Jump to content

Change Mode

Trojan gen2 and Zero access


Recommended Posts

Hello

 

I seem to be infected with these two virus and cant get rid of either.

I do have Norton 360 running whenever the computer is on. If I run a scan it finds both the virus and says the problem is resolved only to find that they return almost as soon as the scan is finished. Any help would be greatly appreciated.

 

Thanks for taking a look

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by Owner at 20:37:52 on 2012-08-02

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.1904 [GMT -6:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32nvvsvc.exe

C:Windowssystem32svchost.exe -k rpcss

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k GPSvcGroup

C:Windowssystem32SLsvc.exe

C:Program FilesNVIDIA CorporationDisplaynvxdsync.exe

C:Windowssystem32nvvsvc.exe

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:WindowsSystem32spoolsv.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Windowssystem32taskeng.exe

C:Program FilesRealtekAudioHDARAVCpl64.exe

C:Program Files (x86)RazerCopperheadrazerhid.exe

C:Program Files (x86)RazerTarantularazerhid.exe

C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)RazerCopperheadrazertra.exe

C:Program Files (x86)RazerCopperheadrazerofa.exe

C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program FilesDiskeeper CorporationDiskeeperDkService.exe

C:WindowsSystem32svchost.exe -k LocalServiceNoNetwork

C:WindowsSysWOW64svchost.exe -k hpdevmgmt

C:WindowsSysWOW64XSrvSetup.exe

C:Program Files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe

C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe

C:Windowssystem32svchost.exe -k imgsvc

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32WUDFHost.exe

C:Program Files (x86)RazerTarantularazertra.exe

C:Program FilesiPodbiniPodService.exe

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Program Files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe

C:WindowsSysWOW64DllHost.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbarUser_32.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:WindowsSysWOW64cmd.exe

C:WindowsSysWOW64cscript.exe

C:Windowssystem32wbemwmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:Program Files (x86)Norton 360Engine6.2.1.5coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:Program Files (x86)Norton 360Engine6.2.1.5IPSIPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:Program Files (x86)Norton 360Engine6.2.1.5coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

mRun: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe

mRun: [Copperhead] "C:Program Files (x86)RazerCopperheadrazerhid.exe"

mRun: [Tarantula] "C:Program Files (x86)RazerTarantularazerhid.exe"

mRun: [NUSB3MON] "C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe"

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~3Office12EXCEL.EXE/3000

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:PROGRA~2MICROS~3Office12REFIEBAR.DLL

LSP: mswsock.dll

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces{B34C6BDA-537D-4327-9C8B-E56995278C72} : DhcpNameServer = 192.168.1.1

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program Files (x86)Norton 360Engine6.2.1.5coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:Program Files (x86)Norton 360Engine6.2.1.5IPSIPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program Files (x86)Norton 360Engine6.2.1.5coIEPlg.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

mRun-x64: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe

mRun-x64: [Copperhead] "C:Program Files (x86)RazerCopperheadrazerhid.exe"

mRun-x64: [Tarantula] "C:Program Files (x86)RazerTarantularazerhid.exe"

mRun-x64: [NUSB3MON] "C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe"

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default

FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?

FF - component: C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_5.0.2.1IPSFFPlgncomponentsIPSFFPl.dll

FF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll

FF - plugin: C:Program Files (x86)GoogleGoogle Earthpluginnpgeplugin.dll

FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.115npGoogleUpdate3.dll

FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrlui.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32_11_3_300_270.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:Windowssystem32driversN360x640602010.005SYMDS64.SYS --> C:Windowssystem32driversN360x640602010.005SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:Windowssystem32driversN360x640602010.005SYMEFA64.SYS --> C:Windowssystem32driversN360x640602010.005SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsBASHDefs20120711.002BHDrvx64.sys [2012-7-12 1161376]

R1 ccSet_N360;Norton 360 Settings Manager;C:Windowssystem32driversN360x640602010.005ccSetx64.sys --> C:Windowssystem32driversN360x640602010.005ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsIPSDefs20120802.001IDSviA64.sys [2012-8-2 509088]

R1 SymIRON;Symantec Iron Driver;C:Windowssystem32driversN360x640602010.005Ironx64.SYS --> C:Windowssystem32driversN360x640602010.005Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:Windowssystem32DriversN360x640602010.005SYMTDIV.SYS --> C:Windowssystem32DriversN360x640602010.005SYMTDIV.SYS [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-1-3 63928]

R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 JMB36X;JMB36X;C:WindowsSysWOW64XSrvSetup.exe [2011-4-1 72280]

R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-4-1 655944]

R2 N360;Norton 360;C:Program Files (x86)Norton 360Engine6.2.1.5ccsvchst.exe [2012-5-17 138232]

R2 PassThru Service;Internet Pass-Through Service;C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [2010-9-16 80896]

R3 copperhd;Razer Copperhead Driver;C:Windowssystem32driverscopperhd.sys --> C:Windowssystem32driverscopperhd.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [2012-6-14 138912]

R3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:Windowssystem32DRIVERSnusb3hub.sys --> C:Windowssystem32DRIVERSnusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:Windowssystem32DRIVERSnusb3xhc.sys --> C:Windowssystem32DRIVERSnusb3xhc.sys [?]

R3 STTub203;Thrustmaster HOTAS USB Bulk In;C:Windowssystem32DriversSTTub203.sys --> C:Windowssystem32DriversSTTub203.sys [?]

R3 TarFltr;Razer Tarantula USB Keyboard;C:Windowssystem32driversUsbFltr.sys --> C:Windowssystem32driversUsbFltr.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-5-29 136176]

S2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2012-7-28 1153368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-4-4 250056]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;??C:Windowssystem32driversBVRPMPR5a64.SYS --> C:Windowssystem32driversBVRPMPR5a64.SYS [?]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:Program Files (x86)Common FilesFuturemark SharedFuturemark SystemInfoFMSISvc.exe [2011-8-16 130976]

S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-5-29 136176]

S3 HTCAND64;HTC Device Driver;C:Windowssystem32DriversANDROIDUSB.sys --> C:Windowssystem32DriversANDROIDUSB.sys [?]

S3 htcnprot;HTC NDIS Protocol Driver;C:Windowssystem32DRIVERShtcnprot.sys --> C:Windowssystem32DRIVERShtcnprot.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe [2012-5-5 113120]

S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2009-4-11 89920]

.

=============== File Associations ===============

.

JSEFile=C:WindowsSysWOW64WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-30 21:49:46 -------- d-sh--w- C:WindowsSysWow64%APPDATA%

2012-07-28 22:06:58 -------- d-----w- C:ProgramDataSpybot - Search & Destroy

2012-07-28 22:06:58 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy

2012-07-11 10:46:58 974848 ----a-w- C:Program FilesCommon FilesSystemadomsado15.dll

.

==================== Find3M ====================

.

2012-08-02 22:28:20 70344 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2012-08-02 22:28:20 426184 ----a-w- C:WindowsSysWow64FlashPlayerApp.exe

2012-07-03 19:46:44 24904 ----a-w- C:WindowsSystem32driversmbam.sys

2012-06-25 22:04:24 1394248 ----a-w- C:WindowsSysWow64msxml4.dll

2012-06-13 13:58:27 2769408 ----a-w- C:WindowsSystem32win32k.sys

2012-06-05 16:47:28 1401856 ----a-w- C:WindowsSysWow64msxml6.dll

2012-06-05 16:47:27 1248768 ----a-w- C:WindowsSysWow64msxml3.dll

2012-06-05 16:22:47 1797120 ----a-w- C:WindowsSystem32msxml6.dll

2012-06-05 16:22:46 1869824 ----a-w- C:WindowsSystem32msxml3.dll

2012-06-04 15:29:59 516480 ----a-w- C:WindowsSystem32driversksecdd.sys

2012-06-02 22:15:31 2622464 ----a-w- C:WindowsSystem32wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:WindowsSystem32wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:WindowsSysWow64wudriver.dll

2012-06-02 21:19:42 186752 ----a-w- C:WindowsSystem32wuwebv.dll

2012-06-02 21:19:42 171904 ----a-w- C:WindowsSysWow64wuwebv.dll

2012-06-02 21:15:12 36864 ----a-w- C:WindowsSystem32wuapp.exe

2012-06-02 21:12:20 33792 ----a-w- C:WindowsSysWow64wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:WindowsSystem32jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:WindowsSystem32wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:WindowsSystem32inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:WindowsSystem32ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:WindowsSysWow64jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:WindowsSysWow64wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:WindowsSysWow64inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:WindowsSysWow64ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2012-06-02 00:22:56 347136 ----a-w- C:WindowsSystem32schannel.dll

2012-06-02 00:22:10 254464 ----a-w- C:WindowsSystem32ncrypt.dll

2012-06-02 00:05:11 77312 ----a-w- C:WindowsSysWow64secur32.dll

2012-06-02 00:04:25 278528 ----a-w- C:WindowsSysWow64schannel.dll

2012-06-02 00:03:42 204288 ----a-w- C:WindowsSysWow64ncrypt.dll

.

============= FINISH: 20:38:09.30 ===============

Edited by caintry_boy
Merge from other thread...
Link to post
Share on other sites

Hi Buckskinpass,

 

Welcome to the Pit!

 

Zero access has some pretty tough protection against many of our tools so we may have to try a couple things to break it down.

 

Let's see if it will go relatively quietly.

 

As we work through your logs. Please remember to run any tools by Right-clicking on the icon and selecting Run As Administrator....

 

Download ComboFix:

 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

* IMPORTANT !!! Save ComboFix.exe to your Desktop

 

 

When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply.

 

 

Notes:

 

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Link to post
Share on other sites

Hi Tomk thanks for the help.

After double clicking Combofix, it seemed to start doing somthing, then its progress bar got stuck about halfway through the next thing was for it to just disappear like it had been shut off. There is no combofix.txt in the c: directory.

Edited by buckskinpass
Link to post
Share on other sites

I was afraid of that. It is the viruses self protection at work.

 

Let's try this before we get "tricky" with it.

 

Please enter safe mode and then try to run ComboFix. You do this by restarting your computer and then tapping your F8 key until you open the advanced start options menu. You want to select Enter Safe Mode with networking. Once the operating system loads you should still be able to see the ComboFix icon on your destop. Go ahead and run it.

Link to post
Share on other sites

well I did the scan in safe mode, I didn't realize till after it had finished that you wanted safe w/networking. Something else that got my attention, before entering safe mode I disabled norton 360 but combofix showed a dialog that said it was still running, a little puzzling. Also, during the scan combofix said that a sys file was infected and it attempted to repair, I think it was windows win32 services.exe.

Let me know if I need the networking option.

Link to post
Share on other sites

Here is the combofix log w/o networking

 

ComboFix 12-07-31.05 - Owner 08/03/2012 13:13:59.1.4 - x64 MINIMAL

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.3410 [GMT -6:00]

Running from: c:usersOwnerDesktopComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:windowsassemblyGAC_32Desktop.ini

c:windowsassemblyGAC_64Desktop.ini

c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}@

c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected]

c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}L201d3dde

c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected]

c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected]

c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected]

c:windowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}[email protected]

.

c:windowssystem32Services.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))

.

.

2012-08-03 19:48 . 2012-08-03 19:48 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-07-30 21:49 . 2012-07-30 21:49 -------- d-sh--w- c:windowsSysWow64%APPDATA%

2012-07-28 22:06 . 2012-07-28 22:35 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-07-28 22:06 . 2012-07-28 22:07 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-07-11 10:46 . 2012-06-05 16:22 974848 ----a-w- c:program filesCommon FilesSystemadomsado15.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 22:28 . 2012-04-04 11:13 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-02 22:28 . 2011-05-29 10:44 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-11 23:16 . 2006-11-02 12:35 59701280 ----a-w- c:windowssystem32mrt.exe

2012-07-03 19:46 . 2011-04-01 19:02 24904 ----a-w- c:windowssystem32driversmbam.sys

2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:windowsSysWow64msxml4.dll

2012-06-02 22:19 . 2012-06-23 11:01 38424 ----a-w- c:windowssystem32wups.dll

2012-06-02 22:19 . 2012-06-23 11:01 2428952 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 22:19 . 2012-06-23 11:01 57880 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 22:19 . 2012-06-23 11:01 44056 ----a-w- c:windowssystem32wups2.dll

2012-06-02 22:19 . 2012-06-23 11:01 35864 ----a-w- c:windowsSysWow64wups.dll

2012-06-02 22:19 . 2012-06-23 11:01 701976 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 22:19 . 2012-06-23 11:01 577048 ----a-w- c:windowsSysWow64wuapi.dll

2012-06-02 22:15 . 2012-06-23 11:01 2622464 ----a-w- c:windowssystem32wucltux.dll

2012-06-02 22:15 . 2012-06-23 11:01 99840 ----a-w- c:windowssystem32wudriver.dll

2012-06-02 22:12 . 2012-06-23 11:01 88576 ----a-w- c:windowsSysWow64wudriver.dll

2012-06-02 21:19 . 2012-06-23 11:01 186752 ----a-w- c:windowssystem32wuwebv.dll

2012-06-02 21:19 . 2012-06-23 11:01 171904 ----a-w- c:windowsSysWow64wuwebv.dll

2012-06-02 21:15 . 2012-06-23 11:01 36864 ----a-w- c:windowssystem32wuapp.exe

2012-06-02 21:12 . 2012-06-23 11:01 33792 ----a-w- c:windowsSysWow64wuapp.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe

[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:windowssystem32services.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"JMB36X IDE Setup"="c:windowsRaidToolxInsIDE.exe" [2010-09-07 43608]

"Copperhead"="c:program files (x86)RazerCopperheadrazerhid.exe" [2005-11-25 155648]

"Tarantula"="c:program files (x86)RazerTarantularazerhid.exe" [2007-05-07 159744]

"NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-02 250056]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-01-03 63928]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionSvchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-03 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 22:28]

.

2012-08-03 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44]

.

2012-08-03 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"RTHDVCPL"="c:program filesRealtekAudioHDARAVCpl64.exe" [2011-06-09 11860072]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~2MICROS~3Office12EXCEL.EXE/3000

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll

FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default

FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

.

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesN360]

"ImagePath"=""c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "c:program files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:windowsSysWOW64XSrvSetup.exe

c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe

c:program files (x86)HTCInternet Pass-ThroughPassThruSvr.exe

c:program files (x86)RazerCopperheadrazerofa.exe

c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe

c:windowsSysWOW64DllHost.exe

c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe

.

**************************************************************************

.

Completion time: 2012-08-03 13:52:41 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-03 19:52

.

Pre-Run: 81,287,282,688 bytes free

Post-Run: 83,918,749,696 bytes free

.

- - End Of File - - 46CF8573334F12CF252D1ACD9C173214

Link to post
Share on other sites

Having access to the network isn't as important as it would have been if you had XP. Everything went fine.

 

This should run in normal mode now.

 

COMBOFIX-Script

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    Fcopy::
    c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe | c:windowssystem32Services.exe
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Link to post
Share on other sites

Ok heres the log. Combofix still reports Norton360 being on and i've done everything I can to shut it down.

 

ComboFix 12-08-04.02 - Owner 08/03/2012 21:59:47.2.4 - x64

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.2052 [GMT -6:00]

Running from: c:usersOwnerDesktopComboFix.exe

Command switches used :: c:usersOwnerDesktopCFScript.txt

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:windowsassemblyGAC_32Desktop.ini

c:windowsassemblyGAC_64Desktop.ini

.

c:windowssystem32Services.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))

.

.

2012-08-04 04:35 . 2012-08-04 04:35 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp

2012-08-04 04:35 . 2012-08-04 04:35 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-07-30 21:49 . 2012-07-30 21:49 -------- d-sh--w- c:windowsSysWow64%APPDATA%

2012-07-28 22:06 . 2012-07-28 22:35 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-07-28 22:06 . 2012-07-28 22:07 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-07-11 10:46 . 2012-06-05 16:22 974848 ----a-w- c:program filesCommon FilesSystemadomsado15.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 22:28 . 2012-04-04 11:13 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-02 22:28 . 2011-05-29 10:44 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-11 23:16 . 2006-11-02 12:35 59701280 ----a-w- c:windowssystem32mrt.exe

2012-07-03 19:46 . 2011-04-01 19:02 24904 ----a-w- c:windowssystem32driversmbam.sys

2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:windowsSysWow64msxml4.dll

2012-06-02 22:19 . 2012-06-23 11:01 38424 ----a-w- c:windowssystem32wups.dll

2012-06-02 22:19 . 2012-06-23 11:01 2428952 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 22:19 . 2012-06-23 11:01 57880 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 22:19 . 2012-06-23 11:01 44056 ----a-w- c:windowssystem32wups2.dll

2012-06-02 22:19 . 2012-06-23 11:01 35864 ----a-w- c:windowsSysWow64wups.dll

2012-06-02 22:19 . 2012-06-23 11:01 701976 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 22:19 . 2012-06-23 11:01 577048 ----a-w- c:windowsSysWow64wuapi.dll

2012-06-02 22:15 . 2012-06-23 11:01 2622464 ----a-w- c:windowssystem32wucltux.dll

2012-06-02 22:15 . 2012-06-23 11:01 99840 ----a-w- c:windowssystem32wudriver.dll

2012-06-02 22:12 . 2012-06-23 11:01 88576 ----a-w- c:windowsSysWow64wudriver.dll

2012-06-02 21:19 . 2012-06-23 11:01 186752 ----a-w- c:windowssystem32wuwebv.dll

2012-06-02 21:19 . 2012-06-23 11:01 171904 ----a-w- c:windowsSysWow64wuwebv.dll

2012-06-02 21:15 . 2012-06-23 11:01 36864 ----a-w- c:windowssystem32wuapp.exe

2012-06-02 21:12 . 2012-06-23 11:01 33792 ----a-w- c:windowsSysWow64wuapp.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe

[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:windowssystem32services.exe

.

((((((((((((((((((((((((((((( [email protected]_19.49.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:09 . 2012-08-03 19:52 48176 c:windowssystem32WDIShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:44 . 2012-08-03 19:52 89302 c:windowssystem32WDIBootPerformanceDiagnostics_SystemData.bin

+ 2011-04-01 05:42 . 2012-08-03 19:52 12956 c:windowssystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-4096261934-966222998-2717033517-1000_UserData.bin

+ 2011-04-01 05:39 . 2012-08-03 20:02 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-04-01 05:39 . 2012-08-03 20:02 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-04-01 05:39 . 2012-08-03 20:02 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2012-08-04 04:37 . 2012-08-04 04:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-08-04 04:37 . 2012-08-04 04:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-08-03 19:49 . 2012-08-03 19:49 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2011-04-02 22:07 . 2012-08-04 02:13 338638 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-04-01 07:32 . 2012-08-04 04:35 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2011-04-01 07:32 . 2012-08-03 18:26 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2011-04-24 11:59 . 2012-08-04 04:35 44815315 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-4096261934-966222998-2717033517-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"JMB36X IDE Setup"="c:windowsRaidToolxInsIDE.exe" [2010-09-07 43608]

"Copperhead"="c:program files (x86)RazerCopperheadrazerhid.exe" [2005-11-25 155648]

"Tarantula"="c:program files (x86)RazerTarantularazerhid.exe" [2007-05-07 159744]

"NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-01-03 63928]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-02 250056]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionSvchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-04 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 22:28]

.

2012-08-04 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44]

.

2012-08-04 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"RTHDVCPL"="c:program filesRealtekAudioHDARAVCpl64.exe" [2011-06-09 11860072]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~2MICROS~3Office12EXCEL.EXE/3000

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll

FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default

FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesN360]

"ImagePath"=""c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "c:program files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:windowsSysWOW64XSrvSetup.exe

c:program files (x86)RazerCopperheadrazerofa.exe

c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe

c:program files (x86)HTCInternet Pass-ThroughPassThruSvr.exe

c:program files (x86)Spybot - Search & DestroySDWinSec.exe

c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe

.

**************************************************************************

.

Completion time: 2012-08-03 22:40:08 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-04 04:40

ComboFix2.txt 2012-08-03 19:52

.

Pre-Run: 83,498,831,872 bytes free

Post-Run: 83,290,669,056 bytes free

.

- - End Of File - - 1BFBCEA3044B08DD40DABAF369E8B673

Link to post
Share on other sites

Don't worry about Norton. The AV portion is disabled so we're good.

 

Our fix didn't completely take.

 

COMBOFIX-Script

 

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    FCopy::
    c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe | c:windowssystem32services.exe
    
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Link to post
Share on other sites

Here it is,

got my fingers crossed.

 

ComboFix 12-08-04.02 - Owner 08/04/2012 4:56.3.4 - x64

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.2412 [GMT -6:00]

Running from: c:usersOwnerDesktopComboFix.exe

Command switches used :: c:usersOwnerDesktopCFScript.txt

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:windowsassemblyGAC_32Desktop.ini

c:windowsassemblyGAC_64Desktop.ini

.

c:windowssystem32Services.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))

.

.

2012-08-04 11:31 . 2012-08-04 11:31 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp

2012-07-30 21:49 . 2012-07-30 21:49 -------- d-sh--w- c:windowsSysWow64%APPDATA%

2012-07-28 22:06 . 2012-07-28 22:35 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-07-28 22:06 . 2012-07-28 22:07 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-07-11 10:46 . 2012-06-05 16:22 974848 ----a-w- c:program filesCommon FilesSystemadomsado15.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 22:28 . 2012-04-04 11:13 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-02 22:28 . 2011-05-29 10:44 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-11 23:16 . 2006-11-02 12:35 59701280 ----a-w- c:windowssystem32mrt.exe

2012-07-03 19:46 . 2011-04-01 19:02 24904 ----a-w- c:windowssystem32driversmbam.sys

2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:windowsSysWow64msxml4.dll

2012-06-02 22:19 . 2012-06-23 11:01 38424 ----a-w- c:windowssystem32wups.dll

2012-06-02 22:19 . 2012-06-23 11:01 2428952 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 22:19 . 2012-06-23 11:01 57880 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 22:19 . 2012-06-23 11:01 44056 ----a-w- c:windowssystem32wups2.dll

2012-06-02 22:19 . 2012-06-23 11:01 35864 ----a-w- c:windowsSysWow64wups.dll

2012-06-02 22:19 . 2012-06-23 11:01 701976 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 22:19 . 2012-06-23 11:01 577048 ----a-w- c:windowsSysWow64wuapi.dll

2012-06-02 22:15 . 2012-06-23 11:01 2622464 ----a-w- c:windowssystem32wucltux.dll

2012-06-02 22:15 . 2012-06-23 11:01 99840 ----a-w- c:windowssystem32wudriver.dll

2012-06-02 22:12 . 2012-06-23 11:01 88576 ----a-w- c:windowsSysWow64wudriver.dll

2012-06-02 21:19 . 2012-06-23 11:01 186752 ----a-w- c:windowssystem32wuwebv.dll

2012-06-02 21:19 . 2012-06-23 11:01 171904 ----a-w- c:windowsSysWow64wuwebv.dll

2012-06-02 21:15 . 2012-06-23 11:01 36864 ----a-w- c:windowssystem32wuapp.exe

2012-06-02 21:12 . 2012-06-23 11:01 33792 ----a-w- c:windowsSysWow64wuapp.exe

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe

[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:windowssystem32services.exe

.

((((((((((((((((((((((((((((( [email protected]_19.49.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:09 . 2012-08-04 04:55 48460 c:windowssystem32WDIShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:44 . 2012-08-04 04:55 89422 c:windowssystem32WDIBootPerformanceDiagnostics_SystemData.bin

+ 2011-04-01 05:42 . 2012-08-04 04:55 13020 c:windowssystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-4096261934-966222998-2717033517-1000_UserData.bin

+ 2011-04-01 05:39 . 2012-08-04 04:43 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-04-01 05:39 . 2012-08-04 04:43 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-04-01 05:39 . 2012-08-04 04:43 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2012-08-04 04:53 . 2012-08-04 04:53 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-08-04 04:53 . 2012-08-04 04:53 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-08-03 19:49 . 2012-08-03 19:49 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2011-04-02 22:07 . 2012-08-04 10:46 338750 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2011-04-01 07:32 . 2012-08-04 04:52 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2011-04-01 07:32 . 2012-08-03 18:26 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2011-04-24 11:59 . 2012-08-04 04:52 44815315 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-4096261934-966222998-2717033517-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"JMB36X IDE Setup"="c:windowsRaidToolxInsIDE.exe" [2010-09-07 43608]

"Copperhead"="c:program files (x86)RazerCopperheadrazerhid.exe" [2005-11-25 155648]

"Tarantula"="c:program files (x86)RazerTarantularazerhid.exe" [2007-05-07 159744]

"NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-01-03 63928]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-02 250056]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionSvchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-04 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 22:28]

.

2012-08-04 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44]

.

2012-08-04 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"RTHDVCPL"="c:program filesRealtekAudioHDARAVCpl64.exe" [2011-06-09 11860072]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~2MICROS~3Office12EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll

FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default

FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesN360]

"ImagePath"=""c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "c:program files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

Completion time: 2012-08-04 05:33:10

ComboFix-quarantined-files.txt 2012-08-04 11:33

ComboFix2.txt 2012-08-04 04:40

ComboFix3.txt 2012-08-03 19:52

.

Pre-Run: 83,172,896,768 bytes free

Post-Run: 83,128,299,520 bytes free

.

- - End Of File - - 2DA35503166A58DE189862B09B0743FB

Link to post
Share on other sites

Nope... there is something not showing that is blocking CF. Let's get a different look.

 

Download the latest version of TDSSKiller from here and save it to your Desktop.

 

 

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

     

    Posted Image

  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

     

    Posted Image

  • Click the Start Scan button.

     

    Posted Image

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

     

    Posted Image

  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

     

    Posted Image

  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C: folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

TDSKiller ran and heres the log.

I never got the three optiions for any malicious objects.

 

 

15:49:00.0572 3352 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

15:49:01.0056 3352 ============================================================

15:49:01.0056 3352 Current date / time: 2012/08/04 15:49:01.0056

15:49:01.0056 3352 SystemInfo:

15:49:01.0056 3352

15:49:01.0056 3352 OS Version: 6.0.6002 ServicePack: 2.0

15:49:01.0056 3352 Product type: Workstation

15:49:01.0056 3352 ComputerName: OWNER-PC

15:49:01.0056 3352 UserName: Owner

15:49:01.0056 3352 Windows directory: C:Windows

15:49:01.0056 3352 System windows directory: C:Windows

15:49:01.0056 3352 Running under WOW64

15:49:01.0056 3352 Processor architecture: Intel x64

15:49:01.0056 3352 Number of processors: 4

15:49:01.0056 3352 Page size: 0x1000

15:49:01.0056 3352 Boot type: Normal boot

15:49:01.0056 3352 ============================================================

15:49:01.0992 3352 Drive DeviceHarddisk0DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:49:02.0007 3352 Drive DeviceHarddisk1DR1 - Size: 0x1315637E00 (76.33 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:49:02.0039 3352 Drive DeviceHarddisk2DR2 - Size: 0x1757AD1E00 (93.37 Gb), SectorSize: 0x200, Cylinders: 0x2F9C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:49:02.0039 3352 ============================================================

15:49:02.0039 3352 DeviceHarddisk0DR0:

15:49:02.0039 3352 MBR partitions:

15:49:02.0039 3352 DeviceHarddisk0DR0Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11777800

15:49:02.0039 3352 DeviceHarddisk1DR1:

15:49:02.0039 3352 MBR partitions:

15:49:02.0039 3352 DeviceHarddisk1DR1Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC

15:49:02.0039 3352 DeviceHarddisk2DR2:

15:49:02.0039 3352 MBR partitions:

15:49:02.0039 3352 DeviceHarddisk2DR2Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xBABAC5D

15:49:02.0039 3352 ============================================================

15:49:02.0054 3352 C: <-> DeviceHarddisk0DR0Partition0

15:49:02.0070 3352 F: <-> DeviceHarddisk1DR1Partition0

15:49:02.0101 3352 G: <-> DeviceHarddisk2DR2Partition0

15:49:02.0101 3352 ============================================================

15:49:02.0101 3352 Initialize success

15:49:02.0101 3352 ============================================================

15:49:55.0315 4684 ============================================================

15:49:55.0315 4684 Scan started

15:49:55.0315 4684 Mode: Manual; SigCheck; TDLFS;

15:49:55.0315 4684 ============================================================

15:49:55.0783 4684 ACPI (1965aaffab07e3fb03c77f81beba3547) C:Windowssystem32driversacpi.sys

15:49:55.0923 4684 ACPI - ok

15:49:55.0985 4684 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

15:49:55.0985 4684 AdobeARMservice - ok

15:49:56.0079 4684 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe

15:49:56.0079 4684 AdobeFlashPlayerUpdateSvc - ok

15:49:56.0110 4684 adp94xx (f14215e37cf124104575073f782111d2) C:Windowssystem32driversadp94xx.sys

15:49:56.0126 4684 adp94xx - ok

15:49:56.0157 4684 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:Windowssystem32driversadpahci.sys

15:49:56.0173 4684 adpahci - ok

15:49:56.0188 4684 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:Windowssystem32driversadpu160m.sys

15:49:56.0188 4684 adpu160m - ok

15:49:56.0204 4684 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:Windowssystem32driversadpu320.sys

15:49:56.0219 4684 adpu320 - ok

15:49:56.0251 4684 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:WindowsSystem32aelupsvc.dll

15:49:56.0391 4684 AeLookupSvc - ok

15:49:56.0422 4684 AFD (c4f6ce6087760ad70960c9eb130e7943) C:Windowssystem32driversafd.sys

15:49:56.0469 4684 AFD - ok

15:49:56.0500 4684 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:Windowssystem32driversagp440.sys

15:49:56.0500 4684 agp440 - ok

15:49:56.0516 4684 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:Windowssystem32driversdjsvs.sys

15:49:56.0516 4684 aic78xx - ok

15:49:56.0531 4684 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:WindowsSystem32alg.exe

15:49:56.0656 4684 ALG - ok

15:49:56.0672 4684 aliide (157d0898d4b73f075ce9fa26b482df98) C:Windowssystem32driversaliide.sys

15:49:56.0687 4684 aliide - ok

15:49:56.0687 4684 amdide (970fa5059e61e30d25307b99903e991e) C:Windowssystem32driversamdide.sys

15:49:56.0703 4684 amdide - ok

15:49:56.0719 4684 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:Windowssystem32driversamdk8.sys

15:49:56.0765 4684 AmdK8 - ok

15:49:56.0781 4684 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:WindowsSystem32appinfo.dll

15:49:56.0812 4684 Appinfo - ok

15:49:56.0875 4684 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

15:49:56.0890 4684 Apple Mobile Device - ok

15:49:56.0906 4684 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:WindowsSystem32appmgmts.dll

15:49:56.0937 4684 AppMgmt - ok

15:49:56.0953 4684 arc (ba8417d4765f3988ff921f30f630e303) C:Windowssystem32driversarc.sys

15:49:56.0953 4684 arc - ok

15:49:56.0968 4684 arcsas (9d41c435619733b34cc16a511e644b11) C:Windowssystem32driversarcsas.sys

15:49:56.0984 4684 arcsas - ok

15:49:56.0999 4684 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:Windowssystem32DRIVERSasyncmac.sys

15:49:57.0031 4684 AsyncMac - ok

15:49:57.0031 4684 atapi (e68d9b3a3905619732f7fe039466a623) C:Windowssystem32driversatapi.sys

15:49:57.0046 4684 atapi - ok

15:49:57.0062 4684 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:WindowsSystem32Audiosrv.dll

15:49:57.0109 4684 AudioEndpointBuilder - ok

15:49:57.0109 4684 AudioSrv (79318c744693ec983d20e9337a2f8196) C:WindowsSystem32Audiosrv.dll

15:49:57.0140 4684 AudioSrv - ok

15:49:57.0155 4684 Beep - ok

15:49:57.0187 4684 BFE (ffb96c2589ffa60473ead78b39fbde29) C:WindowsSystem32bfe.dll

15:49:57.0233 4684 BFE - ok

15:49:57.0358 4684 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsBASHDefs20120711.002BHDrvx64.sys

15:49:57.0405 4684 BHDrvx64 - ok

15:49:57.0499 4684 blbdrive (79feeb40056683f8f61398d81dda65d2) C:Windowssystem32driversblbdrive.sys

15:49:57.0530 4684 blbdrive - ok

15:49:57.0592 4684 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:Program FilesBonjourmDNSResponder.exe

15:49:57.0608 4684 Bonjour Service - ok

15:49:57.0608 4684 bowser (2348447a80920b2493a9b582a23e81e1) C:Windowssystem32DRIVERSbowser.sys

15:49:57.0639 4684 bowser - ok

15:49:57.0655 4684 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:Windowssystem32driversbrfiltlo.sys

15:49:57.0686 4684 BrFiltLo - ok

15:49:57.0701 4684 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:Windowssystem32driversbrfiltup.sys

15:49:57.0733 4684 BrFiltUp - ok

15:49:57.0748 4684 Browser (a1b39de453433b115b4ea69ee0343816) C:WindowsSystem32browser.dll

15:49:57.0779 4684 Browser - ok

15:49:57.0795 4684 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:Windowssystem32driversbrserid.sys

15:49:57.0951 4684 Brserid - ok

15:49:57.0967 4684 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:Windowssystem32driversbrserwdm.sys

15:49:58.0029 4684 BrSerWdm - ok

15:49:58.0029 4684 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:Windowssystem32driversbrusbmdm.sys

15:49:58.0091 4684 BrUsbMdm - ok

15:49:58.0091 4684 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:Windowssystem32driversbrusbser.sys

15:49:58.0138 4684 BrUsbSer - ok

15:49:58.0138 4684 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:Windowssystem32driversbthmodem.sys

15:49:58.0201 4684 BTHMODEM - ok

15:49:58.0232 4684 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:Windowssystem32driversBVRPMPR5a64.SYS

15:49:58.0232 4684 BVRPMPR5a64 - ok

15:49:58.0247 4684 catchme - ok

15:49:58.0325 4684 ccSet_N360 (0e1737a63aec0f6de231bb59836c0a11) C:Windowssystem32driversN360x640602010.005ccSetx64.sys

15:49:58.0325 4684 ccSet_N360 - ok

15:49:58.0341 4684 cdfs (b4d787db8d30793a4d4df9feed18f136) C:Windowssystem32DRIVERScdfs.sys

15:49:58.0372 4684 cdfs - ok

15:49:58.0388 4684 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:Windowssystem32DRIVERScdrom.sys

15:49:58.0403 4684 cdrom - ok

15:49:58.0419 4684 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:WindowsSystem32certprop.dll

15:49:58.0466 4684 CertPropSvc - ok

15:49:58.0466 4684 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:Windowssystem32driverscirclass.sys

15:49:58.0497 4684 circlass - ok

15:49:58.0528 4684 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:Windowssystem32CLFS.sys

15:49:58.0544 4684 CLFS - ok

15:49:58.0606 4684 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe

15:49:58.0622 4684 clr_optimization_v2.0.50727_32 - ok

15:49:58.0669 4684 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe

15:49:58.0669 4684 clr_optimization_v2.0.50727_64 - ok

15:49:58.0715 4684 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe

15:49:58.0731 4684 clr_optimization_v4.0.30319_32 - ok

15:49:58.0762 4684 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe

15:49:58.0762 4684 clr_optimization_v4.0.30319_64 - ok

15:49:58.0778 4684 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:Windowssystem32driverscmdide.sys

15:49:58.0793 4684 cmdide - ok

15:49:58.0793 4684 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:Windowssystem32driverscompbatt.sys

15:49:58.0809 4684 Compbatt - ok

15:49:58.0809 4684 COMSysApp - ok

15:49:58.0887 4684 copperhd (71879a4ab90d21bccf9e3cfcf0bb5f4a) C:Windowssystem32driverscopperhd.sys

15:49:58.0949 4684 copperhd - ok

15:49:59.0043 4684 cpuz130 - ok

15:49:59.0059 4684 cpuz135 - ok

15:49:59.0074 4684 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:Windowssystem32driverscrcdisk.sys

15:49:59.0090 4684 crcdisk - ok

15:49:59.0105 4684 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:Windowssystem32cryptsvc.dll

15:49:59.0137 4684 CryptSvc - ok

15:49:59.0152 4684 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:Windowssystem32driverscsc.sys

15:49:59.0183 4684 CSC - ok

15:49:59.0230 4684 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:WindowsSystem32cscsvc.dll

15:49:59.0246 4684 CscService - ok

15:49:59.0293 4684 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:Windowssystem32rpcss.dll

15:49:59.0339 4684 DcomLaunch - ok

15:49:59.0371 4684 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:Windowssystem32Driversdfsc.sys

15:49:59.0402 4684 DfsC - ok

15:49:59.0558 4684 DFSR (c647f468f7de343df8c143655c5557d4) C:Windowssystem32DFSR.exe

15:49:59.0683 4684 DFSR - ok

15:49:59.0761 4684 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:WindowsSystem32dhcpcsvc.dll

15:49:59.0792 4684 Dhcp - ok

15:49:59.0792 4684 disk (b0107e40ecdb5fa692ebf832f295d905) C:Windowssystem32driversdisk.sys

15:49:59.0807 4684 disk - ok

15:49:59.0932 4684 Diskeeper (a8bff83fe3e758e3ecff3855f9efc94b) C:Program FilesDiskeeper CorporationDiskeeperDkService.exe

15:49:59.0979 4684 Diskeeper - ok

15:50:00.0041 4684 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:WindowsSystem32dnsrslvr.dll

15:50:00.0073 4684 Dnscache - ok

15:50:00.0088 4684 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:WindowsSystem32dot3svc.dll

15:50:00.0119 4684 dot3svc - ok

15:50:00.0151 4684 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:Windowssystem32DRIVERSDot4.sys

15:50:00.0182 4684 Dot4 - ok

15:50:00.0197 4684 Dot4Print (08321d1860235bf42cf2854234337aea) C:Windowssystem32DRIVERSDot4Prt.sys

15:50:00.0229 4684 Dot4Print - ok

15:50:00.0244 4684 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:Windowssystem32DRIVERSdot4usb.sys

15:50:00.0275 4684 dot4usb - ok

15:50:00.0291 4684 DPS (1583b39790db3eaec7edb0cb0140c708) C:Windowssystem32dps.dll

15:50:00.0338 4684 DPS - ok

15:50:00.0369 4684 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:Windowssystem32driversdrmkaud.sys

15:50:00.0400 4684 drmkaud - ok

15:50:00.0447 4684 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:WindowsSystem32driversdxgkrnl.sys

15:50:00.0478 4684 DXGKrnl - ok

15:50:00.0509 4684 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:Windowssystem32DRIVERSE1G6032E.sys

15:50:00.0541 4684 E1G60 - ok

15:50:00.0572 4684 EapHost (c2303883fd9be49dc36a6400643002ea) C:WindowsSystem32eapsvc.dll

15:50:00.0603 4684 EapHost - ok

15:50:00.0634 4684 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:Windowssystem32driversecache.sys

15:50:00.0650 4684 Ecache - ok

15:50:00.0697 4684 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys

15:50:00.0712 4684 eeCtrl - ok

15:50:00.0759 4684 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:WindowsehomeehRecvr.exe

15:50:00.0806 4684 ehRecvr - ok

15:50:00.0806 4684 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:Windowsehomeehsched.exe

15:50:00.0837 4684 ehSched - ok

15:50:00.0853 4684 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:Windowsehomeehstart.dll

15:50:00.0868 4684 ehstart - ok

15:50:00.0899 4684 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:Windowssystem32driverselxstor.sys

15:50:00.0915 4684 elxstor - ok

15:50:00.0946 4684 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:Windowssystem32emdmgmt.dll

15:50:00.0993 4684 EMDMgmt - ok

15:50:01.0024 4684 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys

15:50:01.0040 4684 EraserUtilRebootDrv - ok

15:50:01.0055 4684 ErrDev (c2d322c84530db37d3e8e1c7e011bf16) C:Windowssystem32driverserrdev.sys

15:50:01.0102 4684 ErrDev - ok

15:50:01.0118 4684 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:Windowssystem32es.dll

15:50:01.0149 4684 EventSystem - ok

15:50:01.0180 4684 exfat (486844f47b6636044a42454614ed4523) C:Windowssystem32driversexfat.sys

15:50:01.0196 4684 exfat - ok

15:50:01.0211 4684 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:Windowssystem32driversfastfat.sys

15:50:01.0243 4684 fastfat - ok

15:50:01.0289 4684 Fax (989a776a2ff32a148fcf15c44058b129) C:Windowssystem32fxssvc.exe

15:50:01.0321 4684 Fax - ok

15:50:01.0336 4684 fdc (81b79b6df71fa1d2c6d688d830616e39) C:Windowssystem32DRIVERSfdc.sys

15:50:01.0383 4684 fdc - ok

15:50:01.0399 4684 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:Windowssystem32fdPHost.dll

15:50:01.0430 4684 fdPHost - ok

15:50:01.0445 4684 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:Windowssystem32fdrespub.dll

15:50:01.0523 4684 FDResPub - ok

15:50:01.0523 4684 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:Windowssystem32driversfileinfo.sys

15:50:01.0539 4684 FileInfo - ok

15:50:01.0539 4684 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:Windowssystem32driversfiletrace.sys

15:50:01.0570 4684 Filetrace - ok

15:50:01.0586 4684 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:Windowssystem32DRIVERSflpydisk.sys

15:50:01.0617 4684 flpydisk - ok

15:50:01.0617 4684 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:Windowssystem32driversfltmgr.sys

15:50:01.0633 4684 FltMgr - ok

15:50:01.0679 4684 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:Windowssystem32FntCache.dll

15:50:01.0757 4684 FontCache - ok

15:50:01.0804 4684 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:WindowsMicrosoft.NetFramework64v3.0WPFPresentationFontCache.exe

15:50:01.0820 4684 FontCache3.0.0.0 - ok

15:50:01.0851 4684 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:Windowssystem32driversFs_Rec.sys

15:50:01.0867 4684 Fs_Rec - ok

15:50:01.0929 4684 Futuremark SystemInfo Service (79b4cde2b69ed8ba4011859780a66a4d) C:Program Files (x86)Common FilesFuturemark SharedFuturemark SystemInfoFMSISvc.exe

15:50:01.0945 4684 Futuremark SystemInfo Service - ok

15:50:01.0960 4684 fvevol (849e38db7d829962d0233a0a252b60c3) C:Windowssystem32DRIVERSfvevol.sys

15:50:01.0976 4684 fvevol - ok

15:50:01.0976 4684 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:Windowssystem32driversgagp30kx.sys

15:50:01.0991 4684 gagp30kx - ok

15:50:02.0007 4684 gdrv - ok

15:50:02.0023 4684 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:Windowssystem32DRIVERSGEARAspiWDM.sys

15:50:02.0023 4684 GEARAspiWDM - ok

15:50:02.0054 4684 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:WindowsSystem32gpsvc.dll

15:50:02.0116 4684 gpsvc - ok

15:50:02.0163 4684 gupdate (f02a533f517eb38333cb12a9e8963773) C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

15:50:02.0163 4684 gupdate - ok

15:50:02.0179 4684 gupdatem (f02a533f517eb38333cb12a9e8963773) C:Program Files (x86)GoogleUpdateGoogleUpdate.exe

15:50:02.0194 4684 gupdatem - ok

15:50:02.0210 4684 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:Program Files (x86)GoogleCommonGoogle UpdaterGoogleUpdaterService.exe

15:50:02.0210 4684 gusvc - ok

15:50:02.0257 4684 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:Windowssystem32driversHdAudio.sys

15:50:02.0272 4684 HdAudAddService - ok

15:50:02.0319 4684 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:Windowssystem32DRIVERSHDAudBus.sys

15:50:02.0350 4684 HDAudBus - ok

15:50:02.0366 4684 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:Windowssystem32drivershidbth.sys

15:50:02.0413 4684 HidBth - ok

15:50:02.0428 4684 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:Windowssystem32drivershidir.sys

15:50:02.0491 4684 HidIr - ok

15:50:02.0506 4684 hidserv (59361d38a297755d46a540e450202b2a) C:WindowsSystem32hidserv.dll

15:50:02.0537 4684 hidserv - ok

15:50:02.0537 4684 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:Windowssystem32DRIVERShidusb.sys

15:50:02.0569 4684 HidUsb - ok

15:50:02.0584 4684 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:Windowssystem32kmsvc.dll

15:50:02.0631 4684 hkmsvc - ok

15:50:02.0647 4684 HpCISSs (a27e8af2caac5e2693e6d4e2fce9b54f) C:Windowssystem32drivershpcisss.sys

15:50:02.0662 4684 HpCISSs - ok

15:50:02.0709 4684 hpqcxs08 (58d4765ab87347db835d5693adf652c1) C:Program Files (x86)HPDigital Imagingbinhpqcxs08.dll

15:50:02.0709 4684 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

15:50:02.0709 4684 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

15:50:02.0740 4684 hpqddsvc (99ed733f614660eb32199bf889dfb7e2) C:Program Files (x86)HPDigital Imagingbinhpqddsvc.dll

15:50:02.0740 4684 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

15:50:02.0740 4684 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

15:50:02.0756 4684 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:Windowssystem32DriversANDROIDUSB.sys

15:50:02.0787 4684 HTCAND64 - ok

15:50:02.0803 4684 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:Windowssystem32DRIVERShtcnprot.sys

15:50:02.0818 4684 htcnprot - ok

15:50:02.0849 4684 HTTP (098f1e4e5c9cb5b0063a959063631610) C:Windowssystem32driversHTTP.sys

15:50:02.0881 4684 HTTP - ok

15:50:02.0896 4684 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:Windowssystem32driversi2omp.sys

15:50:02.0912 4684 i2omp - ok

15:50:02.0927 4684 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:Windowssystem32DRIVERSi8042prt.sys

15:50:02.0959 4684 i8042prt - ok

15:50:02.0990 4684 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:Windowssystem32driversiastorv.sys

15:50:02.0990 4684 iaStorV - ok

15:50:03.0052 4684 idsvc (749f5f8cedca70f2a512945325fc489d) C:WindowsMicrosoft.NETFramework64v3.0Windows Communication Foundationinfocard.exe

15:50:03.0099 4684 idsvc - ok

15:50:03.0193 4684 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsIPSDefs20120803.002IDSvia64.sys

15:50:03.0224 4684 IDSVia64 - ok

15:50:03.0255 4684 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:Windowssystem32driversiirsp.sys

15:50:03.0271 4684 iirsp - ok

15:50:03.0302 4684 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:WindowsSystem32ikeext.dll

15:50:03.0349 4684 IKEEXT - ok

15:50:03.0489 4684 IntcAzAudAddService (718a4008ee5da174400396b27509ef82) C:Windowssystem32driversRTKVHD64.sys

15:50:03.0551 4684 IntcAzAudAddService - ok

15:50:03.0598 4684 intelide (df797a12176f11b2d301c5b234bb200e) C:Windowssystem32driversintelide.sys

15:50:03.0614 4684 intelide - ok

15:50:03.0629 4684 intelppm (bfd84af32fa1bad6231c4585cb469630) C:Windowssystem32DRIVERSintelppm.sys

15:50:03.0661 4684 intelppm - ok

15:50:03.0676 4684 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:Windowssystem32ipbusenum.dll

15:50:03.0707 4684 IPBusEnum - ok

15:50:03.0723 4684 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:Windowssystem32DRIVERSipfltdrv.sys

15:50:03.0754 4684 IpFilterDriver - ok

15:50:03.0785 4684 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:WindowsSystem32iphlpsvc.dll

15:50:03.0817 4684 iphlpsvc - ok

15:50:03.0817 4684 IpInIp - ok

15:50:03.0832 4684 IPMIDRV (e41dd7038db14ae9d35b47b10bdce58a) C:Windowssystem32driversipmidrv.sys

15:50:03.0848 4684 IPMIDRV - ok

15:50:03.0863 4684 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:Windowssystem32DRIVERSipnat.sys

15:50:03.0910 4684 IPNAT - ok

15:50:03.0988 4684 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:Program FilesiPodbiniPodService.exe

15:50:04.0019 4684 iPod Service - ok

15:50:04.0051 4684 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:Windowssystem32driversirenum.sys

15:50:04.0082 4684 IRENUM - ok

15:50:04.0097 4684 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:Windowssystem32driversisapnp.sys

15:50:04.0113 4684 isapnp - ok

15:50:04.0129 4684 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:Windowssystem32DRIVERSmsiscsi.sys

15:50:04.0144 4684 iScsiPrt - ok

15:50:04.0160 4684 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:Windowssystem32driversiteatapi.sys

15:50:04.0175 4684 iteatapi - ok

15:50:04.0207 4684 iteraid (1281fe73b17664631d12f643cbea3f59) C:Windowssystem32driversiteraid.sys

15:50:04.0207 4684 iteraid - ok

15:50:04.0269 4684 JMB36X (0d2da1c6d8ed85f51e3758eae22455f2) C:WindowsSysWOW64XSrvSetup.exe

15:50:04.0285 4684 JMB36X - ok

15:50:04.0316 4684 JRAID (50de7dd7edb1b512b13666588aefbf6f) C:Windowssystem32DRIVERSjraid.sys

15:50:04.0331 4684 JRAID - ok

15:50:04.0347 4684 kbdclass (423696f3ba6472dd17699209b933bc26) C:Windowssystem32DRIVERSkbdclass.sys

15:50:04.0347 4684 kbdclass - ok

15:50:04.0363 4684 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:Windowssystem32DRIVERSkbdhid.sys

15:50:04.0394 4684 kbdhid - ok

15:50:04.0409 4684 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:Windowssystem32lsass.exe

15:50:04.0441 4684 KeyIso - ok

15:50:04.0472 4684 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:Windowssystem32Driversksecdd.sys

15:50:04.0487 4684 KSecDD - ok

15:50:04.0503 4684 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:Windowssystem32driversksthunk.sys

15:50:04.0550 4684 ksthunk - ok

15:50:04.0597 4684 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:Windowssystem32msdtckrm.dll

15:50:04.0659 4684 KtmRm - ok

15:50:04.0675 4684 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:WindowsSystem32srvsvc.dll

15:50:04.0706 4684 LanmanServer - ok

15:50:04.0737 4684 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:WindowsSystem32wkssvc.dll

15:50:04.0753 4684 LanmanWorkstation - ok

15:50:04.0768 4684 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:Windowssystem32DRIVERSlltdio.sys

15:50:04.0799 4684 lltdio - ok

15:50:04.0893 4684 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:WindowsSystem32lltdsvc.dll

15:50:04.0940 4684 lltdsvc - ok

15:50:04.0955 4684 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:WindowsSystem32lmhsvc.dll

15:50:04.0987 4684 lmhosts - ok

15:50:05.0002 4684 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:Windowssystem32driverslsi_fc.sys

15:50:05.0018 4684 LSI_FC - ok

15:50:05.0033 4684 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:Windowssystem32driverslsi_sas.sys

15:50:05.0049 4684 LSI_SAS - ok

15:50:05.0065 4684 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:Windowssystem32driverslsi_scsi.sys

15:50:05.0080 4684 LSI_SCSI - ok

15:50:05.0096 4684 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:Windowssystem32driversluafv.sys

15:50:05.0143 4684 luafv - ok

15:50:05.0158 4684 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:Windowssystem32driversmbam.sys

15:50:05.0174 4684 MBAMProtector - ok

15:50:05.0377 4684 MBAMService (43683e970f008c93c9429ef428147a54) C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

15:50:05.0408 4684 MBAMService - ok

15:50:05.0423 4684 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:Windowssystem32Mcx2Svc.dll

15:50:05.0439 4684 Mcx2Svc - ok

15:50:05.0455 4684 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:Windowssystem32driversmegasas.sys

15:50:05.0470 4684 megasas - ok

15:50:05.0501 4684 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:Windowssystem32driversmegasr.sys

15:50:05.0517 4684 MegaSR - ok

15:50:05.0533 4684 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:Windowssystem32mmcss.dll

15:50:05.0564 4684 MMCSS - ok

15:50:05.0595 4684 Modem (59848d5cc74606f0ee7557983bb73c2e) C:Windowssystem32driversmodem.sys

15:50:05.0626 4684 Modem - ok

15:50:05.0642 4684 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:Windowssystem32DRIVERSmonitor.sys

15:50:05.0689 4684 monitor - ok

15:50:05.0689 4684 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:Windowssystem32DRIVERSmouclass.sys

15:50:05.0704 4684 mouclass - ok

15:50:05.0735 4684 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:Windowssystem32DRIVERSmouhid.sys

15:50:05.0767 4684 mouhid - ok

15:50:05.0767 4684 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:Windowssystem32driversmountmgr.sys

15:50:05.0782 4684 MountMgr - ok

15:50:05.0829 4684 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe

15:50:05.0845 4684 MozillaMaintenance - ok

15:50:05.0860 4684 mpio (cbb01a298cb24d250017cea54884bba8) C:Windowssystem32driversmpio.sys

15:50:05.0876 4684 mpio - ok

15:50:05.0891 4684 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:Windowssystem32driversmpsdrv.sys

15:50:05.0923 4684 mpsdrv - ok

15:50:05.0954 4684 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:Windowssystem32mpssvc.dll

15:50:06.0001 4684 MpsSvc - ok

15:50:06.0001 4684 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:Windowssystem32driversmraid35x.sys

15:50:06.0016 4684 Mraid35x - ok

15:50:06.0032 4684 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:Windowssystem32driversmrxdav.sys

15:50:06.0047 4684 MRxDAV - ok

15:50:06.0063 4684 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:Windowssystem32DRIVERSmrxsmb.sys

15:50:06.0079 4684 mrxsmb - ok

15:50:06.0110 4684 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:Windowssystem32DRIVERSmrxsmb10.sys

15:50:06.0125 4684 mrxsmb10 - ok

15:50:06.0141 4684 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:Windowssystem32DRIVERSmrxsmb20.sys

15:50:06.0157 4684 mrxsmb20 - ok

15:50:06.0172 4684 msahci (aa459f2ab3ab603c357ff117cae3d818) C:Windowssystem32driversmsahci.sys

15:50:06.0188 4684 msahci - ok

15:50:06.0203 4684 msdsm (0db324146494d45417905b7009858937) C:Windowssystem32driversmsdsm.sys

15:50:06.0203 4684 msdsm - ok

15:50:06.0219 4684 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:WindowsSystem32msdtc.exe

15:50:06.0281 4684 MSDTC - ok

15:50:06.0297 4684 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:Windowssystem32driversMsfs.sys

15:50:06.0344 4684 Msfs - ok

15:50:06.0359 4684 msisadrv (00ebc952961664780d43dca157e79b27) C:Windowssystem32driversmsisadrv.sys

15:50:06.0375 4684 msisadrv - ok

15:50:06.0406 4684 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:Windowssystem32iscsiexe.dll

15:50:06.0453 4684 MSiSCSI - ok

15:50:06.0453 4684 msiserver - ok

15:50:06.0469 4684 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:Windowssystem32driversMSKSSRV.sys

15:50:06.0500 4684 MSKSSRV - ok

15:50:06.0515 4684 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:Windowssystem32driversMSPCLOCK.sys

15:50:06.0562 4684 MSPCLOCK - ok

15:50:06.0562 4684 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:Windowssystem32driversMSPQM.sys

15:50:06.0593 4684 MSPQM - ok

15:50:06.0765 4684 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:Windowssystem32driversMsRPC.sys

15:50:06.0781 4684 MsRPC - ok

15:50:06.0827 4684 mssmbios (855796e59df77ea93af46f20155bf55b) C:Windowssystem32DRIVERSmssmbios.sys

15:50:06.0843 4684 mssmbios - ok

15:50:06.0859 4684 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:Windowssystem32driversMSTEE.sys

15:50:06.0921 4684 MSTEE - ok

15:50:06.0921 4684 Mup (0cc49f78d8aca0877d885f149084e543) C:Windowssystem32Driversmup.sys

15:50:06.0937 4684 Mup - ok

15:50:07.0015 4684 N360 (c6948f034d7edabcfa2234d399fc78bc) C:Program Files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe

15:50:07.0030 4684 N360 - ok

15:50:07.0124 4684 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:Windowssystem32qagentRT.dll

15:50:07.0186 4684 napagent - ok

15:50:07.0202 4684 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:Windowssystem32DRIVERSnwifi.sys

15:50:07.0233 4684 NativeWifiP - ok

15:50:07.0420 4684 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsVirusDefs20120803.035ENG64.SYS

15:50:07.0436 4684 NAVENG - ok

15:50:07.0670 4684 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsVirusDefs20120803.035EX64.SYS

15:50:07.0748 4684 NAVEX15 - ok

15:50:07.0857 4684 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:Windowssystem32driversndis.sys

15:50:07.0888 4684 NDIS - ok

15:50:07.0904 4684 NdisTapi (64df698a425478e321981431ac171334) C:Windowssystem32DRIVERSndistapi.sys

15:50:07.0951 4684 NdisTapi - ok

15:50:07.0951 4684 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:Windowssystem32DRIVERSndisuio.sys

15:50:07.0997 4684 Ndisuio - ok

15:50:08.0013 4684 NdisWan (f8158771905260982ce724076419ef19) C:Windowssystem32DRIVERSndiswan.sys

15:50:08.0044 4684 NdisWan - ok

15:50:08.0060 4684 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:Windowssystem32driversNDProxy.sys

15:50:08.0091 4684 NDProxy - ok

15:50:08.0107 4684 Net Driver HPZ12 (59267d2f0328599aa3b5408c2e06126f) C:Windowssystem32HPZinw12.dll

15:50:08.0138 4684 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:50:08.0138 4684 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:50:08.0153 4684 NetBIOS (a499294f5029a7862adc115bda7371ce) C:Windowssystem32DRIVERSnetbios.sys

15:50:08.0200 4684 NetBIOS - ok

15:50:08.0216 4684 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:Windowssystem32DRIVERSnetbt.sys

15:50:08.0247 4684 netbt - ok

15:50:08.0263 4684 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:Windowssystem32lsass.exe

15:50:08.0278 4684 Netlogon - ok

15:50:08.0309 4684 Netman (9b63b29defc0f3115a559d2597bf5d75) C:WindowsSystem32netman.dll

15:50:08.0372 4684 Netman - ok

15:50:08.0387 4684 netprofm (7846d0136cc2b264926a73047ba7688a) C:WindowsSystem32netprofm.dll

15:50:08.0450 4684 netprofm - ok

15:50:08.0497 4684 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:WindowsMicrosoft.NETFramework64v3.0Windows Communication FoundationSMSvcHost.exe

15:50:08.0512 4684 NetTcpPortSharing - ok

15:50:08.0528 4684 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:Windowssystem32driversnfrd960.sys

15:50:08.0543 4684 nfrd960 - ok

15:50:08.0559 4684 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:WindowsSystem32nlasvc.dll

15:50:08.0621 4684 NlaSvc - ok

15:50:08.0637 4684 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:Windowssystem32driversNpfs.sys

15:50:08.0684 4684 Npfs - ok

15:50:08.0699 4684 nsi (acb62baa1c319b17752553df3026eeeb) C:Windowssystem32nsisvc.dll

15:50:08.0746 4684 nsi - ok

15:50:08.0762 4684 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:Windowssystem32driversnsiproxy.sys

15:50:08.0809 4684 nsiproxy - ok

15:50:08.0871 4684 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:Windowssystem32driversNtfs.sys

15:50:08.0933 4684 Ntfs - ok

15:50:09.0152 4684 Null (dd5d684975352b85b52e3fd5347c20cb) C:Windowssystem32driversNull.sys

15:50:09.0199 4684 Null - ok

15:50:09.0230 4684 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:Windowssystem32DRIVERSnusb3hub.sys

15:50:09.0261 4684 nusb3hub - ok

15:50:09.0292 4684 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:Windowssystem32DRIVERSnusb3xhc.sys

15:50:09.0323 4684 nusb3xhc - ok

15:50:09.0791 4684 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:Windowssystem32DRIVERSnvlddmkm.sys

15:50:10.0135 4684 nvlddmkm - ok

15:50:10.0213 4684 nvraid (2c040b7ada5b06f6facadac8514aa034) C:Windowssystem32driversnvraid.sys

15:50:10.0228 4684 nvraid - ok

15:50:10.0244 4684 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:Windowssystem32driversnvstor.sys

15:50:10.0244 4684 nvstor - ok

15:50:10.0306 4684 NVSvc (39f933ca2798156b0b7a19d104b73b9a) C:Windowssystem32nvvsvc.exe

15:50:10.0353 4684 NVSvc - ok

15:50:10.0369 4684 nv_agp (19067ca93075ef4823e3938a686f532f) C:Windowssystem32driversnv_agp.sys

15:50:10.0369 4684 nv_agp - ok

15:50:10.0369 4684 NwlnkFlt - ok

15:50:10.0384 4684 NwlnkFwd - ok

15:50:10.0447 4684 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:Program Files (x86)Common FilesMicrosoft SharedOFFICE12ODSERV.EXE

15:50:10.0462 4684 odserv - ok

15:50:10.0478 4684 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:Windowssystem32driversohci1394.sys

15:50:10.0525 4684 ohci1394 - ok

15:50:10.0556 4684 ose (5a432a042dae460abe7199b758e8606c) C:Program Files (x86)Common FilesMicrosoft SharedSource EngineOSE.EXE

15:50:10.0556 4684 ose - ok

15:50:10.0603 4684 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:Windowssystem32p2psvc.dll

15:50:10.0665 4684 p2pimsvc - ok

15:50:10.0681 4684 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:Windowssystem32p2psvc.dll

15:50:10.0696 4684 p2psvc - ok

15:50:10.0727 4684 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:Windowssystem32DRIVERSparport.sys

15:50:10.0759 4684 Parport - ok

15:50:10.0790 4684 partmgr (b43751085e2abe389da466bc62a4b987) C:Windowssystem32driverspartmgr.sys

15:50:10.0790 4684 partmgr - ok

15:50:10.0837 4684 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe

15:50:10.0852 4684 PassThru Service ( UnsignedFile.Multi.Generic ) - warning

15:50:10.0852 4684 PassThru Service - detected UnsignedFile.Multi.Generic (1)

15:50:10.0868 4684 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:WindowsSystem32pcasvc.dll

15:50:10.0899 4684 PcaSvc - ok

15:50:10.0915 4684 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:Windowssystem32driverspci.sys

15:50:10.0915 4684 pci - ok

15:50:10.0930 4684 pciide (2657f6c0b78c36d95034be109336e382) C:Windowssystem32driverspciide.sys

15:50:10.0946 4684 pciide - ok

15:50:10.0961 4684 pcmcia (037661f3d7c507c9993b7010ceee6288) C:Windowssystem32driverspcmcia.sys

15:50:10.0977 4684 pcmcia - ok

15:50:11.0008 4684 PEAUTH (58865916f53592a61549b04941bfd80d) C:Windowssystem32driverspeauth.sys

15:50:11.0086 4684 PEAUTH - ok

15:50:11.0133 4684 PerfHost (0ed8727ea0172860f47258456c06caea) C:WindowsSysWow64perfhost.exe

15:50:11.0180 4684 PerfHost - ok

15:50:11.0227 4684 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:Windowssystem32pla.dll

15:50:11.0305 4684 pla - ok

15:50:11.0351 4684 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:Windowssystem32umpnpmgr.dll

15:50:11.0383 4684 PlugPlay - ok

15:50:11.0414 4684 Pml Driver HPZ12 (5261a2fd55183ac6993145ab6662cddf) C:Windowssystem32HPZipm12.dll

15:50:11.0429 4684 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

15:50:11.0429 4684 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

15:50:11.0461 4684 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:Windowssystem32p2psvc.dll

15:50:11.0492 4684 PNRPAutoReg - ok

15:50:11.0492 4684 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:Windowssystem32p2psvc.dll

15:50:11.0523 4684 PNRPsvc - ok

15:50:11.0554 4684 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:WindowsSystem32ipsecsvc.dll

15:50:11.0601 4684 PolicyAgent - ok

15:50:11.0632 4684 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:Windowssystem32DRIVERSraspptp.sys

15:50:11.0663 4684 PptpMiniport - ok

15:50:11.0679 4684 Processor (5080e59ecee0bc923f14018803aa7a01) C:Windowssystem32driversprocessr.sys

15:50:11.0710 4684 Processor - ok

15:50:11.0726 4684 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:Windowssystem32profsvc.dll

15:50:11.0757 4684 ProfSvc - ok

15:50:11.0773 4684 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:Windowssystem32lsass.exe

15:50:11.0788 4684 ProtectedStorage - ok

15:50:11.0804 4684 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:Windowssystem32DRIVERSpacer.sys

15:50:11.0819 4684 PSched - ok

15:50:11.0866 4684 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:Windowssystem32driversql2300.sys

15:50:11.0913 4684 ql2300 - ok

15:50:11.0929 4684 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:Windowssystem32driversql40xx.sys

15:50:11.0929 4684 ql40xx - ok

15:50:11.0960 4684 QWAVE (90574842c3da781e279061a3eff91f07) C:Windowssystem32qwave.dll

15:50:11.0991 4684 QWAVE - ok

15:50:11.0991 4684 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:Windowssystem32driversqwavedrv.sys

15:50:12.0022 4684 QWAVEdrv - ok

15:50:12.0038 4684 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:Windowssystem32DRIVERSrasacd.sys

15:50:12.0069 4684 RasAcd - ok

15:50:12.0085 4684 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:WindowsSystem32rasauto.dll

15:50:12.0116 4684 RasAuto - ok

15:50:12.0131 4684 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:Windowssystem32DRIVERSrasl2tp.sys

15:50:12.0163 4684 Rasl2tp - ok

15:50:12.0178 4684 RasMan (3ad83e4046c43be510de681588acb8af) C:WindowsSystem32rasmans.dll

15:50:12.0209 4684 RasMan - ok

15:50:12.0225 4684 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:Windowssystem32DRIVERSraspppoe.sys

15:50:12.0256 4684 RasPppoe - ok

15:50:12.0256 4684 RasSstp (c6a593b51f34c33e5474539544072527) C:Windowssystem32DRIVERSrassstp.sys

15:50:12.0272 4684 RasSstp - ok

15:50:12.0287 4684 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:Windowssystem32DRIVERSrdbss.sys

15:50:12.0319 4684 rdbss - ok

15:50:12.0319 4684 RDPCDD (603900cc05f6be65ccbf373800af3716) C:Windowssystem32DRIVERSRDPCDD.sys

15:50:12.0350 4684 RDPCDD - ok

15:50:12.0365 4684 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:Windowssystem32DRIVERSrdpdr.sys

15:50:12.0397 4684 rdpdr - ok

15:50:12.0397 4684 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:Windowssystem32driversrdpencdd.sys

15:50:12.0428 4684 RDPENCDD - ok

15:50:12.0459 4684 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:Windowssystem32driversRDPWD.sys

15:50:12.0490 4684 RDPWD - ok

15:50:12.0521 4684 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:WindowsSystem32mprdim.dll

15:50:12.0553 4684 RemoteAccess - ok

15:50:12.0568 4684 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:Windowssystem32regsvc.dll

15:50:12.0584 4684 RemoteRegistry - ok

15:50:12.0615 4684 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:Windowssystem32locator.exe

15:50:12.0631 4684 RpcLocator - ok

15:50:12.0677 4684 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:Windowssystem32rpcss.dll

15:50:12.0709 4684 RpcSs - ok

15:50:12.0724 4684 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:Windowssystem32DRIVERSrspndr.sys

15:50:12.0755 4684 rspndr - ok

15:50:12.0787 4684 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:Windowssystem32DRIVERSRtlh64.sys

15:50:12.0802 4684 RTL8169 - ok

15:50:12.0818 4684 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:Windowssystem32lsass.exe

15:50:12.0833 4684 SamSs - ok

15:50:12.0849 4684 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:Windowssystem32driverssbp2port.sys

15:50:12.0865 4684 sbp2port - ok

15:50:12.0943 4684 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe

15:50:12.0974 4684 SBSDWSCService - ok

15:50:12.0989 4684 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:WindowsSystem32SCardSvr.dll

15:50:13.0021 4684 SCardSvr - ok

15:50:13.0067 4684 Schedule (0f838c811ad295d2a4489b9993096c63) C:Windowssystem32schedsvc.dll

15:50:13.0099 4684 Schedule - ok

15:50:13.0130 4684 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:WindowsSystem32certprop.dll

15:50:13.0145 4684 SCPolicySvc - ok

15:50:13.0161 4684 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:WindowsSystem32SDRSVC.dll

15:50:13.0177 4684 SDRSVC - ok

15:50:13.0208 4684 secdrv (3ea8a16169c26afbeb544e0e48421186) C:Windowssystem32driverssecdrv.sys

15:50:13.0255 4684 secdrv - ok

15:50:13.0270 4684 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:Windowssystem32seclogon.dll

15:50:13.0301 4684 seclogon - ok

15:50:13.0301 4684 SENS (90973a64b96cd647ff81c79443618eed) C:Windowssystem32sens.dll

15:50:13.0348 4684 SENS - ok

15:50:13.0364 4684 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:Windowssystem32DRIVERSserenum.sys

15:50:13.0411 4684 Serenum - ok

15:50:13.0411 4684 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:Windowssystem32DRIVERSserial.sys

15:50:13.0457 4684 Serial - ok

15:50:13.0473 4684 sermouse (a842f04833684bceea7336211be478df) C:Windowssystem32driverssermouse.sys

15:50:13.0504 4684 sermouse - ok

15:50:13.0520 4684 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:Windowssystem32sessenv.dll

15:50:13.0551 4684 SessionEnv - ok

15:50:13.0567 4684 sffdisk (3a19c899bcf0ea24cfec2038e6a489db) C:Windowssystem32driverssffdisk.sys

15:50:13.0598 4684 sffdisk - ok

15:50:13.0598 4684 sffp_mmc (dbbd3fd8af718966af768a754e07e8c0) C:Windowssystem32driverssffp_mmc.sys

15:50:13.0629 4684 sffp_mmc - ok

15:50:13.0645 4684 sffp_sd (fdca63a2eee528585eb66ceac183ec22) C:Windowssystem32driverssffp_sd.sys

15:50:13.0676 4684 sffp_sd - ok

15:50:13.0691 4684 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:Windowssystem32driverssfloppy.sys

15:50:13.0738 4684 sfloppy - ok

15:50:13.0785 4684 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:WindowsSystem32ipnathlp.dll

15:50:13.0832 4684 SharedAccess - ok

15:50:13.0863 4684 ShellHWDetection (56793271ecdedd350c5add305603e963) C:WindowsSystem32shsvcs.dll

15:50:13.0879 4684 ShellHWDetection - ok

15:50:13.0894 4684 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:Windowssystem32driverssisraid2.sys

15:50:13.0894 4684 SiSRaid2 - ok

15:50:13.0910 4684 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:Windowssystem32driverssisraid4.sys

15:50:13.0925 4684 SiSRaid4 - ok

15:50:14.0019 4684 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:Windowssystem32SLsvc.exe

15:50:14.0128 4684 slsvc - ok

15:50:14.0253 4684 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:Windowssystem32SLUINotify.dll

15:50:14.0284 4684 SLUINotify - ok

15:50:14.0315 4684 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:Windowssystem32DRIVERSsmb.sys

15:50:14.0347 4684 Smb - ok

15:50:14.0362 4684 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:WindowsSystem32snmptrap.exe

15:50:14.0378 4684 SNMPTRAP - ok

15:50:14.0393 4684 spldr (386c3c63f00a7040c7ec5e384217e89d) C:Windowssystem32driversspldr.sys

15:50:14.0409 4684 spldr - ok

15:50:14.0440 4684 Spooler (f66ff751e7efc816d266977939ef5dc3) C:WindowsSystem32spoolsv.exe

15:50:14.0471 4684 Spooler - ok

15:50:14.0518 4684 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:WindowsSystem32DriversN360x640602010.005SRTSP64.SYS

15:50:14.0549 4684 SRTSP - ok

15:50:14.0565 4684 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:Windowssystem32driversN360x640602010.005SRTSPX64.SYS

15:50:14.0565 4684 SRTSPX - ok

15:50:14.0596 4684 srv (880a57fccb571ebd063d4dd50e93e46d) C:Windowssystem32DRIVERSsrv.sys

15:50:14.0627 4684 srv - ok

15:50:14.0643 4684 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:Windowssystem32DRIVERSsrv2.sys

15:50:14.0690 4684 srv2 - ok

15:50:14.0705 4684 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:Windowssystem32DRIVERSsrvnet.sys

15:50:14.0721 4684 srvnet - ok

15:50:14.0737 4684 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:WindowsSystem32ssdpsrv.dll

15:50:14.0783 4684 SSDPSRV - ok

15:50:14.0799 4684 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:Windowssystem32sstpsvc.dll

15:50:14.0830 4684 SstpSvc - ok

15:50:14.0861 4684 stisvc (15825c1fbfb8779992cb65087f316af5) C:WindowsSystem32wiaservc.dll

15:50:14.0908 4684 stisvc - ok

15:50:14.0924 4684 STTub203 (ac95ecf2856b6c716aff2fbc449845b9) C:Windowssystem32DriversSTTub203.sys

15:50:14.0955 4684 STTub203 - ok

15:50:14.0971 4684 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:Windowssystem32DRIVERSswenum.sys

15:50:14.0971 4684 swenum - ok

15:50:15.0002 4684 swprv (6de37f4de19d4efd9c48c43addbc949a) C:WindowsSystem32swprv.dll

15:50:15.0049 4684 swprv - ok

15:50:15.0049 4684 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:Windowssystem32driverssymc8xx.sys

15:50:15.0064 4684 Symc8xx - ok

15:50:15.0111 4684 SymDS (8b2430762099598da40686f754632efd) C:Windowssystem32driversN360x640602010.005SYMDS64.SYS

15:50:15.0127 4684 SymDS - ok

15:50:15.0173 4684 SymEFA (f90c7a190399165d3ab2245048d34786) C:Windowssystem32driversN360x640602010.005SYMEFA64.SYS

15:50:15.0220 4684 SymEFA - ok

15:50:15.0267 4684 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:Windowssystem32DriversSYMEVENT64x86.SYS

15:50:15.0267 4684 SymEvent - ok

15:50:15.0298 4684 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:Windowssystem32driversN360x640602010.005Ironx64.SYS

15:50:15.0298 4684 SymIRON - ok

15:50:15.0329 4684 SYMTDIv (a25fee245c78804601d83431386a0bee) C:WindowsSystem32DriversN360x640602010.005SYMTDIV.SYS

15:50:15.0345 4684 SYMTDIv - ok

15:50:15.0361 4684 Sym_hi (a909667976d3bccd1df813fed517d837) C:Windowssystem32driverssym_hi.sys

15:50:15.0376 4684 Sym_hi - ok

15:50:15.0376 4684 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:Windowssystem32driverssym_u3.sys

15:50:15.0392 4684 Sym_u3 - ok

15:50:15.0423 4684 SysMain (92d7a8b0f87b036f17d25885937897a6) C:Windowssystem32sysmain.dll

15:50:15.0501 4684 SysMain - ok

15:50:15.0517 4684 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:WindowsSystem32TabSvc.dll

15:50:15.0532 4684 TabletInputService - ok

15:50:15.0563 4684 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:WindowsSystem32tapisrv.dll

15:50:15.0579 4684 TapiSrv - ok

15:50:15.0626 4684 TarFltr (827f682e9d2d9b2a49691c3a9697a3bb) C:Windowssystem32driversUsbFltr.sys

15:50:15.0641 4684 TarFltr - ok

15:50:15.0657 4684 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:WindowsSystem32tbssvc.dll

15:50:15.0688 4684 TBS - ok

15:50:15.0751 4684 Tcpip (ac8d5728e6ad6a7c4819d9a67008337a) C:Windowssystem32driverstcpip.sys

15:50:15.0797 4684 Tcpip - ok

15:50:15.0891 4684 Tcpip6 (ac8d5728e6ad6a7c4819d9a67008337a) C:Windowssystem32DRIVERStcpip.sys

15:50:15.0938 4684 Tcpip6 - ok

15:50:15.0969 4684 tcpipreg (fd8fde859e38e40a20085ebb0c22b416) C:Windowssystem32driverstcpipreg.sys

15:50:16.0000 4684 tcpipreg - ok

15:50:16.0000 4684 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:Windowssystem32driverstdpipe.sys

15:50:16.0047 4684 TDPIPE - ok

15:50:16.0063 4684 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:Windowssystem32driverstdtcp.sys

15:50:16.0094 4684 TDTCP - ok

15:50:16.0109 4684 tdx (458919c8c42e398dc4802178d5ffee27) C:Windowssystem32DRIVERStdx.sys

15:50:16.0125 4684 tdx - ok

15:50:16.0141 4684 TermDD (8c19678d22649ec002ef2282eae92f98) C:Windowssystem32DRIVERStermdd.sys

15:50:16.0141 4684 TermDD - ok

15:50:16.0172 4684 TermService (5cdd30bc217082dac71a9878d9bfd566) C:WindowsSystem32termsrv.dll

15:50:16.0203 4684 TermService - ok

15:50:16.0219 4684 Themes (56793271ecdedd350c5add305603e963) C:Windowssystem32shsvcs.dll

15:50:16.0234 4684 Themes - ok

15:50:16.0250 4684 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:Windowssystem32mmcss.dll

15:50:16.0281 4684 THREADORDER - ok

15:50:16.0297 4684 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:WindowsSystem32trkwks.dll

15:50:16.0328 4684 TrkWks - ok

15:50:16.0375 4684 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:WindowsservicingTrustedInstaller.exe

15:50:16.0390 4684 TrustedInstaller - ok

15:50:16.0406 4684 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:Windowssystem32DRIVERStssecsrv.sys

15:50:16.0437 4684 tssecsrv - ok

15:50:16.0453 4684 tunmp (89ec74a9e602d16a75a4170511029b3c) C:Windowssystem32DRIVERStunmp.sys

15:50:16.0468 4684 tunmp - ok

15:50:16.0484 4684 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:Windowssystem32DRIVERStunnel.sys

15:50:16.0499 4684 tunnel - ok

15:50:16.0515 4684 uagp35 (fec266ef401966311744bd0f359f7f56) C:Windowssystem32driversuagp35.sys

15:50:16.0531 4684 uagp35 - ok

15:50:16.0546 4684 udfs (faf2640a2a76ed03d449e443194c4c34) C:Windowssystem32DRIVERSudfs.sys

15:50:16.0577 4684 udfs - ok

15:50:16.0593 4684 UI0Detect (060507c4113391394478f6953a79eedc) C:Windowssystem32UI0Detect.exe

15:50:16.0624 4684 UI0Detect - ok

15:50:16.0640 4684 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:Windowssystem32driversuliagpkx.sys

15:50:16.0640 4684 uliagpkx - ok

15:50:16.0655 4684 uliahci (697f0446134cdc8f99e69306184fbbb4) C:Windowssystem32driversuliahci.sys

15:50:16.0671 4684 uliahci - ok

15:50:16.0687 4684 UlSata (31707f09846056651ea2c37858f5ddb0) C:Windowssystem32driversulsata.sys

15:50:16.0702 4684 UlSata - ok

15:50:16.0718 4684 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:Windowssystem32driversulsata2.sys

15:50:16.0733 4684 ulsata2 - ok

15:50:16.0733 4684 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:Windowssystem32DRIVERSumbus.sys

15:50:16.0780 4684 umbus - ok

15:50:16.0796 4684 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:WindowsSystem32umrdp.dll

15:50:16.0811 4684 UmRdpService - ok

15:50:16.0858 4684 upnphost (7093799ff80e9deca0680d2e3535be60) C:WindowsSystem32upnphost.dll

15:50:16.0889 4684 upnphost - ok

15:50:16.0936 4684 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:Windowssystem32Driversusbaapl64.sys

15:50:16.0967 4684 USBAAPL64 - ok

15:50:16.0983 4684 usbccgp (07e3498fc60834219d2356293da0fecc) C:Windowssystem32DRIVERSusbccgp.sys

15:50:17.0014 4684 usbccgp - ok

15:50:17.0030 4684 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:Windowssystem32driversusbcir.sys

15:50:17.0092 4684 usbcir - ok

15:50:17.0108 4684 usbehci (827e44de934a736ea31e91d353eb126f) C:Windowssystem32DRIVERSusbehci.sys

15:50:17.0123 4684 usbehci - ok

15:50:17.0139 4684 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:Windowssystem32DRIVERSusbhub.sys

15:50:17.0155 4684 usbhub - ok

15:50:17.0170 4684 usbohci (eba14ef0c07cec233f1529c698d0d154) C:Windowssystem32driversusbohci.sys

15:50:17.0217 4684 usbohci - ok

15:50:17.0233 4684 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:Windowssystem32DRIVERSusbprint.sys

15:50:17.0264 4684 usbprint - ok

15:50:17.0279 4684 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:Windowssystem32DRIVERSusbscan.sys

15:50:17.0311 4684 usbscan - ok

15:50:17.0311 4684 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:Windowssystem32DRIVERSUSBSTOR.SYS

15:50:17.0342 4684 USBSTOR - ok

15:50:17.0357 4684 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:Windowssystem32DRIVERSusbuhci.sys

15:50:17.0373 4684 usbuhci - ok

15:50:17.0389 4684 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:Windowssystem32DRIVERSusb8023x.sys

15:50:17.0404 4684 usb_rndisx - ok

15:50:17.0420 4684 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:WindowsSystem32uxsms.dll

15:50:17.0451 4684 UxSms - ok

15:50:17.0467 4684 vds (294945381dfa7ce58cecf0a9896af327) C:WindowsSystem32vds.exe

15:50:17.0513 4684 vds - ok

15:50:17.0529 4684 vga (916b94bcf1e09873fff2d5fb11767bbc) C:Windowssystem32DRIVERSvgapnp.sys

15:50:17.0560 4684 vga - ok

15:50:17.0560 4684 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:WindowsSystem32driversvga.sys

15:50:17.0607 4684 VgaSave - ok

15:50:17.0607 4684 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:Windowssystem32driversviaide.sys

15:50:17.0623 4684 viaide - ok

15:50:17.0638 4684 volmgr (2b7e885ed951519a12c450d24535dfca) C:Windowssystem32driversvolmgr.sys

15:50:17.0638 4684 volmgr - ok

15:50:17.0669 4684 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:Windowssystem32driversvolmgrx.sys

15:50:17.0685 4684 volmgrx - ok

15:50:17.0685 4684 volsnap (5280aada24ab36b01a84a6424c475c8d) C:Windowssystem32driversvolsnap.sys

15:50:17.0701 4684 volsnap - ok

15:50:17.0716 4684 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:Windowssystem32driversvsmraid.sys

15:50:17.0732 4684 vsmraid - ok

15:50:17.0779 4684 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:Windowssystem32vssvc.exe

15:50:17.0841 4684 VSS - ok

15:50:17.0919 4684 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:Windowssystem32w32time.dll

15:50:17.0950 4684 W32Time - ok

15:50:17.0981 4684 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:Windowssystem32driverswacompen.sys

15:50:18.0028 4684 WacomPen - ok

15:50:18.0044 4684 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:Windowssystem32DRIVERSwanarp.sys

15:50:18.0075 4684 Wanarp - ok

15:50:18.0075 4684 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:Windowssystem32DRIVERSwanarp.sys

15:50:18.0091 4684 Wanarpv6 - ok

15:50:18.0137 4684 wbengine (48eee289df9e4989128b2283f3eeacc6) C:Windowssystem32wbengine.exe

15:50:18.0200 4684 wbengine - ok

15:50:18.0231 4684 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:WindowsSystem32wcncsvc.dll

15:50:18.0262 4684 wcncsvc - ok

15:50:18.0278 4684 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:WindowsSystem32WcsPlugInService.dll

15:50:18.0309 4684 WcsPlugInService - ok

15:50:18.0325 4684 Wd (0c17a0816f65b89e362e682ad5e7266e) C:Windowssystem32driverswd.sys

15:50:18.0325 4684 Wd - ok

15:50:18.0371 4684 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:Windowssystem32driversWdf01000.sys

15:50:18.0403 4684 Wdf01000 - ok

15:50:18.0418 4684 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:Windowssystem32wdi.dll

15:50:18.0449 4684 WdiServiceHost - ok

15:50:18.0449 4684 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:Windowssystem32wdi.dll

15:50:18.0496 4684 WdiSystemHost - ok

15:50:18.0512 4684 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:WindowsSystem32webclnt.dll

15:50:18.0527 4684 WebClient - ok

15:50:18.0559 4684 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:Windowssystem32wecsvc.dll

15:50:18.0574 4684 Wecsvc - ok

15:50:18.0574 4684 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:WindowsSystem32wercplsupport.dll

15:50:18.0605 4684 wercplsupport - ok

15:50:18.0621 4684 WerSvc (66b9ecebc46683f47edc06333c075fef) C:WindowsSystem32WerSvc.dll

15:50:18.0652 4684 WerSvc - ok

15:50:18.0683 4684 WinDefend - ok

15:50:18.0683 4684 WinHttpAutoProxySvc - ok

15:50:18.0730 4684 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:Windowssystem32wbemWMIsvc.dll

15:50:18.0761 4684 Winmgmt - ok

15:50:18.0824 4684 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:Windowssystem32WsmSvc.dll

15:50:18.0917 4684 WinRM - ok

15:50:18.0995 4684 Wlansvc (ec339c8115e91baed835957e9a677f16) C:WindowsSystem32wlansvc.dll

15:50:19.0042 4684 Wlansvc - ok

15:50:19.0089 4684 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:Windowssystem32driverswmiacpi.sys

15:50:19.0105 4684 WmiAcpi - ok

15:50:19.0151 4684 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:Windowssystem32wbemWmiApSrv.exe

15:50:19.0167 4684 wmiApSrv - ok

15:50:19.0167 4684 WMPNetworkSvc - ok

15:50:19.0198 4684 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:WindowsSystem32wpcsvc.dll

15:50:19.0229 4684 WPCSvc - ok

15:50:19.0245 4684 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:Windowssystem32wpdbusenum.dll

15:50:19.0276 4684 WPDBusEnum - ok

15:50:19.0385 4684 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe

15:50:19.0417 4684 WPFFontCache_v0400 - ok

15:50:19.0432 4684 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:Windowssystem32driversws2ifsl.sys

15:50:19.0463 4684 ws2ifsl - ok

15:50:19.0495 4684 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:Windowssystem32wscsvc.dll

15:50:19.0510 4684 wscsvc - ok

15:50:19.0510 4684 WSearch - ok

15:50:19.0604 4684 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:Windowssystem32wuaueng.dll

15:50:19.0682 4684 wuauserv - ok

15:50:19.0729 4684 WUDFRd (501a65252617b495c0f1832f908d54d8) C:Windowssystem32DRIVERSWUDFRd.sys

15:50:19.0760 4684 WUDFRd - ok

15:50:19.0775 4684 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:WindowsSystem32WUDFSvc.dll

15:50:19.0822 4684 wudfsvc - ok

15:50:19.0822 4684 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) DeviceHarddisk0DR0

15:50:20.0337 4684 DeviceHarddisk0DR0 - ok

15:50:20.0337 4684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) DeviceHarddisk1DR1

15:50:20.0524 4684 DeviceHarddisk1DR1 - ok

15:50:20.0540 4684 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) DeviceHarddisk2DR2

15:50:20.0899 4684 DeviceHarddisk2DR2 - ok

15:50:20.0914 4684 Boot (0x1200) (c6a4fd7c7550cc2d932b46ca6794112e) DeviceHarddisk0DR0Partition0

15:50:20.0914 4684 DeviceHarddisk0DR0Partition0 - ok

15:50:20.0914 4684 Boot (0x1200) (b90d4505ae4c1dea658b34a8616391d1) DeviceHarddisk1DR1Partition0

15:50:20.0914 4684 DeviceHarddisk1DR1Partition0 - ok

15:50:20.0914 4684 Boot (0x1200) (e

Edited by buckskinpass
Link to post
Share on other sites

Didn't find what we need to find...

 

Let's have a look outside the windows environment...

 

download Farbar Recovery Scan Tool 32-Bit

Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

 

Plug the flashdrive into the infected PC.

 

Enter System Recovery Options.

 

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:frst.exe (for x64 bit version type e:frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

OK heres this log and thanks again for all the time and expertise

 

Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01

Ran by SYSTEM at 04-08-2012 19:34:05

Running from H:

Windows Vista Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM...Run: [RTHDVCPL] C:Program FilesRealtekAudioHDARAVCpl64.exe -s [11860072 2011-06-08] (Realtek Semiconductor)

HKLM-x32...Run: [JMB36X IDE Setup] C:WindowsRaidToolxInsIDE.exe [43608 2010-09-07] ()

HKLM-x32...Run: [Copperhead] "C:Program Files (x86)RazerCopperheadrazerhid.exe" [155648 2005-11-25] ()

HKLM-x32...Run: [Tarantula] "C:Program Files (x86)RazerTarantularazerhid.exe" [159744 2007-05-07] (Razer USA Ltd.)

HKLM-x32...Run: [NUSB3MON] "C:Program Files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [113288 2010-11-16] (Renesas Electronics Corporation)

HKLM-x32...Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32...Run: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKUDefault...Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)

HKUDefault...Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)

HKUDefault User...Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem [1555968 2009-04-11] (Microsoft Corporation)

HKUDefault User...Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [2438656 2009-04-11] (Microsoft Corporation)

TcpipParameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 Diskeeper; "C:Program FilesDiskeeper CorporationDiskeeperDkService.exe" [1824536 2008-12-09] (Diskeeper Corporation)

3 Futuremark SystemInfo Service; "C:Program Files (x86)Common FilesFuturemark SharedFuturemark SystemInfoFMSISvc.exe" [130976 2011-03-01] (Futuremark Corporation)

2 JMB36X; C:WindowsSysWOW64XSrvSetup.exe [72280 2010-09-07] ()

2 MBAMService; "C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 N360; "C:Program Files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "C:Program Files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)

2 PassThru Service; C:Program Files (x86)HTCInternet Pass-ThroughPassThruSvr.exe [80896 2010-09-16] ()

2 SBSDWSCService; C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

========================== Drivers (Whitelisted) =============

1 BHDrvx64; ??C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsBASHDefs20120711.002BHDrvx64.sys [1161376 2012-06-18] (Symantec Corporation)

1 ccSet_N360; C:Windowssystem32driversN360x640602010.005ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)

3 copperhd; C:WindowsSystem32Driverscopperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)

1 eeCtrl; ??C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys [484512 2012-05-31] (Symantec Corporation)

3 EraserUtilRebootDrv; ??C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [138912 2012-06-14] (Symantec Corporation)

1 IDSVia64; ??C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsIPSDefs20120803.002IDSvia64.sys [509088 2012-06-14] (Symantec Corporation)

3 MBAMProtector; ??C:Windowssystem32driversmbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 NAVENG; ??C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsVirusDefs20120804.009ENG64.SYS [120440 2012-08-04] (Symantec Corporation)

3 NAVEX15; ??C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}N360_6.1.2.10DefinitionsVirusDefs20120804.009EX64.SYS [2068600 2012-08-04] (Symantec Corporation)

1 SRTSP; C:WindowsSystem32DriversN360x640602010.005SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)

1 SRTSPX; C:Windowssystem32driversN360x640602010.005SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)

3 STTub203; C:WindowsSystem32DriversSTTub203.sys [33280 2007-05-02] ()

0 SymDS; C:WindowsSystem32driversN360x640602010.005SYMDS64.SYS [451192 2012-01-17] (Symantec Corporation)

0 SymEFA; C:WindowsSystem32driversN360x640602010.005SYMEFA64.SYS [1092728 2012-01-17] (Symantec Corporation)

3 SymEvent; ??C:Windowssystem32DriversSYMEVENT64x86.SYS [175736 2012-04-09] (Symantec Corporation)

1 SymIRON; C:Windowssystem32driversN360x640602010.005Ironx64.SYS [190072 2012-01-17] (Symantec Corporation)

1 SYMTDIv; C:WindowsSystem32DriversN360x640602010.005SYMTDIV.SYS [445560 2012-01-17] (Symantec Corporation)

3 TarFltr; C:WindowsSystem32driversUsbFltr.sys [49664 2007-04-11] (Razer USA Ltd.)

1 Beep; [x]

3 catchme; ??C:ComboFixcatchme.sys [x]

3 cpuz130; ??C:UsersOwnerAppDataLocalTempcpuz130cpuz_x64.sys [x]

3 cpuz135; ??C:WindowsTEMPcpuz135cpuz135_x64.sys [x]

3 gdrv; ??C:Windowsgdrv.sys [x]

3 IpInIp; C:WindowsSystem32DRIVERSipinip.sys [x]

3 NwlnkFlt; C:WindowsSystem32DRIVERSnwlnkflt.sys [x]

3 NwlnkFwd; C:WindowsSystem32DRIVERSnwlnkfwd.sys [x]

========================== NetSvcs (Whitelisted) ===========

 

============ One Month Created Files and Folders ==============

2012-08-04 19:33 - 2012-08-04 19:33 - 00000000 ____D C:FRST

2012-08-04 17:12 - 2012-08-04 17:13 - 00002105 ____A C:UsersOwnerDesktopdidn'tfind.txt

2012-08-04 13:48 - 2012-08-04 13:48 - 02136664 ____A (Kaspersky Lab ZAO) C:UsersOwnerDesktoptdsskiller.exe

2012-08-04 03:34 - 2012-08-04 03:34 - 00013783 ____A C:UsersOwnerDesktopcombofix2.txt

2012-08-04 03:33 - 2012-08-04 03:33 - 00013783 ____A C:ComboFix.txt

2012-08-03 20:51 - 2012-08-03 20:51 - 00014487 ____A C:UsersOwnerDesktopcombofix1.log

2012-08-03 11:59 - 2012-08-03 11:59 - 00012583 ____A C:UsersOwnerDesktopcombofix.log

2012-08-03 11:06 - 2011-06-25 22:45 - 00256000 ____A C:WindowsPEV.exe

2012-08-03 11:06 - 2010-11-07 09:20 - 00208896 ____A C:WindowsMBR.exe

2012-08-03 11:06 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:WindowsNIRCMD.exe

2012-08-03 11:06 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:WindowsSWREG.exe

2012-08-03 11:06 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:WindowsSWSC.exe

2012-08-03 11:06 - 2000-08-30 16:00 - 00098816 ____A C:Windowssed.exe

2012-08-03 11:06 - 2000-08-30 16:00 - 00080412 ____A C:Windowsgrep.exe

2012-08-03 11:06 - 2000-08-30 16:00 - 00068096 ____A C:Windowszip.exe

2012-08-03 03:09 - 2012-08-04 03:33 - 00000000 ____D C:Qoobox

2012-08-03 03:09 - 2012-08-04 03:31 - 00000000 ____D C:Windowserdnt

2012-08-03 03:04 - 2012-08-03 19:56 - 04724408 ____R (Swearware) C:UsersOwnerDesktopComboFix.exe

2012-08-02 18:52 - 2012-08-02 18:52 - 00000888 ____A C:UsersPublicDesktopWinZip.lnk

2012-08-02 18:51 - 2012-08-02 18:51 - 00000000 ____D C:Program Files (x86)WinZip

2012-08-02 18:44 - 2012-08-02 18:44 - 00013877 ____A C:UsersOwnerDesktopAttach.txt

2012-08-02 18:35 - 2012-08-02 18:35 - 00607260 ____R (Swearware) C:UsersOwnerDesktopdds.scr

2012-08-01 01:38 - 2012-08-01 01:38 - 00003760 ____A C:{3B247B8B-7B57-41AF-A6D4-D1EE9A0F913D}

2012-07-30 13:49 - 2012-07-30 13:49 - 00000000 __SHD C:WindowsSysWOW64%APPDATA%

2012-07-28 14:34 - 2012-07-28 14:34 - 00000208 ____A C:Windowswininit.ini

2012-07-28 14:07 - 2012-07-28 14:07 - 00001097 ____A C:UsersOwnerDesktopSpybot - Search & Destroy.lnk

2012-07-28 14:06 - 2012-07-28 14:35 - 00000000 ____D C:UsersAll UsersSpybot - Search & Destroy

2012-07-28 14:06 - 2012-07-28 14:07 - 00000000 ____D C:Program Files (x86)Spybot - Search & Destroy

2012-07-11 15:18 - 2012-07-11 15:18 - 00272064 ____A C:Windowsmsxml4-KB2721691-enu.LOG

2012-07-11 15:15 - 2012-06-13 05:58 - 02769408 ____A (Microsoft Corporation) C:WindowsSystem32win32k.sys

2012-07-11 15:15 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.dll

2012-07-11 15:15 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:WindowsSystem32ieframe.dll

2012-07-11 15:15 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:WindowsSystem32jscript9.dll

2012-07-11 15:15 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:WindowsSystem32wininet.dll

2012-07-11 15:15 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:WindowsSystem32urlmon.dll

2012-07-11 15:15 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:WindowsSystem32inetcpl.cpl

2012-07-11 15:15 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:WindowsSystem32url.dll

2012-07-11 15:15 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:WindowsSystem32jsproxy.dll

2012-07-11 15:15 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:WindowsSystem32ieUnatt.exe

2012-07-11 15:15 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:WindowsSystem32jscript.dll

2012-07-11 15:15 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:WindowsSystem32iertutil.dll

2012-07-11 15:15 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.tlb

2012-07-11 15:15 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:WindowsSystem32mshtmled.dll

2012-07-11 15:15 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:WindowsSystem32ieui.dll

2012-07-11 15:15 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll

2012-07-11 15:15 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll

2012-07-11 15:15 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll

2012-07-11 15:15 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll

2012-07-11 15:15 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl

2012-07-11 15:15 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:WindowsSysWOW64wininet.dll

2012-07-11 15:15 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:WindowsSysWOW64url.dll

2012-07-11 15:15 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll

2012-07-11 15:15 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe

2012-07-11 15:15 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll

2012-07-11 15:15 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript.dll

2012-07-11 15:15 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll

2012-07-11 15:15 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb

2012-07-11 15:15 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:WindowsSysWOW64ieui.dll

2012-07-11 02:46 - 2012-06-08 09:59 - 12899840 ____A (Microsoft Corporation) C:WindowsSystem32shell32.dll

2012-07-11 02:46 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:WindowsSysWOW64shell32.dll

2012-07-11 02:46 - 2012-06-05 08:47 - 01401856 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll

2012-07-11 02:46 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll

2012-07-11 02:46 - 2012-06-05 08:22 - 01869824 ____A (Microsoft Corporation) C:WindowsSystem32msxml3.dll

2012-07-11 02:46 - 2012-06-05 08:22 - 01797120 ____A (Microsoft Corporation) C:WindowsSystem32msxml6.dll

2012-07-11 02:46 - 2012-06-04 07:29 - 00516480 ____A (Microsoft Corporation) C:WindowsSystem32Driversksecdd.sys

2012-07-11 02:46 - 2012-06-01 16:22 - 00347136 ____A (Microsoft Corporation) C:WindowsSystem32schannel.dll

2012-07-11 02:46 - 2012-06-01 16:22 - 00254464 ____A (Microsoft Corporation) C:WindowsSystem32ncrypt.dll

2012-07-11 02:46 - 2012-06-01 16:05 - 00077312 ____A (Microsoft Corporation) C:WindowsSysWOW64secur32.dll

2012-07-11 02:46 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:WindowsSysWOW64schannel.dll

2012-07-11 02:46 - 2012-06-01 16:03 - 00204288 ____A (Microsoft Corporation) C:WindowsSysWOW64ncrypt.dll

============ 3 Months Modified Files ========================

2012-08-04 17:20 - 2009-04-11 07:43 - 01821428 ____A C:WindowsWindowsUpdate.log

2012-08-04 17:20 - 2006-11-02 07:40 - 00032650 ____A C:WindowsTasksSCHEDLGU.TXT

2012-08-04 17:20 - 2006-11-02 07:40 - 00000006 ___AH C:WindowsTasksSA.DAT

2012-08-04 17:18 - 2011-05-29 02:44 - 00000892 ____A C:WindowsTasksGoogleUpdateTaskMachineCore.job

2012-08-04 17:18 - 2006-11-02 07:21 - 00004224 ___AH C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-04 17:18 - 2006-11-02 07:21 - 00004224 ___AH C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-04 17:13 - 2012-08-04 17:12 - 00002105 ____A C:UsersOwnerDesktopdidn'tfind.txt

2012-08-04 16:55 - 2006-11-02 04:46 - 00707410 ____A C:WindowsSystem32PerfStringBackup.INI

2012-08-04 15:28 - 2012-04-04 03:13 - 00000830 ____A C:WindowsTasksAdobe Flash Player Updater.job

2012-08-04 15:23 - 2011-05-29 02:44 - 00000896 ____A C:WindowsTasksGoogleUpdateTaskMachineUA.job

2012-08-04 13:48 - 2012-08-04 13:48 - 02136664 ____A (Kaspersky Lab ZAO) C:UsersOwnerDesktoptdsskiller.exe

2012-08-04 07:54 - 2011-08-20 03:41 - 00056042 ____A C:WindowsPFRO.log

2012-08-04 07:54 - 2011-03-31 22:32 - 00296346 ____A C:WindowsMinidumpMini080412-01.dmp

2012-08-04 03:34 - 2012-08-04 03:34 - 00013783 ____A C:UsersOwnerDesktopcombofix2.txt

2012-08-04 03:33 - 2012-08-04 03:33 - 00013783 ____A C:ComboFix.txt

2012-08-04 03:31 - 2006-11-02 04:34 - 00000215 ____A C:Windowssystem.ini

2012-08-03 20:51 - 2012-08-03 20:51 - 00014487 ____A C:UsersOwnerDesktopcombofix1.log

2012-08-03 19:56 - 2012-08-03 03:04 - 04724408 ____R (Swearware) C:UsersOwnerDesktopComboFix.exe

2012-08-03 11:59 - 2012-08-03 11:59 - 00012583 ____A C:UsersOwnerDesktopcombofix.log

2012-08-02 18:52 - 2012-08-02 18:52 - 00000888 ____A C:UsersPublicDesktopWinZip.lnk

2012-08-02 18:44 - 2012-08-02 18:44 - 00013877 ____A C:UsersOwnerDesktopAttach.txt

2012-08-02 18:35 - 2012-08-02 18:35 - 00607260 ____R (Swearware) C:UsersOwnerDesktopdds.scr

2012-08-02 14:28 - 2012-04-04 03:13 - 00426184 ____A (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerApp.exe

2012-08-02 14:28 - 2011-05-29 02:44 - 00070344 ____A (Adobe Systems Incorporated) C:WindowsSysWOW64FlashPlayerCPLApp.cpl

2012-08-01 01:38 - 2012-08-01 01:38 - 00003760 ____A C:{3B247B8B-7B57-41AF-A6D4-D1EE9A0F913D}

2012-07-28 14:34 - 2012-07-28 14:34 - 00000208 ____A C:Windowswininit.ini

2012-07-28 14:07 - 2012-07-28 14:07 - 00001097 ____A C:UsersOwnerDesktopSpybot - Search & Destroy.lnk

2012-07-27 17:51 - 2012-06-22 15:02 - 00000948 ____A C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

2012-07-11 16:45 - 2006-11-02 07:21 - 00290840 ____A C:WindowsSystem32FNTCACHE.DAT

2012-07-11 15:18 - 2012-07-11 15:18 - 00272064 ____A C:Windowsmsxml4-KB2721691-enu.LOG

2012-07-11 15:18 - 2006-11-02 04:34 - 00000254 ____A C:Windowswin.ini

2012-07-11 15:16 - 2006-11-02 04:35 - 59701280 ____A (Microsoft Corporation) C:WindowsSystem32mrt.exe

2012-07-03 11:46 - 2011-04-01 11:02 - 00024904 ____A (Malwarebytes Corporation) C:WindowsSystem32Driversmbam.sys

2012-06-26 19:25 - 2011-03-31 22:32 - 00296346 ____A C:WindowsMinidumpMini062612-01.dmp

2012-06-25 14:04 - 2012-06-25 14:04 - 01394248 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml4.dll

2012-06-24 02:47 - 2012-06-24 02:47 - 00000056 ____A C:{4CB57BAD-4475-4548-8557-04A976BE0C7F}

2012-06-22 14:57 - 2012-06-22 14:57 - 00000000 ____A C:WindowsSysWOW64Test.htm

2012-06-22 13:55 - 2012-06-22 13:55 - 00000064 ____A C:WindowsGPlrLanc.dat

2012-06-17 19:20 - 2012-06-17 19:20 - 00001694 ____A C:UsersPublicDesktopiTunes.lnk

2012-06-13 05:58 - 2012-07-11 15:15 - 02769408 ____A (Microsoft Corporation) C:WindowsSystem32win32k.sys

2012-06-08 09:59 - 2012-07-11 02:46 - 12899840 ____A (Microsoft Corporation) C:WindowsSystem32shell32.dll

2012-06-08 09:47 - 2012-07-11 02:46 - 11586048 ____A (Microsoft Corporation) C:WindowsSysWOW64shell32.dll

2012-06-05 08:47 - 2012-07-11 02:46 - 01401856 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml6.dll

2012-06-05 08:47 - 2012-07-11 02:46 - 01248768 ____A (Microsoft Corporation) C:WindowsSysWOW64msxml3.dll

2012-06-05 08:22 - 2012-07-11 02:46 - 01869824 ____A (Microsoft Corporation) C:WindowsSystem32msxml3.dll

2012-06-05 08:22 - 2012-07-11 02:46 - 01797120 ____A (Microsoft Corporation) C:WindowsSystem32msxml6.dll

2012-06-04 07:29 - 2012-07-11 02:46 - 00516480 ____A (Microsoft Corporation) C:WindowsSystem32Driversksecdd.sys

2012-06-03 15:28 - 2012-06-03 15:28 - 00001756 ____A C:UsersPublicDesktopQuickTime Player.lnk

2012-06-02 14:19 - 2012-06-23 03:01 - 02428952 ____A (Microsoft Corporation) C:WindowsSystem32wuaueng.dll

2012-06-02 14:19 - 2012-06-23 03:01 - 00701976 ____A (Microsoft Corporation) C:WindowsSystem32wuapi.dll

2012-06-02 14:19 - 2012-06-23 03:01 - 00577048 ____A (Microsoft Corporation) C:WindowsSysWOW64wuapi.dll

2012-06-02 14:19 - 2012-06-23 03:01 - 00057880 ____A (Microsoft Corporation) C:WindowsSystem32wuauclt.exe

2012-06-02 14:19 - 2012-06-23 03:01 - 00044056 ____A (Microsoft Corporation) C:WindowsSystem32wups2.dll

2012-06-02 14:19 - 2012-06-23 03:01 - 00038424 ____A (Microsoft Corporation) C:WindowsSystem32wups.dll

2012-06-02 14:19 - 2012-06-23 03:01 - 00035864 ____A (Microsoft Corporation) C:WindowsSysWOW64wups.dll

2012-06-02 14:15 - 2012-06-23 03:01 - 02622464 ____A (Microsoft Corporation) C:WindowsSystem32wucltux.dll

2012-06-02 14:15 - 2012-06-23 03:01 - 00099840 ____A (Microsoft Corporation) C:WindowsSystem32wudriver.dll

2012-06-02 14:12 - 2012-06-23 03:01 - 00088576 ____A (Microsoft Corporation) C:WindowsSysWOW64wudriver.dll

2012-06-02 13:19 - 2012-06-23 03:01 - 00186752 ____A (Microsoft Corporation) C:WindowsSystem32wuwebv.dll

2012-06-02 13:19 - 2012-06-23 03:01 - 00171904 ____A (Microsoft Corporation) C:WindowsSysWOW64wuwebv.dll

2012-06-02 13:15 - 2012-06-23 03:01 - 00036864 ____A (Microsoft Corporation) C:WindowsSystem32wuapp.exe

2012-06-02 13:12 - 2012-06-23 03:01 - 00033792 ____A (Microsoft Corporation) C:WindowsSysWOW64wuapp.exe

2012-06-02 04:49 - 2012-07-11 15:15 - 17807360 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.dll

2012-06-02 04:17 - 2012-07-11 15:15 - 10924032 ____A (Microsoft Corporation) C:WindowsSystem32ieframe.dll

2012-06-02 04:12 - 2012-07-11 15:15 - 02311680 ____A (Microsoft Corporation) C:WindowsSystem32jscript9.dll

2012-06-02 04:05 - 2012-07-11 15:15 - 01392128 ____A (Microsoft Corporation) C:WindowsSystem32wininet.dll

2012-06-02 04:05 - 2012-07-11 15:15 - 01346048 ____A (Microsoft Corporation) C:WindowsSystem32urlmon.dll

2012-06-02 04:04 - 2012-07-11 15:15 - 01494528 ____A (Microsoft Corporation) C:WindowsSystem32inetcpl.cpl

2012-06-02 04:04 - 2012-07-11 15:15 - 00237056 ____A (Microsoft Corporation) C:WindowsSystem32url.dll

2012-06-02 04:03 - 2012-07-11 15:15 - 00085504 ____A (Microsoft Corporation) C:WindowsSystem32jsproxy.dll

2012-06-02 04:01 - 2012-07-11 15:15 - 00173056 ____A (Microsoft Corporation) C:WindowsSystem32ieUnatt.exe

2012-06-02 04:00 - 2012-07-11 15:15 - 00818688 ____A (Microsoft Corporation) C:WindowsSystem32jscript.dll

2012-06-02 03:59 - 2012-07-11 15:15 - 02144768 ____A (Microsoft Corporation) C:WindowsSystem32iertutil.dll

2012-06-02 03:57 - 2012-07-11 15:15 - 02382848 ____A (Microsoft Corporation) C:WindowsSystem32mshtml.tlb

2012-06-02 03:57 - 2012-07-11 15:15 - 00096768 ____A (Microsoft Corporation) C:WindowsSystem32mshtmled.dll

2012-06-02 03:54 - 2012-07-11 15:15 - 00248320 ____A (Microsoft Corporation) C:WindowsSystem32ieui.dll

2012-06-02 01:07 - 2012-07-11 15:15 - 12314624 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll

2012-06-02 00:43 - 2012-07-11 15:15 - 09737728 ____A (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll

2012-06-02 00:33 - 2012-07-11 15:15 - 01800192 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll

2012-06-02 00:26 - 2012-07-11 15:15 - 01103872 ____A (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll

2012-06-02 00:25 - 2012-07-11 15:15 - 01427968 ____A (Microsoft Corporation) C:WindowsSysWOW64inetcpl.cpl

2012-06-02 00:25 - 2012-07-11 15:15 - 01129472 ____A (Microsoft Corporation) C:WindowsSysWOW64wininet.dll

2012-06-02 00:23 - 2012-07-11 15:15 - 00231936 ____A (Microsoft Corporation) C:WindowsSysWOW64url.dll

2012-06-02 00:21 - 2012-07-11 15:15 - 00065024 ____A (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll

2012-06-02 00:20 - 2012-07-11 15:15 - 00142848 ____A (Microsoft Corporation) C:WindowsSysWOW64ieUnatt.exe

2012-06-02 00:19 - 2012-07-11 15:15 - 01793024 ____A (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll

2012-06-02 00:19 - 2012-07-11 15:15 - 00716800 ____A (Microsoft Corporation) C:WindowsSysWOW64jscript.dll

2012-06-02 00:17 - 2012-07-11 15:15 - 00073216 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtmled.dll

2012-06-02 00:16 - 2012-07-11 15:15 - 02382848 ____A (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb

2012-06-02 00:14 - 2012-07-11 15:15 - 00176640 ____A (Microsoft Corporation) C:WindowsSysWOW64ieui.dll

2012-06-01 16:22 - 2012-07-11 02:46 - 00347136 ____A (Microsoft Corporation) C:WindowsSystem32schannel.dll

2012-06-01 16:22 - 2012-07-11 02:46 - 00254464 ____A (Microsoft Corporation) C:WindowsSystem32ncrypt.dll

2012-06-01 16:05 - 2012-07-11 02:46 - 00077312 ____A (Microsoft Corporation) C:WindowsSysWOW64secur32.dll

2012-06-01 16:04 - 2012-07-11 02:46 - 00278528 ____A (Microsoft Corporation) C:WindowsSysWOW64schannel.dll

2012-06-01 16:03 - 2012-07-11 02:46 - 00204288 ____A (Microsoft Corporation) C:WindowsSysWOW64ncrypt.dll

2012-05-26 14:51 - 2012-05-26 14:51 - 00000000 ____A C:WindowshpqEmlSz.INI

2012-05-26 14:38 - 2012-04-29 11:47 - 00010310 ____A C:WindowsSysWOW64TEST.log

2012-05-22 13:48 - 2011-04-11 18:24 - 00002117 ____A C:UsersPublicDesktopNorton 360.lnk

2012-05-14 18:56 - 2011-04-09 07:25 - 00001356 ____A C:UsersOwnerAppDataLocald3d9caps.dat

 

ZeroAccess:

C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}

C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}L

C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}U

ZeroAccess:

C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}

C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}@

C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}L

C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}U

ZeroAccess:

C:WindowsassemblyGAC_32Desktop.ini

ZeroAccess:

C:WindowsassemblyGAC_64Desktop.ini

========================= Known DLLs (Whitelisted) ============

 

========================= Bamital & volsnap Check ============

C:WindowsSystem32winlogon.exe => MD5 is legit

C:WindowsSystem32wininit.exe => MD5 is legit

C:WindowsSysWOW64wininit.exe => MD5 is legit

C:Windowsexplorer.exe => MD5 is legit

C:WindowsSysWOW64explorer.exe => MD5 is legit

C:WindowsSystem32svchost.exe => MD5 is legit

C:WindowsSysWOW64svchost.exe => MD5 is legit

C:WindowsSystem32services.exe BC81150939BD52DBC7A08C245F1FB229 ZeroAccess <==== ATTENTION!.

C:WindowsSystem32User32.dll => MD5 is legit

C:WindowsSysWOW64User32.dll => MD5 is legit

C:WindowsSystem32userinit.exe => MD5 is legit

C:WindowsSysWOW64userinit.exe => MD5 is legit

C:WindowsSystem32Driversvolsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM....exe: exefile => OK

HKLM...exefileDefaultIcon: %1 => OK

HKLM...exefileopencommand: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 4086.63 MB

Available physical RAM: 3495.26 MB

Total Pagefile: 3824.89 MB

Available Pagefile: 3567.41 MB

Total Virtual: 8192 MB

Available Virtual: 8191.91 MB

======================= Partitions =========================

2 Drive c: () (Fixed) (Total:139.73 GB) (Free:78.61 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive d: (Maxtor 80) (Fixed) (Total:76.32 GB) (Free:56.86 GB) NTFS

4 Drive e: (Maxtor100) (Fixed) (Total:93.36 GB) (Free:70.22 GB) NTFS

6 Drive g: (LRMCxFRE_EN_DVD) (CDROM) (Total:3.54 GB) (Free:0 GB) UDF

7 Drive h: (LGTHUMBDRIV) (Removable) (Total:0.97 GB) (Free:0.97 GB) FAT

8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 140 GB 1241 KB

Disk 1 Online 76 GB 13 MB

Disk 2 Online 93 GB 4346 KB

Disk 3 Online 994 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 140 GB 1024 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 C NTFS Partition 140 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 76 GB 32 KB

==================================================================================

Disk: 1

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 D Maxtor 80 NTFS Partition 76 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 93 GB 32 KB

==================================================================================

Disk: 2

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 E Maxtor100 NTFS Partition 93 GB Healthy

==================================================================================

Partitions of Disk 3:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 993 MB 16 KB

==================================================================================

Disk: 3

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 H LGTHUMBDRIV FAT Removable 993 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-04 07:59

======================= End Of Log ==========================

Link to post
Share on other sites

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

 

C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}
C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}
C:WindowsassemblyGAC_32Desktop.ini
C:WindowsassemblyGAC_64Desktop.ini

Replace: c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe  c:windowssystem32services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Link to post
Share on other sites

well, here it is hope this worked.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01

Ran by SYSTEM at 2012-08-04 21:55:33 Run:1

Running from H:

==============================================

C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:WindowsassemblyGAC_32Desktop.iniC:WindowsassemblyGAC_64Desktop.iniReplace: c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe c:windowssystem32services.exe not found.

Could not find C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:WindowsassemblyGAC_32Desktop.iniC:WindowsassemblyGAC_64Desktop.inic:windowssystem32services.exe.

Could not find C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c}C:WindowsassemblyGAC_32Desktop.iniC:WindowsassemblyGAC_64Desktop.inic:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe .

==== End of Fixlog ====

Link to post
Share on other sites

Sorry, I didn't even think about that. Here it is with corrections made.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01

Ran by SYSTEM at 2012-08-05 05:24:51 Run:2

Running from H:

==============================================

C:WindowsInstaller{b70132f5-c7d4-9ab7-8031-f216dba3380c} moved successfully.

C:UsersOwnerAppDataLocal{b70132f5-c7d4-9ab7-8031-f216dba3380c} moved successfully.

C:WindowsassemblyGAC_32Desktop.ini moved successfully.

C:WindowsassemblyGAC_64Desktop.ini moved successfully.

c:windowssystem32services.exe moved successfully.

c:windowswinsxsamd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8cservices.exe copied successfully to c:windowssystem32services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Heres the new log.

 

ComboFix 12-08-05.02 - Owner 08/05/2012 10:17:35.4.4 - x64

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4087.2314 [GMT -6:00]

Running from: c:usersOwnerDesktopComboFix.exe

AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))

.

.

2012-08-05 16:22 . 2012-08-05 16:22 -------- d-----w- c:windowssystem32configsystemprofileAppDataLocaltemp

2012-08-05 16:22 . 2012-08-05 16:22 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-08-05 03:33 . 2012-08-05 03:33 -------- d-----w- C:FRST

2012-07-30 21:49 . 2012-07-30 21:49 -------- d-sh--w- c:windowsSysWow64%APPDATA%

2012-07-28 22:06 . 2012-07-28 22:35 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-07-28 22:06 . 2012-07-28 22:07 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-07-11 10:46 . 2012-06-05 16:22 974848 ----a-w- c:program filesCommon FilesSystemadomsado15.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 22:28 . 2012-04-04 11:13 426184 ----a-w- c:windowsSysWow64FlashPlayerApp.exe

2012-08-02 22:28 . 2011-05-29 10:44 70344 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2012-07-11 23:16 . 2006-11-02 12:35 59701280 ----a-w- c:windowssystem32mrt.exe

2012-07-03 19:46 . 2011-04-01 19:02 24904 ----a-w- c:windowssystem32driversmbam.sys

2012-06-25 22:04 . 2012-06-25 22:04 1394248 ----a-w- c:windowsSysWow64msxml4.dll

2012-06-02 22:19 . 2012-06-23 11:01 38424 ----a-w- c:windowssystem32wups.dll

2012-06-02 22:19 . 2012-06-23 11:01 2428952 ----a-w- c:windowssystem32wuaueng.dll

2012-06-02 22:19 . 2012-06-23 11:01 57880 ----a-w- c:windowssystem32wuauclt.exe

2012-06-02 22:19 . 2012-06-23 11:01 44056 ----a-w- c:windowssystem32wups2.dll

2012-06-02 22:19 . 2012-06-23 11:01 35864 ----a-w- c:windowsSysWow64wups.dll

2012-06-02 22:19 . 2012-06-23 11:01 701976 ----a-w- c:windowssystem32wuapi.dll

2012-06-02 22:19 . 2012-06-23 11:01 577048 ----a-w- c:windowsSysWow64wuapi.dll

2012-06-02 22:15 . 2012-06-23 11:01 2622464 ----a-w- c:windowssystem32wucltux.dll

2012-06-02 22:15 . 2012-06-23 11:01 99840 ----a-w- c:windowssystem32wudriver.dll

2012-06-02 22:12 . 2012-06-23 11:01 88576 ----a-w- c:windowsSysWow64wudriver.dll

2012-06-02 21:19 . 2012-06-23 11:01 186752 ----a-w- c:windowssystem32wuwebv.dll

2012-06-02 21:19 . 2012-06-23 11:01 171904 ----a-w- c:windowsSysWow64wuwebv.dll

2012-06-02 21:15 . 2012-06-23 11:01 36864 ----a-w- c:windowssystem32wuapp.exe

2012-06-02 21:12 . 2012-06-23 11:01 33792 ----a-w- c:windowsSysWow64wuapp.exe

.

.

((((((((((((((((((((((((((((( [email protected]_19.49.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 02:09 . 2012-08-05 11:28 48604 c:windowssystem32WDIShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 15:44 . 2012-08-05 11:28 90290 c:windowssystem32WDIBootPerformanceDiagnostics_SystemData.bin

+ 2011-04-01 05:42 . 2012-08-05 11:28 13052 c:windowssystem32WDI{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-4096261934-966222998-2717033517-1000_UserData.bin

+ 2011-04-01 05:39 . 2012-08-05 01:38 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-04-01 05:39 . 2012-08-05 01:38 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-04-01 05:39 . 2012-08-05 01:38 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2011-04-01 05:39 . 2012-08-03 12:57 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2012-08-05 11:26 . 2012-08-05 11:26 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

- 2012-08-03 19:49 . 2012-08-03 19:49 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2012-08-05 11:26 . 2012-08-05 11:26 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2011-04-02 22:07 . 2012-08-05 16:10 342284 c:windowssystem32WDISuspendPerformanceDiagnostics_SystemData_S3.bin

- 2006-11-02 12:46 . 2012-07-28 01:59 607406 c:windowssystem32perfh009.dat

+ 2006-11-02 12:46 . 2012-08-05 00:55 607406 c:windowssystem32perfh009.dat

- 2006-11-02 12:46 . 2012-07-28 01:59 105046 c:windowssystem32perfc009.dat

+ 2006-11-02 12:46 . 2012-08-05 00:55 105046 c:windowssystem32perfc009.dat

- 2011-04-01 07:32 . 2012-08-03 18:26 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2011-04-01 07:32 . 2012-08-05 11:18 291812 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2011-04-24 11:59 . 2012-08-05 11:18 44815315 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-S-1-5-21-4096261934-966222998-2717033517-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"JMB36X IDE Setup"="c:windowsRaidToolxInsIDE.exe" [2010-09-07 43608]

"Copperhead"="c:program files (x86)RazerCopperheadrazerhid.exe" [2005-11-25 155648]

"Tarantula"="c:program files (x86)RazerTarantularazerhid.exe" [2007-05-07 159744]

"NUSB3MON"="c:program files (x86)Renesas ElectronicsUSB 3.0 Host Controller DriverApplicationnusb3mon.exe" [2010-11-17 113288]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2012-05-31 59280]

"Adobe ARM"="c:program files (x86)Common FilesAdobeARM1.0AdobeARM.exe" [2012-01-03 843712]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

R3 AdobeARMservice;Adobe Acrobat Update Service;c:program files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-01-03 63928]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-02 250056]

.

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionSvchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-05 c:windowsTasksAdobe Flash Player Updater.job

- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-04-04 22:28]

.

2012-08-05 c:windowsTasksGoogleUpdateTaskMachineCore.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44]

.

2012-08-05 c:windowsTasksGoogleUpdateTaskMachineUA.job

- c:program files (x86)GoogleUpdateGoogleUpdate.exe [2011-05-29 10:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"RTHDVCPL"="c:program filesRealtekAudioHDARAVCpl64.exe" [2011-06-09 11860072]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://xfinity.comcast.net/?cid=mtmh04022011

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:progra~2MICROS~3Office12EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll

FF - ProfilePath - c:usersOwnerAppDataRoamingMozillaFirefoxProfilesclg9hxm7.default

FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesN360]

"ImagePath"=""c:program files (x86)Norton 360Engine6.2.1.5ccSvcHst.exe" /s "N360" /m "c:program files (x86)Norton 360Engine6.2.1.5diMaster.dll" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

Completion time: 2012-08-05 10:24:30

ComboFix-quarantined-files.txt 2012-08-05 16:24

ComboFix2.txt 2012-08-04 11:33

ComboFix3.txt 2012-08-04 04:40

ComboFix4.txt 2012-08-03 19:52

.

Pre-Run: 83,198,644,224 bytes free

Post-Run: 84,411,547,648 bytes free

.

- - End Of File - - 5CCB3EF1BC3A44D9C589B969FB601769

Link to post
Share on other sites

Wahoo. Success! :clap:

 

That did it :boxing:

 

Log looks good :D

 

 

Time for some housekeeping

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Posted Image
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

Now to remove most of the tools that we have used in fixing your machine:

  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.

Please re-enable any security that was disabled.

 

 

The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

 

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

 

I would also suggest you read this:

So how did I get infected in the first place?

by Tony Klein

 

 

Also: "How to prevent malware"

by miekiemoes

 

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
×
×
  • Create New...