IC8D1A13...infection

Solved
By randy
Jul 12, 2012
  1. randy

    randy Newcomer, in training Topic Starter Posts: 79

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-18 23:40:40
    -----------------------------
    23:40:40.453 OS Version: Windows 5.1.2600 Service Pack 3
    23:40:40.453 Number of processors: 2 586 0xF06
    23:40:40.468 ComputerName: RANDY UserName:
    23:40:41.593 Initialize success
    00:08:42.718 AVAST engine defs: 12071900
    00:09:09.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    00:09:09.343 Disk 0 Vendor: TOSHIBA_MK1637GSX DL020M Size: 152627MB BusType: 3
    00:09:09.375 Disk 0 MBR read successfully
    00:09:09.390 Disk 0 MBR scan
    00:09:09.437 Disk 0 Windows XP default MBR code
    00:09:09.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142129 MB offset 63
    00:09:09.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10244 MB offset 291081735
    00:09:09.500 Disk 0 Partition 3 00 88 Linux plaintext A Kárò'ó 251 MB offset 312062625
    00:09:09.515 Disk 0 scanning sectors +312576705
    00:09:09.656 Disk 0 scanning C:\WINDOWS\system32\drivers
    00:09:42.578 Service scanning
    00:10:11.312 Modules scanning
    00:11:23.937 Disk 0 trace - called modules:
    00:11:24.296
    00:11:24.937 AVAST engine scan C:\WINDOWS
    00:12:35.140 AVAST engine scan C:\WINDOWS\system32
    00:27:26.250 AVAST engine scan C:\WINDOWS\system32\drivers
    00:28:59.468 AVAST engine scan C:\Documents and Settings\Randy Enns
    00:29:27.203 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Randy Enns\Desktop\MBR.dat"
    00:29:27.203 The log file has been saved successfully to "C:\Documents and Settings\Randy Enns\Desktop\aswMBR.txt"
    00:33:11.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Randy Enns\Desktop\MBR.dat"
    00:33:11.609 The log file has been saved successfully to "C:\Documents and Settings\Randy Enns\Desktop\aswMBR.txt"
  2. randy

    randy Newcomer, in training Topic Starter Posts: 79

    I will wait a few minutes then I have to stop..up early tomorrow
  3. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please disable "word wrap" in Notepad as some logs are harder to read.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  4. randy

    randy Newcomer, in training Topic Starter Posts: 79

    2.0924 4828 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
    18:42:03.0486 4828 ============================================================
    18:42:03.0486 4828 Current date / time: 2012/07/19 18:42:03.0486
    18:42:03.0486 4828 SystemInfo:
    18:42:03.0486 4828
    18:42:03.0486 4828 OS Version: 5.1.2600 ServicePack: 3.0
    18:42:03.0486 4828 Product type: Workstation
    18:42:03.0486 4828 ComputerName: RANDY
    18:42:03.0486 4828 UserName: Randy Enns
    18:42:03.0486 4828 Windows directory: C:\WINDOWS
    18:42:03.0486 4828 System windows directory: C:\WINDOWS
    18:42:03.0486 4828 Processor architecture: Intel x86
    18:42:03.0486 4828 Number of processors: 2
    18:42:03.0486 4828 Page size: 0x1000
    18:42:03.0486 4828 Boot type: Normal boot
    18:42:03.0486 4828 ============================================================
    18:42:07.0517 4828 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    18:42:07.0533 4828 ============================================================
    18:42:07.0533 4828 \Device\Harddisk0\DR0:
    18:42:07.0533 4828 MBR partitions:
    18:42:07.0533 4828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11598DC8
    18:42:07.0533 4828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x11598E07, BlocksNum 0x140249A
    18:42:07.0533 4828 ============================================================
    18:42:07.0986 4828 C: <-> \Device\Harddisk0\DR0\Partition0
    18:42:08.0455 4828 D: <-> \Device\Harddisk0\DR0\Partition1
    18:42:08.0455 4828 ============================================================
    18:42:08.0455 4828 Initialize success
    18:42:08.0455 4828 ============================================================
    18:42:17.0752 4328 ============================================================
    18:42:17.0752 4328 Scan started
    18:42:17.0752 4328 Mode: Manual;
    18:42:17.0752 4328 ============================================================
    18:42:18.0955 4328 aamqdispatcher - ok
    18:42:18.0971 4328 Abiosdsk - ok
    18:42:18.0986 4328 abp480n5 - ok
    18:42:19.0143 4328 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:42:19.0158 4328 ACPI - ok
    18:42:19.0158 4328 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:42:19.0158 4328 ACPIEC - ok
    18:42:19.0174 4328 adfs - ok
    18:42:19.0189 4328 adihdaudaddservice - ok
    18:42:19.0189 4328 adpu160m - ok
    18:42:19.0236 4328 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:42:19.0236 4328 aec - ok
    18:42:19.0299 4328 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    18:42:19.0299 4328 AegisP - ok
    18:42:19.0393 4328 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    18:42:19.0393 4328 AFD - ok
    18:42:19.0564 4328 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    18:42:19.0580 4328 AgereSoftModem - ok
    18:42:19.0596 4328 Aha154x - ok
    18:42:19.0596 4328 aic78u2 - ok
    18:42:19.0611 4328 aic78xx - ok
    18:42:19.0658 4328 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
    18:42:19.0658 4328 Alerter - ok
    18:42:19.0689 4328 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
    18:42:19.0705 4328 ALG - ok
    18:42:19.0705 4328 AliIde - ok
    18:42:19.0705 4328 amfilter - ok
    18:42:19.0721 4328 amsint - ok
    18:42:19.0939 4328 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:42:19.0939 4328 Apple Mobile Device - ok
    18:42:19.0971 4328 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
    18:42:19.0986 4328 AppMgmt - ok
    18:42:20.0158 4328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:42:20.0174 4328 Arp1394 - ok
    18:42:20.0174 4328 asc - ok
    18:42:20.0189 4328 asc3350p - ok
    18:42:20.0189 4328 asc3550 - ok
    18:42:20.0330 4328 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    18:42:20.0439 4328 aspnet_state - ok
    18:42:20.0471 4328 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:42:20.0471 4328 AsyncMac - ok
    18:42:20.0611 4328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:42:20.0627 4328 atapi - ok
    18:42:20.0627 4328 Atdisk - ok
    18:42:20.0658 4328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:42:20.0658 4328 Atmarpc - ok
    18:42:20.0658 4328 ATMsrvc - ok
    18:42:20.0705 4328 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
    18:42:20.0705 4328 AudioSrv - ok
    18:42:20.0768 4328 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:42:20.0768 4328 audstub - ok
    18:42:22.0111 4328 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    18:42:22.0424 4328 AVGIDSAgent - ok
    18:42:22.0939 4328 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    18:42:22.0939 4328 AVGIDSDriver - ok
    18:42:22.0971 4328 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    18:42:22.0971 4328 AVGIDSEH - ok
    18:42:23.0002 4328 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    18:42:23.0002 4328 AVGIDSFilter - ok
    18:42:23.0018 4328 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    18:42:23.0018 4328 AVGIDSShim - ok
    18:42:23.0127 4328 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    18:42:23.0143 4328 Avgldx86 - ok
    18:42:23.0174 4328 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    18:42:23.0174 4328 Avgmfx86 - ok
    18:42:23.0189 4328 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    18:42:23.0205 4328 Avgrkx86 - ok
    18:42:23.0408 4328 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    18:42:23.0408 4328 avgwd - ok
    18:42:23.0424 4328 avinitnt - ok
    18:42:23.0439 4328 backupexecalertserver - ok
    18:42:23.0486 4328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:42:23.0486 4328 Beep - ok
    18:42:23.0689 4328 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
    18:42:23.0689 4328 BITS - ok
    18:42:23.0705 4328 BoiHwsetup - ok
    18:42:23.0971 4328 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    18:42:23.0986 4328 Bonjour Service - ok
    18:42:24.0049 4328 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
    18:42:24.0064 4328 Browser - ok
    18:42:24.0064 4328 btfirst - ok
    18:42:24.0080 4328 btkrnl - ok
    18:42:24.0080 4328 btwdins - ok
    18:42:24.0096 4328 captureservice - ok
    18:42:24.0143 4328 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:42:24.0143 4328 cbidf2k - ok
    18:42:24.0143 4328 ccalib8 - ok
    18:42:24.0236 4328 ccEvtMgr - ok
    18:42:24.0236 4328 ccSetMgr - ok
    18:42:24.0236 4328 cd20xrnt - ok
    18:42:24.0283 4328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:42:24.0283 4328 Cdaudio - ok
    18:42:24.0361 4328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:42:24.0361 4328 Cdfs - ok
    18:42:24.0471 4328 CFSvcs (3cb0cc8879956c187e87e18634ee5164) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    18:42:24.0471 4328 CFSvcs - ok
    18:42:24.0486 4328 Changer - ok
    18:42:24.0518 4328 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
    18:42:24.0518 4328 CiSvc - ok
    18:42:24.0549 4328 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
    18:42:24.0549 4328 ClipSrv - ok
    18:42:24.0736 4328 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:42:24.0830 4328 clr_optimization_v2.0.50727_32 - ok
    18:42:24.0861 4328 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:42:24.0861 4328 CmBatt - ok
    18:42:24.0861 4328 CmdIde - ok
    18:42:24.0924 4328 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:42:24.0924 4328 Compbatt - ok
    18:42:24.0924 4328 COMSysApp - ok
    18:42:24.0939 4328 Cpqarray - ok
    18:42:24.0939 4328 cpqdfw - ok
    18:42:24.0955 4328 cpqfws2e - ok
    18:42:25.0033 4328 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
    18:42:25.0049 4328 CryptSvc - ok
    18:42:25.0049 4328 cvspydr2 - ok
    18:42:25.0049 4328 d-link_st3402 - ok
    18:42:25.0064 4328 dac2w2k - ok
    18:42:25.0064 4328 dac960nt - ok
    18:42:25.0080 4328 datunidr - ok
    18:42:25.0174 4328 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
    18:42:25.0174 4328 DcomLaunch - ok
    18:42:25.0174 4328 Defrag32b - ok
    18:42:25.0283 4328 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
    18:42:25.0299 4328 Dhcp - ok
    18:42:25.0346 4328 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:42:25.0361 4328 Disk - ok
    18:42:25.0393 4328 dmadmin - ok
    18:42:25.0502 4328 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:42:25.0549 4328 dmboot - ok
    18:42:25.0611 4328 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:42:25.0658 4328 dmio - ok
    18:42:25.0689 4328 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:42:25.0736 4328 dmload - ok
    18:42:25.0830 4328 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
    18:42:25.0846 4328 dmserver - ok
    18:42:25.0861 4328 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:42:25.0877 4328 DMusic - ok
    18:42:25.0939 4328 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
    18:42:25.0955 4328 Dnscache - ok
    18:42:26.0049 4328 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
    18:42:26.0064 4328 Dot3svc - ok
    18:42:26.0064 4328 dot4ufd - ok
    18:42:26.0096 4328 dphost - ok
    18:42:26.0143 4328 dpti2o - ok
    18:42:26.0205 4328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:42:26.0205 4328 drmkaud - ok
    18:42:26.0299 4328 DVD-RAM_Service (c9ffbd6b8edc46cd3d13e3c6db914fb7) C:\WINDOWS\system32\DVDRAMSV.exe
    18:42:26.0314 4328 DVD-RAM_Service - ok
    18:42:26.0393 4328 E100B (83403675cab29e7a4b885b11e7c855d8) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    18:42:26.0393 4328 E100B - ok
    18:42:26.0455 4328 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
    18:42:26.0471 4328 EapHost - ok
    18:42:26.0689 4328 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
    18:42:26.0689 4328 ehRecvr - ok
    18:42:26.0752 4328 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
    18:42:26.0752 4328 ehSched - ok
    18:42:26.0830 4328 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
    18:42:26.0830 4328 ERSvc - ok
    18:42:26.0877 4328 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:42:26.0877 4328 Eventlog - ok
    18:42:26.0971 4328 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
    18:42:27.0002 4328 EventSystem - ok
    18:42:27.0158 4328 EvtEng (6a197698a141ffe7651b962ae3172008) C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    18:42:27.0174 4328 EvtEng - ok
    18:42:27.0346 4328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:42:27.0361 4328 Fastfat - ok
    18:42:27.0393 4328 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:42:27.0408 4328 FastUserSwitchingCompatibility - ok
    18:42:27.0439 4328 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    18:42:27.0439 4328 Fdc - ok
    18:42:27.0455 4328 FINEPIX_PCC - ok
    18:42:27.0486 4328 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:42:27.0486 4328 Fips - ok
    18:42:27.0486 4328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:42:27.0486 4328 Flpydisk - ok
    18:42:27.0580 4328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:42:27.0596 4328 FltMgr - ok
    18:42:27.0705 4328 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    18:42:27.0705 4328 FontCache3.0.0.0 - ok
    18:42:27.0736 4328 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    18:42:27.0736 4328 fssfltr - ok
    18:42:27.0939 4328 fsssvc (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    18:42:27.0955 4328 fsssvc - ok
    18:42:28.0033 4328 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:42:28.0033 4328 Fs_Rec - ok
    18:42:28.0064 4328 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:42:28.0064 4328 Ftdisk - ok
    18:42:28.0080 4328 gdihook5 - ok
    18:42:28.0127 4328 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    18:42:28.0127 4328 GEARAspiWDM - ok
    18:42:28.0221 4328 GoToAssist Express Customer (0ff39256ae69c2980a36a25843a52ca1) C:\Program Files\Citrix\GoToAssist Express Customer\209\g2ax_service.exe
    18:42:28.0221 4328 GoToAssist Express Customer - ok
    18:42:28.0299 4328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:42:28.0299 4328 Gpc - ok
    18:42:28.0393 4328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:42:28.0393 4328 HDAudBus - ok
    18:42:28.0439 4328 helpsvc - ok
    18:42:28.0533 4328 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
    18:42:28.0533 4328 HidServ - ok
    18:42:28.0549 4328 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:42:28.0549 4328 HidUsb - ok
    18:42:28.0596 4328 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
    18:42:28.0596 4328 hkmsvc - ok
    18:42:28.0611 4328 hnmsvc - ok
    18:42:28.0611 4328 hpn - ok
    18:42:28.0830 4328 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:42:28.0846 4328 HTTP - ok
    18:42:28.0861 4328 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
    18:42:28.0877 4328 HTTPFilter - ok
    18:42:28.0877 4328 hwpsgt - ok
    18:42:28.0893 4328 i2omgmt - ok
    18:42:28.0893 4328 i2omp - ok
    18:42:28.0908 4328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:42:28.0924 4328 i8042prt - ok
    18:42:28.0924 4328 iaimfp4 - ok
    18:42:29.0033 4328 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    18:42:29.0049 4328 IDriverT - ok
    18:42:29.0268 4328 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:42:29.0283 4328 idsvc - ok
    18:42:29.0299 4328 igniteservice.exe - ok
    18:42:29.0346 4328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:42:29.0346 4328 Imapi - ok
    18:42:29.0393 4328 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
    18:42:29.0393 4328 ImapiService - ok
    18:42:29.0408 4328 ini910u - ok
    18:42:30.0830 4328 IntcAzAudAddService (7c09d605fcae64e3cb11ebf90fb1e3a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    18:42:30.0861 4328 IntcAzAudAddService - ok
    18:42:31.0580 4328 IntelIde - ok
    18:42:31.0643 4328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:42:31.0674 4328 intelppm - ok
    18:42:31.0721 4328 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:42:31.0736 4328 Ip6Fw - ok
    18:42:31.0752 4328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:42:31.0768 4328 IpFilterDriver - ok
    18:42:31.0799 4328 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:42:31.0799 4328 IpInIp - ok
    18:42:31.0971 4328 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:42:32.0002 4328 IpNat - ok
    18:42:32.0689 4328 iPod Service (ca1972397b845b2f53f5dc63c22fd98a) C:\Program Files\iPod\bin\iPodService.exe
    18:42:32.0768 4328 iPod Service - ok
    18:42:32.0814 4328 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:42:32.0846 4328 IPSec - ok
    18:42:32.0861 4328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:42:32.0861 4328 IRENUM - ok
    18:42:32.0924 4328 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:42:32.0939 4328 isapnp - ok
    18:42:33.0002 4328 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    18:42:33.0002 4328 Iviaspi - ok
    18:42:33.0143 4328 JavaQuickStarterService (9dba73c2f1e76ec4cb837e67c5743596) C:\Program Files\Java\jre6\bin\jqs.exe
    18:42:33.0158 4328 JavaQuickStarterService - ok
    18:42:33.0158 4328 JRAID - ok
    18:42:33.0174 4328 k750bus - ok
    18:42:33.0205 4328 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:42:33.0205 4328 Kbdclass - ok
    18:42:33.0283 4328 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:42:33.0299 4328 kbdhid - ok
    18:42:33.0314 4328 kerbkey - ok
    18:42:33.0502 4328 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:42:33.0502 4328 kmixer - ok
    18:42:33.0502 4328 kodakccs - ok
    18:42:33.0518 4328 KR10N - ok
    18:42:33.0768 4328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:42:33.0768 4328 KSecDD - ok
    18:42:33.0877 4328 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
    18:42:33.0893 4328 lanmanserver - ok
    18:42:33.0986 4328 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
    18:42:34.0002 4328 lanmanworkstation - ok
    18:42:34.0002 4328 lbrtfdc - ok
    18:42:34.0018 4328 lgsnd_filter - ok
    18:42:34.0064 4328 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
    18:42:34.0080 4328 LmHosts - ok
    18:42:34.0502 4328 LMIGuardianSvc (850cc3ee0507654c40e1971982f4b698) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    18:42:34.0549 4328 LMIGuardianSvc - ok
    18:42:34.0549 4328 lmimirr - ok
    18:42:34.0564 4328 lxct_device - ok
    18:42:34.0627 4328 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
    18:42:34.0627 4328 MBAMProtector - ok
    18:42:34.0908 4328 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    18:42:35.0018 4328 MBAMService - ok
    18:42:35.0502 4328 mbr - ok
    18:42:35.0549 4328 mcafeeframework - ok
    18:42:35.0549 4328 McciCMService - ok
    18:42:35.0564 4328 mcdetect.exe - ok
    18:42:35.0564 4328 mclogmanagerservice - ok
    18:42:35.0721 4328 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
    18:42:35.0721 4328 McrdSvc - ok
    18:42:35.0814 4328 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
    18:42:35.0830 4328 meiudf - ok
    18:42:35.0877 4328 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
    18:42:35.0877 4328 Messenger - ok
    18:42:35.0908 4328 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
    18:42:35.0908 4328 MHN - ok
    18:42:35.0939 4328 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    18:42:35.0939 4328 MHNDRV - ok
    18:42:36.0002 4328 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:42:36.0002 4328 mnmdd - ok
    18:42:36.0033 4328 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
    18:42:36.0033 4328 mnmsrvc - ok
    18:42:36.0080 4328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:42:36.0080 4328 Modem - ok
    18:42:36.0127 4328 motmodem (59f513e9a519a5fd6fa6b03d3aa8081b) C:\WINDOWS\system32\DRIVERS\motmodem.sys
    18:42:36.0127 4328 motmodem - ok
    18:42:36.0158 4328 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:42:36.0158 4328 Mouclass - ok
    18:42:36.0190 4328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:42:36.0190 4328 mouhid - ok
    18:42:36.0236 4328 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:42:36.0252 4328 MountMgr - ok
    18:42:36.0408 4328 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    18:42:36.0408 4328 MozillaMaintenance - ok
    18:42:36.0424 4328 mozyFilter - ok
    18:42:36.0424 4328 mraid35x - ok
    18:42:36.0424 4328 mrvw245 - ok
    18:42:36.0471 4328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:42:36.0471 4328 MRxDAV - ok
    18:42:36.0611 4328 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:42:36.0611 4328 MRxSmb - ok
    18:42:36.0674 4328 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
    18:42:36.0674 4328 MSDTC - ok
    18:42:36.0721 4328 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:42:36.0736 4328 Msfs - ok
    18:42:36.0736 4328 MSICPL - ok
    18:42:36.0736 4328 MSIServer - ok
    18:42:36.0768 4328 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:42:36.0768 4328 MSKSSRV - ok
    18:42:36.0768 4328 MSMQ - ok
    18:42:36.0799 4328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:42:36.0799 4328 MSPCLOCK - ok
    18:42:36.0815 4328 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:42:36.0830 4328 MSPQM - ok
    18:42:36.0877 4328 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:42:36.0877 4328 mssmbios - ok
    18:42:36.0877 4328 mssql$microsoftsmlbiz - ok
    18:42:36.0924 4328 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:42:36.0924 4328 Mup - ok
    18:42:36.0924 4328 mwssched - ok
    18:42:36.0940 4328 mwstick - ok
    18:42:37.0033 4328 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
    18:42:37.0049 4328 napagent - ok
    18:42:37.0080 4328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:42:37.0080 4328 NDIS - ok
    18:42:37.0143 4328 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:42:37.0143 4328 NdisTapi - ok
    18:42:37.0205 4328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:42:37.0205 4328 Ndisuio - ok
    18:42:37.0221 4328 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:42:37.0236 4328 NdisWan - ok
    18:42:37.0268 4328 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:42:37.0268 4328 NDProxy - ok
    18:42:37.0315 4328 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
    18:42:37.0315 4328 Netaapl - ok
    18:42:37.0393 4328 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:42:37.0393 4328 NetBIOS - ok
    18:42:37.0611 4328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:42:37.0627 4328 NetBT - ok
    18:42:37.0690 4328 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    18:42:37.0690 4328 NetDDE - ok
    18:42:37.0705 4328 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
    18:42:37.0705 4328 NetDDEdsdm - ok
    18:42:37.0768 4328 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
    18:42:37.0768 4328 Netdevio - ok
    18:42:37.0861 4328 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:42:37.0861 4328 Netlogon - ok
    18:42:38.0096 4328 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
    18:42:38.0111 4328 Netman - ok
    18:42:38.0268 4328 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:42:38.0268 4328 NetTcpPortSharing - ok
    18:42:38.0596 4328 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
    18:42:38.0690 4328 NETw3x32 - ok
    18:42:38.0986 4328 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:42:38.0986 4328 NIC1394 - ok
    18:42:39.0049 4328 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
    18:42:39.0049 4328 Nla - ok
    18:42:39.0080 4328 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:42:39.0080 4328 Npfs - ok
    18:42:39.0252 4328 NSCService - ok
    18:42:39.0330 4328 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:42:39.0346 4328 Ntfs - ok
    18:42:39.0393 4328 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:42:39.0393 4328 NtLmSsp - ok
    18:42:39.0455 4328 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
    18:42:39.0471 4328 NtmsSvc - ok
    18:42:39.0518 4328 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    18:42:39.0518 4328 NuidFltr - ok
    18:42:39.0565 4328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:42:39.0565 4328 Null - ok
    18:42:40.0096 4328 nv (ac5267c71f72fb42511ed5790ba0e9f5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    18:42:40.0283 4328 nv - ok
    18:42:40.0486 4328 NVSvc (3ab553f922fc8501bf2ee5407fc28c0f) C:\WINDOWS\system32\nvsvc32.exe
    18:42:40.0486 4328 NVSvc - ok
    18:42:40.0611 4328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:42:40.0611 4328 NwlnkFlt - ok
    18:42:40.0643 4328 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:42:40.0643 4328 NwlnkFwd - ok
    18:42:40.0643 4328 obvious - ok
    18:42:40.0705 4328 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:42:40.0721 4328 ohci1394 - ok
    18:42:40.0721 4328 oracle_load_balancer_60_client-forms6ip9 - ok
    18:42:40.0846 4328 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:42:40.0846 4328 ose - ok
    18:42:40.0861 4328 parallel - ok
    18:42:40.0924 4328 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    18:42:40.0940 4328 Parport - ok
    18:42:40.0986 4328 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:42:40.0986 4328 PartMgr - ok
    18:42:41.0065 4328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:42:41.0065 4328 ParVdm - ok
    18:42:41.0080 4328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:42:41.0111 4328 PCI - ok
    18:42:41.0111 4328 PCIDump - ok
    18:42:41.0127 4328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:42:41.0127 4328 PCIIde - ok
    18:42:41.0236 4328 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    18:42:41.0268 4328 Pcmcia - ok
    18:42:41.0268 4328 PDCOMP - ok
    18:42:41.0283 4328 PDFRAME - ok
    18:42:41.0283 4328 pdlncfwk - ok
    18:42:41.0299 4328 pdlnemap - ok
    18:42:41.0299 4328 PDRELI - ok
    18:42:41.0315 4328 PDRFRAME - ok
    18:42:41.0315 4328 perc2 - ok
    18:42:41.0330 4328 perc2hib - ok
    18:42:41.0377 4328 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
    18:42:41.0377 4328 Pfc - ok
    18:42:41.0377 4328 PID_08A0 - ok
    18:42:41.0549 4328 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
    18:42:41.0549 4328 PlugPlay - ok
    18:42:41.0596 4328 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:42:41.0611 4328 PolicyAgent - ok
    18:42:41.0674 4328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:42:41.0690 4328 PptpMiniport - ok
    18:42:41.0690 4328 procdd - ok
    18:42:41.0705 4328 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:42:41.0705 4328 ProtectedStorage - ok
    18:42:41.0721 4328 ps2 - ok
    18:42:41.0736 4328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:42:41.0752 4328 PSched - ok
    18:42:41.0830 4328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:42:41.0830 4328 Ptilink - ok
    18:42:41.0908 4328 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:42:41.0908 4328 PxHelp20 - ok
    18:42:41.0924 4328 qbposdbservices - ok
    18:42:41.0940 4328 ql1080 - ok
    18:42:41.0940 4328 Ql10wnt - ok
    18:42:41.0955 4328 ql12160 - ok
    18:42:41.0955 4328 ql1240 - ok
    18:42:41.0971 4328 ql1280 - ok
    18:42:41.0971 4328 RapiMgr - ok
    18:42:42.0002 4328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:42:42.0033 4328 RasAcd - ok
    18:42:42.0111 4328 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
    18:42:42.0127 4328 RasAuto - ok
    18:42:42.0268 4328 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:42:42.0268 4328 Rasl2tp - ok
    18:42:42.0471 4328 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
    18:42:42.0518 4328 RasMan - ok
    18:42:42.0611 4328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:42:42.0627 4328 RasPppoe - ok
    18:42:42.0690 4328 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:42:42.0690 4328 Raspti - ok
    18:42:42.0705 4328 raysatxsi5_0server - ok
    18:42:43.0002 4328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:42:43.0018 4328 Rdbss - ok
    18:42:43.0049 4328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:42:43.0049 4328 RDPCDD - ok
    18:42:43.0143 4328 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:42:43.0158 4328 rdpdr - ok
    18:42:43.0268 4328 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:42:43.0268 4328 RDPWD - ok
    18:42:43.0315 4328 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
    18:42:43.0330 4328 RDSessMgr - ok
    18:42:43.0377 4328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:42:43.0377 4328 redbook - ok
    18:42:43.0768 4328 RegSrvc (d8f61aaae73a1fbde6f538becc891f2f) C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    18:42:43.0768 4328 RegSrvc - ok
    18:42:43.0815 4328 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
    18:42:43.0815 4328 RemoteAccess - ok
    18:42:43.0846 4328 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
    18:42:43.0846 4328 RemoteRegistry - ok
    18:42:43.0861 4328 retroexplauncher - ok
    18:42:43.0861 4328 REVO - ok
    18:42:43.0877 4328 REVOSENS - ok
    18:42:43.0877 4328 rnadirectory - ok
    18:42:43.0908 4328 Roxio UPnP Renderer 11 - ok
    18:42:43.0908 4328 roxupnprenderer - ok
    18:42:43.0955 4328 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
    18:42:43.0955 4328 RpcLocator - ok
    18:42:44.0018 4328 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
    18:42:44.0033 4328 RpcSs - ok
    18:42:44.0174 4328 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
    18:42:44.0190 4328 RSVP - ok
    18:42:44.0190 4328 s116bus - ok
    18:42:44.0471 4328 S24EventMonitor (25f697e3afa7b337bbcaddbce38e6934) C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    18:42:44.0518 4328 S24EventMonitor - ok
    18:42:44.0565 4328 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    18:42:44.0565 4328 s24trans - ok
    18:42:44.0596 4328 s616mdfl - ok
    18:42:44.0627 4328 s616obex - ok
    18:42:44.0690 4328 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
    18:42:44.0690 4328 SamSs - ok
    18:42:44.0736 4328 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
    18:42:44.0736 4328 SCardSvr - ok
    18:42:44.0783 4328 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
    18:42:44.0799 4328 Schedule - ok
    18:42:44.0893 4328 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    18:42:44.0908 4328 sdbus - ok
    18:42:44.0924 4328 sdhelper - ok
    18:42:44.0955 4328 se44bus - ok
    18:42:44.0955 4328 se44mdfl - ok
    18:42:44.0971 4328 se58bus - ok
    18:42:44.0971 4328 se58mdfl - ok
    18:42:45.0018 4328 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:42:45.0018 4328 Secdrv - ok
    18:42:45.0049 4328 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
    18:42:45.0049 4328 seclogon - ok
    18:42:45.0065 4328 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\System32\sens.dll
    18:42:45.0065 4328 SENS - ok
    18:42:45.0174 4328 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    18:42:45.0221 4328 Serial - ok
    18:42:45.0299 4328 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:42:45.0299 4328 Sfloppy - ok
    18:42:45.0502 4328 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
    18:42:45.0533 4328 SharedAccess - ok
    18:42:45.0596 4328 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:42:45.0596 4328 ShellHWDetection - ok
    18:42:45.0611 4328 Simbad - ok
    18:42:45.0611 4328 SiSRaid2 - ok
    18:42:45.0627 4328 SNTIE - ok
    18:42:45.0627 4328 Sparrow - ok
    18:42:45.0674 4328 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:42:45.0674 4328 splitter - ok
    18:42:45.0736 4328 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
    18:42:45.0736 4328 Spooler - ok
    18:42:45.0783 4328 sqlagent$sony_mediamgr - ok
    18:42:45.0783 4328 sqlagent$soshome22 - ok
    18:42:45.0846 4328 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:42:45.0861 4328 sr - ok
    18:42:45.0955 4328 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
    18:42:45.0955 4328 srservice - ok
    18:42:45.0971 4328 srtspx - ok
    18:42:46.0080 4328 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:42:46.0111 4328 Srv - ok
    18:42:46.0143 4328 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
    18:42:46.0158 4328 SSDPSRV - ok
    18:42:46.0158 4328 ssmdrv - ok
    18:42:46.0174 4328 ssm_mdfl - ok
    18:42:46.0174 4328 ss_bus - ok
    18:42:46.0315 4328 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
    18:42:46.0393 4328 stisvc - ok
    18:42:46.0393 4328 superproserver - ok
    18:42:46.0486 4328 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:42:46.0486 4328 swenum - ok
    18:42:46.0611 4328 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:42:46.0627 4328 swmidi - ok
    18:42:46.0643 4328 SwPrv - ok
    18:42:46.0643 4328 symc810 - ok
    18:42:46.0658 4328 symc8xx - ok
    18:42:46.0752 4328 SymEvent (403bd24fa5c55fc648abdd039629a954) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
    18:42:46.0768 4328 SymEvent - ok
    18:42:46.0783 4328 symidsco - ok
    18:42:46.0846 4328 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
    18:42:46.0846 4328 symlcbrd - ok
    18:42:46.0861 4328 symndis - ok
    18:42:46.0861 4328 sym_hi - ok
    18:42:46.0877 4328 sym_u3 - ok
    18:42:46.0986 4328 SynTP (a6cc8c28d5aad4179ef32f05bed55e91) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    18:42:47.0002 4328 SynTP - ok
    18:42:47.0143 4328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:42:47.0143 4328 sysaudio - ok
    18:42:47.0221 4328 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
    18:42:47.0236 4328 SysmonLog - ok
    18:42:47.0455 4328 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
    18:42:47.0471 4328 TapiSrv - ok
    18:42:47.0721 4328 TAPPSRV (36772b5eaaaf42db5c5ee6eeb0ec0af7) C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    18:42:47.0721 4328 TAPPSRV - ok
    18:42:47.0736 4328 tb2launch - ok
    18:42:47.0768 4328 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\system32\Drivers\Tbiosdrv.sys
    18:42:47.0783 4328 TBiosDrv - ok
    18:42:48.0065 4328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:42:48.0096 4328 Tcpip - ok
    18:42:48.0143 4328 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:42:48.0143 4328 TDPIPE - ok
    18:42:48.0158 4328 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:42:48.0158 4328 TDTCP - ok
    18:42:48.0205 4328 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:42:48.0205 4328 TermDD - ok
    18:42:48.0330 4328 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
    18:42:48.0361 4328 TermService - ok
    18:42:48.0518 4328 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
    18:42:48.0518 4328 Themes - ok
    18:42:48.0627 4328 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
    18:42:48.0643 4328 tifm21 - ok
    18:42:48.0690 4328 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
    18:42:48.0705 4328 TlntSvr - ok
    18:42:48.0705 4328 tomcatcws3 - ok
    18:42:48.0705 4328 TosIde - ok
    18:42:48.0736 4328 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    18:42:48.0736 4328 tosrfec - ok
    18:42:48.0752 4328 TPECioCtl - ok
    18:42:48.0861 4328 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
    18:42:48.0861 4328 TrkWks - ok
    18:42:48.0877 4328 tunnelguardservice - ok
    18:42:48.0924 4328 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
    18:42:48.0924 4328 TVALD - ok
    18:42:48.0940 4328 Tvs (546dfba6486569120d33f7ad6e94efdd) C:\WINDOWS\system32\DRIVERS\Tvs.sys
    18:42:48.0955 4328 Tvs - ok
    18:42:49.0018 4328 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:42:49.0033 4328 Udfs - ok
    18:42:49.0049 4328 ufad-ws60 - ok
    18:42:49.0049 4328 ultra - ok
    18:42:49.0143 4328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:42:49.0174 4328 Update - ok
    18:42:49.0330 4328 uploadmgr (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    18:42:49.0330 4328 uploadmgr - ok
    18:42:49.0393 4328 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
    18:42:49.0408 4328 upnphost - ok
    18:42:49.0455 4328 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
    18:42:49.0471 4328 UPS - ok
    18:42:49.0518 4328 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    18:42:49.0518 4328 USBAAPL - ok
    18:42:49.0565 4328 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    18:42:49.0580 4328 usbaudio - ok
    18:42:49.0611 4328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:42:49.0627 4328 usbccgp - ok
    18:42:49.0627 4328 usbcm - ok
    18:42:49.0674 4328 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:42:49.0721 4328 usbehci - ok
    18:42:49.0783 4328 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:42:49.0783 4328 usbhub - ok
    18:42:49.0830 4328 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:42:49.0830 4328 usbscan - ok
    18:42:49.0861 4328 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:42:49.0877 4328 USBSTOR - ok
    18:42:49.0924 4328 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:42:49.0940 4328 usbuhci - ok
    18:42:49.0940 4328 UVCFTR - ok
    18:42:49.0955 4328 UxTuneUp - ok
    18:42:49.0986 4328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:42:49.0986 4328 VgaSave - ok
    18:42:50.0002 4328 ViaIde - ok
    18:42:50.0033 4328 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:42:50.0049 4328 VolSnap - ok
    18:42:50.0096 4328 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
    18:42:50.0111 4328 VSS - ok
    18:42:50.0752 4328 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    18:42:50.0908 4328 vToolbarUpdater11.2.0 - ok
    18:42:50.0908 4328 vxsvc - ok
    18:42:50.0924 4328 w300mdm - ok
    18:42:51.0002 4328 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
    18:42:51.0018 4328 W32Time - ok
    18:42:51.0049 4328 w810bus - ok
    18:42:51.0190 4328 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:42:51.0190 4328 Wanarp - ok
    18:42:51.0190 4328 wcontrol - ok
    18:42:51.0361 4328 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    18:42:51.0377 4328 Wdf01000 - ok
    18:42:51.0393 4328 WDICA - ok
    18:42:51.0440 4328 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:42:51.0486 4328 wdmaud - ok
    18:42:51.0580 4328 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
    18:42:51.0596 4328 WebClient - ok
    18:42:51.0596 4328 websenseclientdeployservice - ok
    18:42:51.0768 4328 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
    18:42:51.0799 4328 winmgmt - ok
    18:42:51.0815 4328 winpower - ok
    18:42:52.0049 4328 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    18:42:52.0080 4328 WLSetupSvc - ok
    18:42:52.0111 4328 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
    18:42:52.0111 4328 WmdmPmSN - ok
    18:42:52.0502 4328 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
    18:42:52.0518 4328 Wmi - ok
    18:42:52.0596 4328 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
    18:42:52.0596 4328 WmiApSrv - ok
    18:42:52.0893 4328 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
    18:42:52.0908 4328 WMPNetworkSvc - ok
    18:42:52.0924 4328 WmXlCore - ok
    18:42:53.0002 4328 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    18:42:53.0002 4328 WS2IFSL - ok
    18:42:53.0033 4328 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
    18:42:53.0033 4328 wuauserv - ok
    18:42:53.0096 4328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:42:53.0096 4328 WudfPf - ok
    18:42:53.0111 4328 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:42:53.0143 4328 WudfRd - ok
    18:42:53.0174 4328 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
    18:42:53.0174 4328 WudfSvc - ok
    18:42:53.0440 4328 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
    18:42:53.0455 4328 WZCSVC - ok
    18:42:53.0471 4328 X10UIF - ok
    18:42:53.0533 4328 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
    18:42:53.0533 4328 xmlprov - ok
    18:42:53.0549 4328 YahooAUService - ok
    18:42:53.0549 4328 ZDCNDIS5 - ok
    18:42:53.0580 4328 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
    18:42:54.0236 4328 \Device\Harddisk0\DR0 - ok
    18:42:54.0268 4328 Boot (0x1200) (5873cdebd4162c7aa0143fc0177e18e0) \Device\Harddisk0\DR0\Partition0
    18:42:54.0268 4328 \Device\Harddisk0\DR0\Partition0 - ok
    18:42:54.0299 4328 Boot (0x1200) (431159caab94db8ad800b6ed5ac8e146) \Device\Harddisk0\DR0\Partition1
    18:42:54.0299 4328 \Device\Harddisk0\DR0\Partition1 - ok
    18:42:54.0315 4328 ============================================================
    18:42:54.0315 4328 Scan finished
    18:42:54.0315 4328 ============================================================
    18:42:54.0315 4320 Detected object count: 0
    18:42:54.0315 4320 Actual detected object count: 0
  5. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  6. randy

    randy Newcomer, in training Topic Starter Posts: 79

    looks like Norton internet security 2006 is running. but I cant locate where it is. I did a search and it says there is an error and it says report or dont send..? combofix is warning I continue at my own risk..what now?
  7. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Go on and run it.
  8. randy

    randy Newcomer, in training Topic Starter Posts: 79

    Combofix seems stuck. Deleting folders: has 5 folders listed. Been a while just sitting there, I am on my Androidms stuck, although
  9. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Restart to safe mode and try from there.
  10. randy

    randy Newcomer, in training Topic Starter Posts: 79

    Sorry Bronx..I can't seem to figure out how..
  11. randy

    randy Newcomer, in training Topic Starter Posts: 79

    Sorry Bronx..I can't seem to figure out how..
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Restart computer and keep tapping F8 key until menu appears.
    It'll look like this:

    [​IMG]
  13. randy

    randy Newcomer, in training Topic Starter Posts: 79

    Ok did that but nothing. Will try again
     
  14. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You did what and what "nothing"?
  15. randy

    randy Newcomer, in training Topic Starter Posts: 79

    Ok. Got it, trying to run combofix again
  16. randy

    randy Newcomer, in training Topic Starter Posts: 79

    It's running in safe mode.

    I did hit f8.. just not repeatedly is what I meant.
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    That's why I said TAPPING :)
  18. randy

    randy Newcomer, in training Topic Starter Posts: 79

    I know but I tried ..before I got the tapping instructions...I will try to be clearer in future
  19. randy

    randy Newcomer, in training Topic Starter Posts: 79

    ComboFix 12-07-19.02 - Randy Enns 07/19/2012 21:37:39.2.2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1652 [GMT -5:00]
    Running from: c:\documents and settings\Randy Enns\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton Internet Security 2006 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security 2006 *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\$NtUninstallKB21703$\2587071871
    .
    ---- Previous Run -------
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
    c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
    c:\documents and settings\Randy Enns\g2ax_customer_downloadhelper_win32_x86.exe
    c:\documents and settings\Randy Enns\WINDOWS
    c:\program files\Blinkx
    c:\program files\Blinkx\blinkx.ico
    c:\program files\Blinkx\blinkxss.exe
    c:\program files\Blinkx\blinkxstop.exe
    c:\program files\Blinkx\lang.dll
    c:\program files\Blinkx\templates\beat.ico
    c:\program files\Blinkx\templates\index.html
    c:\program files\Blinkx\templates\noflash.html
    c:\program files\Blinkx\templates\offline.html
    c:\program files\Blinkx\templates\offline.swf
    c:\program files\Blinkx\templates\uninstall.exe
    c:\windows\$NtUninstallKB21703$
    c:\windows\$NtUninstallKB21703$\2332286916\@
    c:\windows\$NtUninstallKB21703$\2332286916\bckfg.tmp
    c:\windows\$NtUninstallKB21703$\2332286916\cfg.ini
    c:\windows\$NtUninstallKB21703$\2332286916\Desktop.ini
    c:\windows\$NtUninstallKB21703$\2332286916\keywords
    c:\windows\$NtUninstallKB21703$\2332286916\kwrd.dll
    c:\windows\$NtUninstallKB21703$\2332286916\L\00000004.@
    c:\windows\$NtUninstallKB21703$\2332286916\L\1afb2d56
    c:\windows\$NtUninstallKB21703$\2332286916\L\201d3dde
    c:\windows\$NtUninstallKB21703$\2332286916\L\ebeoiplt
    c:\windows\$NtUninstallKB21703$\2332286916\U\00000001.@
    c:\windows\$NtUninstallKB21703$\2332286916\U\00000002.@
    c:\windows\$NtUninstallKB21703$\2332286916\U\00000004.@
    c:\windows\$NtUninstallKB21703$\2332286916\U\80000000.@
    c:\windows\$NtUninstallKB21703$\2332286916\U\80000004.@
    c:\windows\$NtUninstallKB21703$\2332286916\U\80000032.@
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\38884d6f22a9186c.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\dds_trash_log.cmd
    c:\windows\system32\SET478.tmp
    c:\windows\system32\SET479.tmp
    c:\windows\system32\SET4AE.tmp
    c:\windows\system32\SET4B3.tmp
    .
    -- Previous Run --
    .
    c:\windows\system32\drivers\cdrom.sys was missing
    Restored copy from - c:\windows\system32\dllcache\cdrom.sys
    .
    --------
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-20 to 2012-07-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-20 01:53 . 2008-04-13 15:40 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys
    2012-07-20 01:53 . 2008-04-13 15:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
    2012-07-19 01:16 . 2012-07-19 01:16 -------- d-----w- c:\documents and settings\Randy Enns\Application Data\Malwarebytes
    2012-07-19 01:15 . 2012-07-19 01:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-07-19 01:15 . 2012-07-19 01:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-19 01:15 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-11 20:16 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2012-07-11 19:07 . 2012-07-11 19:07 -------- d-----w- C:\3359bb307089d46d58a69cb8
    2012-07-11 18:29 . 2012-07-11 18:29 -------- d-----w- c:\documents and settings\Randy Enns\Local Settings\Application Data\AVG Secure Search
    2012-07-10 18:17 . 2012-07-10 18:17 -------- d-----w- c:\documents and settings\Tana Lynn\Local Settings\Application Data\AVG Secure Search
    2012-07-07 16:38 . 2012-07-07 16:38 -------- d-----w- c:\documents and settings\Randy Enns\Application Data\AVG Secure Search
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-13 13:19 . 2006-01-29 21:54 1866112 ------w- c:\windows\system32\win32k.sys
    2012-06-05 15:50 . 2008-09-22 02:08 1372672 ------w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50 . 2006-01-29 21:54 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32 . 2006-01-29 21:54 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19 . 2007-06-23 15:02 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19 . 2007-06-23 15:02 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19 . 2006-01-29 23:08 329240 ----a-w- c:\windows\system32\wucltui.dll
    2012-06-02 19:19 . 2006-01-29 23:08 210968 ----a-w- c:\windows\system32\wuweb.dll
    2012-06-02 19:19 . 2006-01-29 23:08 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19 . 2007-06-23 15:02 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19 . 2006-01-29 23:08 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 19:19 . 2006-01-29 23:08 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 19:19 . 2006-01-29 21:54 97304 ----a-w- c:\windows\system32\cdm.dll
    2012-06-02 19:19 . 2005-05-26 12:16 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 19:19 . 2007-06-23 15:02 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:19 . 2006-01-29 23:08 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 19:19 . 2006-01-29 23:08 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 19:18 . 2007-10-15 15:19 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18 . 2007-10-15 15:19 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 19:18 . 2007-10-15 15:19 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22 . 2006-01-29 21:54 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08 . 2006-01-29 21:54 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42 . 2006-01-29 21:54 43520 ------w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42 . 2006-01-29 21:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38 . 2006-01-29 21:54 385024 ------w- c:\windows\system32\html.iec
    2012-05-04 13:16 . 2006-01-29 21:54 2148352 ------w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46 . 2006-01-29 23:05 139656 ------w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-17 22:35 . 2012-07-12 21:00 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
    2011-06-01 18:28 1236400 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-10 18:04 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
  20. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I assume some more is coming?
  21. randy

    randy Newcomer, in training Topic Starter Posts: 79

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    2011-05-30 13:48 87480 ----a-w- c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-06-07 01:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}"= "c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\bsdtxmltbpi.dll" [2011-05-30 87480]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-10 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-04 16206848]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "TFncKy"="TFncKy.exe" [BU]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-02 802816]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-02 696320]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
    "NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
    "TPSMain"="TPSMain.exe" [2005-06-01 282624]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-10 1107552]
    "HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-18 36960]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    c:\documents and settings\Tana Lynn\Start Menu\Programs\Startup\
    FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [N/A]
    .
    c:\documents and settings\Randy Enns\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Device Monitor 3.lnk - c:\program files\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe [2011-10-22 542064]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-1-29 155648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
    2010-02-23 18:55 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\RhinoSoft.com\\FTP Voyager\\FTPVoyager.exe"=
    "c:\\Program Files\\RhinoSoft.com\\FTP Voyager\\FVScheduler.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\BearShare Applications\\MediaBar\\Datamngr\\ToolBar\\dtUser.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 5:27 PM 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 5:48 AM 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 6:12 AM 230608]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 9:25 AM 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 9:09 AM 192776]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/18/2012 8:15 PM 655944]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/10/2012 1:04 PM 935008]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/3/2010 5:23 PM 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/3/2010 5:23 PM 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/3/2010 5:23 PM 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/18/2012 8:15 PM 22344]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2/5/2011 5:42 PM 374152]
    S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\209\g2ax_service.exe [2/23/2010 1:56 PM 161144]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [7/12/2012 4:00 PM 113120]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [11/4/2011 12:26 PM 18432]
    S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" --> c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [?]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    NETSVCS REQUIRES REPAIRS - current entries shown
    6to4
    AppMgmt
    AudioSrv
    Browser
    CryptSvc
    DMServer
    DHCP
    ERSvc
    EventSystem
    FastUserSwitchingCompatibility
    HidServ
    Ias
    Iprip
    Irmon
    LanmanServer
    LanmanWorkstation
    Messenger
    Netman
    Nla
    Ntmssvc
    NWCWorkstation
    Nwsapagent
    Rasauto
    Rasman
    usbcm
    btfirst
    kerbkey
    ssm_mdfl
    s116bus
    lgsnd_filter
    captureservice
    d-link_st3402
    ss_bus
    symidsco
    procdd
    UxTuneUp
    JRAID
    mclogmanagerservice
    btwdins
    sqlagent$sony_mediamgr
    X10UIF
    raysatxsi5_0server
    dphost
    McciCMService
    mcdetect.exe
    REVO
    backupexecalertserver
    ps2
    UVCFTR
    REVOSENS
    igniteservice.exe
    tunnelguardservice
    mozyFilter
    avinitnt
    tomcatcws3
    FINEPIX_PCC
    sqlagent$soshome22
    hwpsgt
    gdihook5
    se58mdfl
    mrvw245
    mwssched
    ssmdrv
    srtspx
    ccalib8
    cpqfws2e
    qbposdbservices
    hnmsvc
    oracle_load_balancer_60_client-forms6ip9
    winpower
    cpqdfw
    wcontrol
    WmXlCore
    obvious
    se44mdfl
    superproserver
    adfs
    MSMQ
    TPECioCtl
    pdlncfwk
    roxupnprenderer
    aamqdispatcher
    vxsvc
    mbr
    iaimfp4
    se44bus
    sdhelper
    s616obex
    k750bus
    symndis
    RapiMgr
    pdlnemap
    ufad-ws60
    uploadmgr
    Defrag32b
    BoiHwsetup
    YahooAUService
    SNTIE
    SiSRaid2
    ATMsrvc
    retroexplauncher
    parallel
    w810bus
    btkrnl
    mcafeeframework
    websenseclientdeployservice
    mwstick
    s616mdfl
    mssql$microsoftsmlbiz
    adihdaudaddservice
    se58bus
    MSICPL
    lxct_device
    PID_08A0
    cvspydr2
    datunidr
    dot4ufd
    w300mdm
    KR10N
    tb2launch
    ZDCNDIS5
    rnadirectory
    amfilter
    kodakccs
    Remoteaccess
    Schedule
    Seclogon
    SENS
    Sharedaccess
    SRService
    Tapisrv
    Themes
    TrkWks
    W32Time
    WZCSVC
    Wmi
    WmdmPmSp
    winmgmt
    wscsvc
    xmlprov
    MHN
    BITS
    wuauserv
    ShellHWDetection
    helpsvc
    WmdmPmSN
    napagent
    hkmsvc
    .
    Rebuilding ... You need to reboot your machine for this to take effect.
    .
    TermService
    ip6fwhlp
    sacsvr
    trksvr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 20:34]
    .
    2012-07-20 c:\windows\Tasks\DriverScanner.job
    - c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2011-07-25 18:22]
    .
    2012-07-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2012-06-07 01:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.bearshare.com/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\documents and settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://canuckscorner.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-19 21:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1116)
    c:\program files\Citrix\GoToAssist Express Customer\209\g2ax_winlogon.dll
    .
    - - - - - - - > 'explorer.exe'(2904)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\RhinoSoft.com\FTP Voyager\ftpshext.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\DVDRAMSV.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\RTHDCPL.EXE
    c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
    c:\program files\Synaptics\SynTP\Toshiba.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\TPSMain.exe
    c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
    c:\windows\system32\TPSBattM.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-19 22:02:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-20 03:02
    .
    Pre-Run: 115,512,733,696 bytes free
    Post-Run: 113,203,269,632 bytes free
    .
    - - End Of File - - E085CA572BEA57EA3E38F434B532C1BB
  22. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    That looks good :)

    Restart in normal mode.

    How is computer doing overall?

    ====================================

    Reinstall AVG.

    Run Norton removal tool to remove Norton's leftovers: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    ====================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =======================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  23. randy

    randy Newcomer, in training Topic Starter Posts: 79

    Removal tool running..computer seems ok...will reboot after and run next instructions
  24. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Don't forget to reinstall AVG.
  25. randy

    randy Newcomer, in training Topic Starter Posts: 79

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.20.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Randy Enns :: RANDY [administrator]

    Protection: Enabled

    7/19/2012 10:33:16 PM
    mbam-log-2012-07-19 (22-33-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 303045
    Time elapsed: 8 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.