47:21.0839 3720 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll

10:47:22.0382 3720 WinDefend - ok

10:47:22.0399 3720 WinHttpAutoProxySvc - ok

10:47:23.0574 3720 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll

10:47:24.0275 3720 Winmgmt - ok

10:47:25.0242 3720 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll

10:47:25.0838 3720 WinRM - ok

10:47:26.0104 3720 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll

10:47:26.0208 3720 Wlansvc - ok

10:47:26.0787 3720 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:47:27.0082 3720 wlidsvc - ok

10:47:28.0696 3720 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

10:47:28.0741 3720 WmiAcpi - ok

10:47:28.0839 3720 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe

10:47:28.0890 3720 wmiApSrv - ok

10:47:29.0038 3720 WMIService (e8781cf1a4262881897444d22921a3a6) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

10:47:29.0155 3720 WMIService - ok

10:47:29.0308 3720 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe

10:47:29.0395 3720 WMPNetworkSvc - ok

10:47:29.0833 3720 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll

10:47:29.0970 3720 WPCSvc - ok

10:47:30.0045 3720 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll

10:47:30.0144 3720 WPDBusEnum - ok

10:47:30.0276 3720 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

10:47:30.0335 3720 WpdUsb - ok

10:47:30.0683 3720 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

10:47:31.0132 3720 WPFFontCache_v0400 - ok

10:47:31.0340 3720 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

10:47:31.0393 3720 ws2ifsl - ok

10:47:31.0491 3720 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll

10:47:31.0605 3720 wscsvc - ok

10:47:31.0617 3720 WSearch - ok

10:47:32.0355 3720 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

10:47:32.0731 3720 wuauserv - ok

10:47:33.0132 3720 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:47:33.0191 3720 WUDFRd - ok

10:47:33.0266 3720 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll

10:47:33.0276 3720 wudfsvc - ok

10:47:33.0386 3720 {95808DC4-FA4A-4c74-92FE-5B863F82066B} (8098180b3f6c430a4e60333bc036f936) C:\Program Files\CyberLink\PowerDVD\000.fcl

10:47:33.0398 3720 {95808DC4-FA4A-4c74-92FE-5B863F82066B} - ok

10:47:33.0422 3720 MBR (0x1B8) (6fc6f9186c07bca94e140f63bfe6e9b4) \Device\Harddisk0\DR0

10:47:37.0559 3720 \Device\Harddisk0\DR0 - ok

10:47:37.0592 3720 Boot (0x1200) (0ad4c135ddd5c7c558f1b37433dd641f) \Device\Harddisk0\DR0\Partition0

10:47:37.0594 3720 \Device\Harddisk0\DR0\Partition0 - ok

10:47:37.0614 3720 Boot (0x1200) (1785dd7402a53f688825e4069d107f1f) \Device\Harddisk0\DR0\Partition1

10:47:37.0616 3720 \Device\Harddisk0\DR0\Partition1 - ok

10:47:37.0617 3720 ============================================================

10:47:37.0617 3720 Scan finished

10:47:37.0617 3720 ============================================================

10:47:37.0643 7168 Detected object count: 0

10:47:37.0643 7168 Actual detected object count: 0

4) I ran aswMBR. Here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-06 10:52:31

-----------------------------

10:52:31.947 OS Version: Windows 6.0.6002 Service Pack 2

10:52:31.947 Number of processors: 2 586 0xF0D

10:52:31.949 ComputerName: NEETU-PC UserName: Neetu

10:52:42.303 Initialize success

10:56:25.112 AVAST engine defs: 12070600

10:59:36.659 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

10:59:36.665 Disk 0 Vendor: Hitachi_ SB4O Size: 152627MB BusType: 3

10:59:36.698 Disk 0 MBR read successfully

10:59:36.704 Disk 0 MBR scan

10:59:36.719 Disk 0 unknown MBR code

10:59:36.735 Disk 0 Partition 1 00 27 Hidden NTFS WinRE MSDOS5.0 10000 MB offset 2048

10:59:36.766 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71317 MB offset 20482048

10:59:36.799 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71308 MB offset 166539264

10:59:36.821 Disk 0 scanning sectors +312578048

10:59:36.895 Disk 0 scanning C:\Windows\system32\drivers

11:00:08.164 Service scanning

11:00:54.338 Modules scanning

11:01:07.063 Disk 0 trace - called modules:

11:01:07.135 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys

11:01:07.148 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860d8ac8]

11:01:07.162 3 CLASSPNP.SYS[87fb98b3] -> nt!IofCallDriver -> [0x84e0f798]

11:01:07.175 5 acpi.sys[806996bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84e15030]

11:01:08.069 AVAST engine scan C:\Windows

11:01:37.906 AVAST engine scan C:\Windows\system32

11:07:48.536 AVAST engine scan C:\Windows\system32\drivers

11:08:10.626 AVAST engine scan C:\Users\Neetu

11:14:10.076 AVAST engine scan C:\ProgramData

11:22:32.629 Scan finished successfully

11:25:49.921 Disk 0 MBR has been saved successfully to "C:\Users\Neetu\Desktop\Downloads\MBR.dat"

11:25:49.932 The log file has been saved successfully to "C:\Users\Neetu\Desktop\Downloads\aswMBR.txt"

Thank you!

Share this post


Link to post
Share on other sites

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Share this post


Link to post
Share on other sites

Hello

1) Created CFScript.txt and dragged it to Combofix.exe

2) Combofix started executing, it then prompted me that a new version of combofix was available and asked if it should upgrade.

I said yes, it did so and continued.

3) Here is the log it produced after executing:

===================================================================

ComboFix 12-07-06.02 - Neetu 07/06/2012 14:34:27.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.784 [GMT -4:00]

Running from: c:\users\Neetu\Desktop\Downloads\ComboFix.exe

Command switches used :: c:\users\Neetu\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\blekkotb_031\blEKkotb_019x.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-06-06 to 2012-07-06 )))))))))))))))))))))))))))))))

.

.

2012-07-06 18:46 . 2012-07-06 18:46 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-04 21:14 . 2012-07-04 21:14 -------- d-----w- C:\FRST

2012-07-04 07:00 . 2012-07-04 07:01 -------- d-----w- C:\6788cb2bf9deb48900de59dea34775ee

2012-07-03 21:39 . 2012-07-03 21:39 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-07-03 17:30 . 2012-07-03 17:30 -------- d-----w- c:\users\Neetu\AppData\Roaming\Malwarebytes

2012-07-03 17:29 . 2012-07-03 17:29 -------- d-----w- c:\programdata\Malwarebytes

2012-07-03 17:29 . 2012-07-03 17:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-03 17:29 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-01 22:26 . 2012-07-01 22:26 -------- d-----w- c:\users\Neetu\AppData\Roaming\AVG2012

2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\users\Neetu\AppData\Local\AVG Secure Search

2012-07-01 22:25 . 2012-07-01 22:25 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:25 -------- d-----w- c:\program files\AVG Secure Search

2012-07-01 22:24 . 2012-07-01 22:24 -------- d--h--w- c:\programdata\Common Files

2012-07-01 22:23 . 2012-07-06 14:47 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-01 22:23 . 2012-07-01 22:27 -------- d-----w- c:\programdata\AVG2012

2012-07-01 22:23 . 2012-07-01 22:23 -------- d-----w- C:\$AVG

2012-07-01 22:22 . 2012-07-01 22:22 -------- d-----w- c:\program files\AVG

2012-07-01 22:18 . 2012-07-06 14:47 -------- d-----w- c:\programdata\MFAData

2012-07-01 22:17 . 2012-06-15 20:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll

2012-07-01 22:17 . 2012-06-15 20:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll

2012-07-01 22:17 . 2012-06-15 20:33 605968 ----a-w- c:\windows\system32\ztv7z.dll

2012-07-01 22:17 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2012-07-01 22:17 . 2012-06-15 20:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll

2012-07-01 22:17 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll

2012-07-01 22:17 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2012-07-01 22:16 . 2012-07-01 22:17 -------- d-----w- c:\users\Neetu\AppData\Roaming\Simply Super Software

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Simply Super Software

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\programdata\blekko toolbars

2012-07-01 22:16 . 2012-07-06 18:45 -------- d-----w- c:\program files\blekkotb_031

2012-07-01 22:16 . 2012-07-01 22:16 -------- d-----w- c:\users\Neetu\AppData\Local\blekkotb_031

2012-07-01 22:15 . 2012-07-01 22:16 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PC Cleaners

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\users\Neetu\AppData\Roaming\PCPro

2012-07-01 21:52 . 2012-07-01 21:51 4447544 ----a-w- c:\windows\uninst.exe

2012-07-01 21:52 . 2012-07-01 21:52 -------- d-----w- c:\programdata\PC1Data

2012-07-01 21:30 . 2012-07-01 21:51 -------- d-----w- c:\users\Neetu\AppData\Local\NPE

2012-07-01 17:33 . 2012-07-01 17:33 -------- d-----w- c:\program files\The Weather Channel

2012-06-28 23:04 . 2012-06-28 23:04 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-28 04:49 . 2012-06-28 04:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-23 08:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 08:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 08:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 08:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 08:40 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-23 08:40 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 08:40 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 08:39 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 08:39 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-14 12:37 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-14 12:37 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-06-14 12:37 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll

2012-06-13 08:10 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-13 08:10 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-13 08:10 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-13 08:09 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-13 08:09 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-08 16:12 . 2012-07-04 16:55 -------- d-----w- c:\users\Neetu\AppData\Roaming\Skype

2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----w- c:\program files\Common Files\Skype

2012-06-08 16:12 . 2012-06-08 16:12 -------- d-----r- c:\program files\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-28 04:49 . 2012-01-12 03:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 08:50 . 2012-04-19 08:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-01 22:24 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-01 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-06-05 17344176]

"DW7"="c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-07-01 10555904]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-29 4472832]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]

"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]

"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]

"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-15 850704]

"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]

"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-06 155648]

"Skytel"="Skytel.exe" [2007-05-29 1826816]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-01 1107552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Neetu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-8-17 393216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Device Detector 2.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-6-27 106496]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-8-26 535336]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 30564131

*NewlyCreated* - ASWMBR

*Deregistered* - 30564131

*Deregistered* - aswMBR

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

vvdsvc REG_MULTI_SZ vvdsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000Core.job

- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]

.

2012-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121395090-2152420972-532832032-1000UA.job

- c:\users\Neetu\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-25 16:01]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = about:blank

mStart Page = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

TCP: DhcpNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

DPF: CabBuilder - hxxp://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-06 14:46

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.4.0.12\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2012-07-06 14:49:41

ComboFix-quarantined-files.txt 2012-07-06 18:49

ComboFix2.txt 2012-07-06 04:46

ComboFix3.txt 2012-07-04 07:14

.

Pre-Run: 15,417,815,040 bytes free

Post-Run: 15,365,451,776 bytes free

.

- - End Of File - - 2007045B78FE54BB542DA2827B4EC817

===================================================================

4) Computer is running fine now, no lagging or slowness. No more prompts of viruses or trojans.

I uninstalled AVG anti-virus. Only running Norton now.

Norton is enabled now. Hasn't alerted me to any threats yet.

Thank you!

Share this post


Link to post
Share on other sites

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

  • Programs to remove
    • Adobe Reader 9.4.7
      blekko search bar
      eMusic - 50 Free MP3 offer
      Java 6 Update 26
      Java 6 Update 3
      Java 6 Update 5

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe Reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
    You can download it from
http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
  • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from
here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Share this post


Link to post
Share on other sites

Phew :-)

Thanks for the detailed instructions. I think I followed everything as you wanted me to.

1) I downloaded Revo Uninstaller and successfully removed the programs you had listed to be removed.

2) I downloaded the latest Adobe from the link you provided.

3) I installed Java from the link you provided.

4) I installed CCleaner and cleaned out the temp files.

5) I ran MBAM and here is the log:

================================================================

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.07.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Neetu :: NEETU-PC [administrator]

Protection: Enabled

7/7/2012 1:28:11 PM

mbam-log-2012-07-07 (13-28-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 205573

Time elapsed: 10 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

================================================================

6) I ran HijackThis and here is the log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:44:23 PM, on 7/7/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Norton Security Suite\Engine\4.4.0.12\ccSvcHst.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\QuickTime\qttask.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Program Files\OpenOffice.org 2.3\program\soffice.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\Neetu\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Windows\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe

C:\Users\Neetu\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} -

C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security

Suite\Engine\4.4.0.12\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll

O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll

O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.4.0.12\coIEPlg.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\RunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f

O4 - HKCU\..\RunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f

O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe

O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7

\bin\jp2iexp.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12

\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -

http://img4.orkut.com/activex/10036/photouploader.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab

O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab

O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/livetv.ocx

O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.spvod.com/soft/vjocx-ch-spvod.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12

\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.4.0.12

\ccSvcHst.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

--

End of file - 14658 bytes

================================================================

================================================================

7) During the course of the above operations Norton alerted me to these activities on my computer:

Risk: High

Title: Trojan.Zeroaccess.B requires manual removal

Severity: High

Activity: 00000008.@.vir (Trojan.Gen) detected by Virus Scanner

Status: Quarantined

Date & Time: Saturday, July 07, 2012 1.01 p.m. EST

Severity: High

Activity: n.vir (Trojan.Gen) detected by Virus Scanner

Status: Quarantined

Date & Time: Saturday, July 07, 2012 11.13 a.m. EST

8) Computer seems to be running all right. No more virus alerst other than the ones posted above.

Performance seems to be good so far.

Thanks,

Share this post


Link to post
Share on other sites

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
      O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
      O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
      O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [skytel] Skytel.exe
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
      O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
      O4 - HKCU\..\Run: [DW7] "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\RunOnce: [blekkotb] reg.exe delete "HKCU\Software\AppDataLow\Software\blekkotb" /f
      O4 - HKCU\..\RunOnce: [blekkotb_XP] reg.exe delete "HKCU\Software\blekkotb" /f
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
      O4 - Global Startup: Empowering Technology Launcher.lnk = C:\Acer\Empowering Technology\eAPLauncher.exe

    [*] Close all open windows and browsers/email, etc...

    [*] Click on the "Fix Checked" button

    [*] When completed, close the application.

    • NOTE**You can research each of those lines
    >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Share this post


Link to post
Share on other sites

Hello!

1) I ran HijackThis and fixed the items you mentioned.

2) I ran the ESET Scan and here is the log:

======================================

C:\FRST\Quarantine\services.exe Win32/Sirefef.FB.Gen trojan

C:\Qoobox\Quarantine\C\Windows\Installer\{f12373c9-bcd6-82bd-69d3-af7ed0d4ff3b}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan

C:\Users\Neetu\Documents\Downloads\VeohWebPlayerSetup_eng.exe Win32/OpenCandy application

C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe a variant of Win32/InstallCore.D application

======================================

Thanks.

Share this post


Link to post
Share on other sites

Hello

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the quote box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Users\Neetu\Documents\Downloads\VeohWebPlayerSetup_eng.exe"
    del /f /s /q "C:\Users\Neetu\Downloads\cnet2_trj684_exe.exe"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Share this post


Link to post
Share on other sites

Hello.

1) I ran delfile.bat and deleted the files.

2) We had not used DeFogger during this thread so I didn't mess with it.

3) I uninstalled Combofix.

4) I ran OTCleanIt

5) As recommended by you, I will be keeping Revo & CCleaner.

I already have MBAM (Pro) running.

6) Security Programs:

I have Norton & MBAM. I also installed the free version of WinPatrol.

I also have Search and Destroy. It is still running, From the initial look of it, both SD and WinPatrol seem to be kind of same. Yes?

I get Norton free from the internet provider. But I am willing to switch to Security Essentials if you think MSE has better security than Norton.

7) I also ran Windows Update and downloaded some updates. It is set to automatically download updates.

8) I reviewed the safety links you sent and will keep those in mind while online.

9) The computer seems to be working fine.

Performance is good.

Boot up was faster.

IE is working normally. No malicious websites are being opened.

Questions for you:

===============

1) Do you recommend using a different browser? So far I am using IE. I also downloaded Chrome now.

Do you recommend Opera or Firefox or some other browser since IE has more vulnerabilities?

2) MSE or Norton?

3) Some of the programs that we removed from the start up script, if I need to add some of them back, how do I do it?

Thank you very much. I really appreciate your help in cleaning up my computer.

I will post back in another 24 hours or so with an update on how the computer is doing.

Thanks again!

Share this post


Link to post
Share on other sites

Greetings

1) Do you recommend using a different browser? So far I am using IE. I also downloaded Chrome now.

Do you recommend Opera or Firefox or some other browser since IE has more vulnerabilities?

I use IE and Firefox - it comes down to what you like to use more, they all have virus that attach them now

2) MSE or Norton?

Again it comes down to which one you like more - I would rather you have an antivirus that may not be the best but one that you like to use therefore you will keep it updated and scan with it from time to time

Now since Norton is free I may consider uninstalling it and install MSE just to see if I like it more

3) Some of the programs that we removed from the start up script, if I need to add some of them back, how do I do it?

On the Main Menu of hijackthis, press the "View the list of backups" button. and from there you can restore them

Thank you very much. I really appreciate your help in cleaning up my computer. - you are more than welcome and glad I was able to help

Gringo

Share this post


Link to post
Share on other sites

Hello,

Couple of questions:

1) The volume indicator doesn't show anymore. When I increase or decrease the volume the bars appear towards of the bottom of the screen.

They no longer appear. The volume does get adjusted but the bars don't show anymore.

2) Youtube record function is no longer working. Keeps prompting for apple quick time to be added to start up.

Even after doing so, the recording option from youtube is blocked. Not sure what did that.

Otherwise the computer seems to be doing well.

Thanks again for your tremendous help!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.