System Check virus

Resolved
By carola89
Jan 15, 2012
Topic Status:
Not open for further replies.
  1. system check virus wont let me see my desktop icons and my start is also empty, i used superantispyware and this is the log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/15/2012 at 04:07 PM

    Application Version : 5.0.1142

    Core Rules Database Version : 8064
    Trace Rules Database Version: 5876

    Scan type : Complete Scan
    Total Scan Time : 01:20:13

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC Off - Administrator

    Memory items scanned : 364
    Memory threats detected : 0
    Registry items scanned : 72779
    Registry threats detected : 3
    File items scanned : 80305
    File threats detected : 437

    Disabled.TaskManager
    (x86) HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
    (x86) HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

    Adware.Tracking Cookie
    Edit: Excess Tracking Cookies have been reviewed and removed by Bobbye

    Trojan.Agent/Gen-FakeAlert[Local]
    (x86) [ipyJfmDvPvAd.exe] C:\PROGRAMDATA\IPYJFMDVPVAD.EXE
    C:\PROGRAMDATA\IPYJFMDVPVAD.EXE
    C:\PROGRAMDATA\KA9SCFN44BQ3M6.EXE
    C:\USERS\CAROLA\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\SYSTEM CHECK.LNK
    C:\USERS\CAROLA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM CHECK\SYSTEM CHECK.LNK
    C:\USERS\CAROLA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SYSTEM CHECK\UNINSTALL SYSTEM CHECK.LNK
    C:\USERS\CAROLA\DESKTOP\SYSTEM CHECK.LNK

    Trojan.Agent/Gen
    C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\USERS\CAROLA\APPDATA\LOCAL\TEMP\QTMLCLIENT.DLL
    C:\USERS\CAROLA\APPDATA\LOCAL\TEMP\QTMLCLIENT.DLL

    Trojan.Agent/Gen-Autorun[Swisyn]
    C:\SYSTEM VOLUME INFORMATION\SYSTEMRESTORE\FRSTAGING\USERS\CAROLA\APPDATA\LOCAL\TEMP\LAUMIN.EXE
    C:\USERS\CAROLA\APPDATA\LOCAL\TEMP\LAUMIN.EXE
  2. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    now the computer starts without the system check appearing but the start is still empty and programs such as norton are not running.
    tried running combomix but the computer restarted with a blue screen that said it was protecting from permanent damage
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! System Check is surely making the rounds! The following should help:

    1. Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: This does not remove the malware- only the attribute causing these features to appear 'missing- so it's important to continue.
    =============================================
    The Task Manager has been disabled- please do the following:

    Press Windows+R key> type cmd> OK
    Copy and run this command
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr
    Press Enter
    ----------------------------------
    If the Desktop is blank> Copy and run this command:
    Code:
    Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoDesktop[/b]
    Press Enter
    ========================================
    Did you check the line in Superantispyware to remove the entries it finds? If you did not, please run it again with that line checked
    ======================================
    If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
    • System Check is a fake (Rogue) computer analysis and optimization program.
    • The 'alerts' tell you the problems have lead to corrupt and missing data
    • It will display false error messages and security warnings.
    • It "hides" Icons, desktop, programs and files so that they appear to be missing and some programs can't be run
    • This can be installed through hacked sites that exploit vulnerabilities on the system or through fake online scanner pages
    • The malware is configured to automatically start when you logon to Windows.
    • It can also be started if you click on any of these alerts.
    Note: You may not experience all of the above, but it is important to tell me what problems you do have.
    ============================================
    Please print out the following instructions. It is important that the order of the scan below be followed exactly. Please read through all of the instructions before you begin.
    ================================
    2. Boot into Safe Mode with Networking
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Options menu appears, using your up/down arrows to reach it and then press ENTER.
    =======================================
    3. To end the processes that belong to the rogue program:
    Please click on RKill
    • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
    • Double click on the iExplore.exe icon
    • Please be patient- it may take a bit.
    • The black Window will close when through and you can continue.
    Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
    =======================================
    Do not reboot your computer after running RKill as the malware programs will start again.
    ================================
    4. This malware frequently comes with the TDSSrootkit, so do the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43 Save log and post in next reply.
    • After clicking Next, the utility applies selected actions and outputs the result. Save the log to include in your next post.
    • A reboot is required after disinfection.
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    5. Preliminary Virus and Malware Removal.
    For now, just download Malwarebytes and save to the desktop. Use the link in the thread. Make one change: On the Scanner tab, make sure the the Perform Full Scan option is selected
    • Click on the Scan button.
    • When scan has finished, you will see this image:
      [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheck Word Wrap before copying the log to paste in your next reply.
    ==============================
    6. Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
    For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
    =====================================
    7. Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    ====================================
    You can now reboot back into Normal Mode.
    =====================================
    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    If there is any problem, stop and let me know,
    ====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  4. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    thank you for your help
    unhide worked perfectly

    i get an error when i try to restore task manager and desktop

    C:\Users\carola>Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows
    \CurrentVersion\Policies\System /v DisableTaskMgr
    Delete the registry value DisableTaskMgr (Yes/No)? ERROR: The system was unable
    to find the specified registry key or value.



    C:\Users\carola>Echo y | reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows
    \CurrentVersion\Policies\Explorer /v NoDesktop[/b]
    Delete the registry value NoDesktop[/b] (Yes/No)? ERROR: Access is denied.

    what should i do? skip this step?
  5. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    rkill

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/15/2012 at 18:48:37.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    \\.\globalroot\systemroot\svchost.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe


    Rkill completed on 01/15/2012 at 18:48:41.
  6. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    tdsskiller

    TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
    18:52:13.0279 2544 ============================================================
    18:52:13.0279 2544 Current date / time: 2012/01/15 18:52:13.0279
    18:52:13.0279 2544 SystemInfo:
    18:52:13.0279 2544
    18:52:13.0279 2544 OS Version: 6.1.7601 ServicePack: 1.0
    18:52:13.0279 2544 Product type: Workstation
    18:52:13.0279 2544 ComputerName: CAROLA-HP
    18:52:13.0279 2544 UserName: carola
    18:52:13.0279 2544 Windows directory: C:\Windows
    18:52:13.0279 2544 System windows directory: C:\Windows
    18:52:13.0279 2544 Running under WOW64
    18:52:13.0279 2544 Processor architecture: Intel x64
    18:52:13.0279 2544 Number of processors: 1
    18:52:13.0279 2544 Page size: 0x1000
    18:52:13.0279 2544 Boot type: Safe boot with network
    18:52:13.0279 2544 ============================================================
    18:52:14.0465 2544 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
    18:52:14.0558 2544 Initialize success
    18:52:23.0918 2612 ============================================================
    18:52:23.0918 2612 Scan started
    18:52:23.0918 2612 Mode: Manual;
    18:52:23.0918 2612 ============================================================
    18:52:25.0806 2612 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    18:52:25.0806 2612 1394ohci - ok
    18:52:25.0900 2612 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    18:52:25.0931 2612 ACPI - ok
    18:52:26.0089 2612 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    18:52:26.0090 2612 AcpiPmi - ok
    18:52:26.0348 2612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    18:52:26.0354 2612 adp94xx - ok
    18:52:26.0511 2612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    18:52:26.0515 2612 adpahci - ok
    18:52:26.0575 2612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    18:52:26.0589 2612 adpu320 - ok
    18:52:26.0645 2612 Afc - ok
    18:52:26.0796 2612 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    18:52:26.0802 2612 AFD - ok
    18:52:26.0960 2612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    18:52:26.0962 2612 agp440 - ok
    18:52:27.0009 2612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    18:52:27.0009 2612 aliide - ok
    18:52:27.0430 2612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    18:52:27.0430 2612 amdide - ok
    18:52:27.0555 2612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    18:52:27.0555 2612 AmdK8 - ok
    18:52:27.0804 2612 amdkmdag (4bffead896affbc80c86f62cd18f17c9) C:\Windows\system32\DRIVERS\atipmdag.sys
    18:52:27.0929 2612 amdkmdag - ok
    18:52:28.0102 2612 amdkmdap (a7155a832f24cf5b048f6048380636ec) C:\Windows\system32\DRIVERS\atikmpag.sys
    18:52:28.0104 2612 amdkmdap - ok
    18:52:28.0188 2612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    18:52:28.0189 2612 AmdPPM - ok
    18:52:28.0244 2612 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\DRIVERS\amdsata.sys
    18:52:28.0245 2612 amdsata - ok
    18:52:28.0398 2612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    18:52:28.0401 2612 amdsbs - ok
    18:52:28.0425 2612 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\DRIVERS\amdxata.sys
    18:52:28.0433 2612 amdxata - ok
    18:52:28.0502 2612 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    18:52:28.0503 2612 AppID - ok
    18:52:28.0725 2612 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    18:52:28.0727 2612 arc - ok
    18:52:28.0772 2612 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    18:52:28.0773 2612 arcsas - ok
    18:52:28.0866 2612 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
    18:52:28.0867 2612 aswFsBlk - ok
    18:52:29.0040 2612 aswFW (78c8f46f4bd5f9dcfe2af5dfea33f334) C:\Windows\system32\drivers\aswFW.sys
    18:52:29.0040 2612 aswFW - ok
    18:52:29.0165 2612 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
    18:52:29.0165 2612 aswMonFlt - ok
    18:52:29.0321 2612 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
    18:52:29.0337 2612 aswNdis - ok
    18:52:29.0415 2612 aswNdis2 (a985fa77a3262bc119e6e520cda645b0) C:\Windows\system32\drivers\aswNdis2.sys
    18:52:29.0430 2612 aswNdis2 - ok
    18:52:29.0477 2612 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
    18:52:29.0477 2612 aswRdr - ok
    18:52:29.0618 2612 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
    18:52:29.0633 2612 aswSnx - ok
    18:52:29.0789 2612 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
    18:52:29.0789 2612 aswSP - ok
    18:52:29.0867 2612 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
    18:52:29.0867 2612 aswTdi - ok
    18:52:30.0008 2612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    18:52:30.0008 2612 AsyncMac - ok
    18:52:30.0101 2612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    18:52:30.0101 2612 atapi - ok
    18:52:30.0304 2612 athr (40734f3a5eec4c4ac6a1faf10b293714) C:\Windows\system32\DRIVERS\athrx.sys
    18:52:30.0335 2612 athr - ok
    18:52:30.0522 2612 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
    18:52:30.0522 2612 AtiPcie - ok
    18:52:30.0850 2612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    18:52:30.0866 2612 b06bdrv - ok
    18:52:30.0986 2612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:52:30.0990 2612 b57nd60a - ok
    18:52:31.0093 2612 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    18:52:31.0094 2612 Beep - ok
    18:52:31.0477 2612 BHDrvx64 (446b2c459a7d11cd71350235d6977e2a) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
    18:52:31.0530 2612 BHDrvx64 - ok
    18:52:31.0674 2612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    18:52:31.0675 2612 blbdrive - ok
    18:52:31.0786 2612 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    18:52:31.0787 2612 bowser - ok
    18:52:31.0902 2612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:52:31.0904 2612 BrFiltLo - ok
    18:52:31.0919 2612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:52:31.0919 2612 BrFiltUp - ok
    18:52:32.0012 2612 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    18:52:32.0012 2612 BridgeMP - ok
    18:52:32.0137 2612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    18:52:32.0137 2612 Brserid - ok
    18:52:32.0168 2612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    18:52:32.0168 2612 BrSerWdm - ok
    18:52:32.0215 2612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:52:32.0215 2612 BrUsbMdm - ok
    18:52:32.0231 2612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    18:52:32.0231 2612 BrUsbSer - ok
    18:52:32.0355 2612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    18:52:32.0355 2612 BTHMODEM - ok
    18:52:32.0496 2612 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    18:52:32.0511 2612 cdfs - ok
    18:52:32.0901 2612 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    18:52:32.0901 2612 cdrom - ok
    18:52:33.0073 2612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    18:52:33.0073 2612 circlass - ok
    18:52:33.0151 2612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    18:52:33.0167 2612 CLFS - ok
    18:52:33.0323 2612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    18:52:33.0323 2612 CmBatt - ok
    18:52:33.0385 2612 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    18:52:33.0385 2612 cmdide - ok
    18:52:33.0447 2612 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    18:52:33.0447 2612 CNG - ok
    18:52:33.0603 2612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    18:52:33.0603 2612 Compbatt - ok
    18:52:33.0666 2612 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    18:52:33.0666 2612 CompositeBus - ok
    18:52:33.0775 2612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    18:52:33.0775 2612 crcdisk - ok
    18:52:33.0962 2612 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    18:52:33.0962 2612 DfsC - ok
    18:52:34.0047 2612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    18:52:34.0049 2612 discache - ok
    18:52:34.0183 2612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    18:52:34.0184 2612 Disk - ok
    18:52:34.0300 2612 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    18:52:34.0301 2612 drmkaud - ok
    18:52:34.0425 2612 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    18:52:34.0435 2612 DXGKrnl - ok
    18:52:34.0675 2612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    18:52:34.0762 2612 ebdrv - ok
    18:52:34.0999 2612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    18:52:35.0005 2612 elxstor - ok
    18:52:35.0077 2612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    18:52:35.0077 2612 ErrDev - ok
    18:52:35.0217 2612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    18:52:35.0217 2612 exfat - ok
    18:52:35.0280 2612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    18:52:35.0280 2612 fastfat - ok
    18:52:35.0358 2612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    18:52:35.0358 2612 fdc - ok
    18:52:35.0483 2612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    18:52:35.0514 2612 FileInfo - ok
    18:52:35.0545 2612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    18:52:35.0545 2612 Filetrace - ok
    18:52:35.0592 2612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    18:52:35.0592 2612 flpydisk - ok
    18:52:35.0670 2612 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    18:52:35.0670 2612 FltMgr - ok
    18:52:35.0763 2612 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    18:52:35.0763 2612 FsDepends - ok
    18:52:35.0857 2612 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
    18:52:35.0857 2612 fssfltr - ok
    18:52:35.0935 2612 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    18:52:35.0935 2612 Fs_Rec - ok
    18:52:36.0169 2612 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    18:52:36.0169 2612 fvevol - ok
    18:52:36.0278 2612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:52:36.0278 2612 gagp30kx - ok
    18:52:36.0419 2612 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:52:36.0419 2612 GEARAspiWDM - ok
    18:52:36.0497 2612 GUCI_AVS (bbb07caa382dc143b78efcde104fd213) C:\Windows\system32\DRIVERS\GUCI_AVS.sys
    18:52:36.0512 2612 GUCI_AVS - ok
    18:52:36.0638 2612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    18:52:36.0655 2612 hcw85cir - ok
    18:52:36.0855 2612 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    18:52:36.0860 2612 HdAudAddService - ok
    18:52:36.0962 2612 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    18:52:36.0963 2612 HDAudBus - ok
    18:52:37.0053 2612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    18:52:37.0054 2612 HidBatt - ok
    18:52:37.0115 2612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    18:52:37.0117 2612 HidBth - ok
    18:52:37.0207 2612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    18:52:37.0208 2612 HidIr - ok
    18:52:37.0347 2612 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
    18:52:37.0349 2612 HidUsb - ok
    18:52:37.0667 2612 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    18:52:37.0668 2612 HpSAMD - ok
    18:52:37.0823 2612 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    18:52:37.0854 2612 HTTP - ok
    18:52:38.0048 2612 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    18:52:38.0048 2612 hwpolicy - ok
    18:52:38.0126 2612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    18:52:38.0126 2612 i8042prt - ok
    18:52:38.0220 2612 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    18:52:38.0235 2612 iaStorV - ok
    18:52:38.0579 2612 IDSVia64 (6f9b281bc4afff5fe784d7da699d347f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys
    18:52:38.0594 2612 IDSVia64 - ok
    18:52:38.0922 2612 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:52:39.0343 2612 igfx - ok
    18:52:39.0499 2612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    18:52:39.0499 2612 iirsp - ok
    18:52:39.0655 2612 IntcAzAudAddService (d311e2dd59a34079d89c249b2a4d9fdb) C:\Windows\system32\drivers\RTKVHD64.sys
    18:52:39.0702 2612 IntcAzAudAddService - ok
    18:52:39.0827 2612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    18:52:39.0842 2612 intelide - ok
    18:52:39.0889 2612 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    18:52:39.0920 2612 intelppm - ok
    18:52:40.0045 2612 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:52:40.0045 2612 IpFilterDriver - ok
    18:52:40.0154 2612 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    18:52:40.0185 2612 IPMIDRV - ok
    18:52:40.0310 2612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    18:52:40.0310 2612 IPNAT - ok
    18:52:40.0419 2612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    18:52:40.0419 2612 IRENUM - ok
    18:52:40.0747 2612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    18:52:40.0747 2612 isapnp - ok
    18:52:40.0778 2612 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    18:52:40.0794 2612 iScsiPrt - ok
    18:52:41.0215 2612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    18:52:41.0215 2612 kbdclass - ok
    18:52:41.0418 2612 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    18:52:41.0465 2612 kbdhid - ok
    18:52:41.0652 2612 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    18:52:41.0652 2612 KSecDD - ok
    18:52:41.0761 2612 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    18:52:41.0761 2612 KSecPkg - ok
    18:52:41.0886 2612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    18:52:41.0886 2612 ksthunk - ok
    18:52:42.0120 2612 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    18:52:42.0120 2612 lltdio - ok
    18:52:42.0229 2612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:52:42.0245 2612 LSI_FC - ok
    18:52:42.0385 2612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:52:42.0401 2612 LSI_SAS - ok
    18:52:42.0510 2612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:52:42.0541 2612 LSI_SAS2 - ok
    18:52:42.0619 2612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:52:42.0650 2612 LSI_SCSI - ok
    18:52:42.0728 2612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    18:52:42.0728 2612 luafv - ok
    18:52:42.0947 2612 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    18:52:42.0947 2612 MBAMProtector - ok
    18:52:43.0071 2612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    18:52:43.0103 2612 megasas - ok
    18:52:43.0259 2612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    18:52:43.0259 2612 MegaSR - ok
    18:52:43.0399 2612 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    18:52:43.0399 2612 Modem - ok
    18:52:43.0524 2612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    18:52:43.0524 2612 monitor - ok
    18:52:43.0602 2612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
    18:52:43.0602 2612 mouclass - ok
    18:52:43.0773 2612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    18:52:43.0805 2612 mouhid - ok
    18:52:43.0851 2612 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    18:52:43.0851 2612 mountmgr - ok
    18:52:43.0929 2612 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    18:52:43.0929 2612 mpio - ok
    18:52:44.0039 2612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    18:52:44.0039 2612 mpsdrv - ok
    18:52:44.0101 2612 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    18:52:44.0101 2612 MRxDAV - ok
    18:52:44.0148 2612 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:52:44.0179 2612 mrxsmb - ok
    18:52:44.0335 2612 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:52:44.0335 2612 mrxsmb10 - ok
    18:52:44.0413 2612 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:52:44.0429 2612 mrxsmb20 - ok
    18:52:44.0507 2612 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    18:52:44.0522 2612 msahci - ok
    18:52:45.0221 2612 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    18:52:45.0223 2612 msdsm - ok
    18:52:45.0302 2612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    18:52:45.0303 2612 Msfs - ok
    18:52:45.0413 2612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    18:52:45.0415 2612 mshidkmdf - ok
    18:52:45.0469 2612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    18:52:45.0470 2612 msisadrv - ok
    18:52:45.0609 2612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    18:52:45.0636 2612 MSKSSRV - ok
    18:52:45.0746 2612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    18:52:45.0747 2612 MSPCLOCK - ok
    18:52:45.0782 2612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    18:52:45.0783 2612 MSPQM - ok
    18:52:45.0839 2612 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    18:52:45.0839 2612 MsRPC - ok
    18:52:45.0901 2612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    18:52:45.0901 2612 mssmbios - ok
    18:52:45.0995 2612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    18:52:46.0010 2612 MSTEE - ok
    18:52:46.0057 2612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    18:52:46.0088 2612 MTConfig - ok
    18:52:46.0276 2612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    18:52:46.0291 2612 Mup - ok
    18:52:46.0650 2612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    18:52:46.0650 2612 NativeWifiP - ok
    18:52:46.0964 2612 NAVENG (956f589c6a7dde71dc6b03be633ebf23) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\ENG64.SYS
    18:52:46.0967 2612 NAVENG - ok
    18:52:47.0248 2612 NAVEX15 (ee7a0e2478e7cd1a199d1b82e3a69b3e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20101201.025\EX64.SYS
    18:52:47.0313 2612 NAVEX15 - ok
    18:52:47.0496 2612 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    18:52:47.0506 2612 NDIS - ok
    18:52:47.0679 2612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    18:52:47.0681 2612 NdisCap - ok
    18:52:47.0827 2612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    18:52:47.0835 2612 NdisTapi - ok
    18:52:47.0934 2612 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    18:52:47.0934 2612 Ndisuio - ok
    18:52:48.0075 2612 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    18:52:48.0075 2612 NdisWan - ok
    18:52:48.0121 2612 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    18:52:48.0121 2612 NDProxy - ok
    18:52:48.0293 2612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    18:52:48.0293 2612 NetBIOS - ok
    18:52:48.0355 2612 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    18:52:48.0355 2612 NetBT - ok
    18:52:48.0761 2612 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
    18:52:48.0917 2612 netw5v64 - ok
    18:52:49.0073 2612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    18:52:49.0073 2612 nfrd960 - ok
    18:52:49.0151 2612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    18:52:49.0151 2612 Npfs - ok
    18:52:49.0198 2612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    18:52:49.0198 2612 nsiproxy - ok
    18:52:49.0369 2612 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    18:52:49.0385 2612 Ntfs - ok
    18:52:49.0510 2612 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    18:52:49.0510 2612 Null - ok
    18:52:49.0557 2612 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    18:52:49.0557 2612 nvraid - ok
    18:52:49.0635 2612 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    18:52:49.0635 2612 nvstor - ok
    18:52:49.0759 2612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    18:52:49.0759 2612 nv_agp - ok
    18:52:49.0822 2612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    18:52:49.0822 2612 ohci1394 - ok
    18:52:50.0009 2612 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    18:52:50.0040 2612 Parport - ok
    18:52:50.0134 2612 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    18:52:50.0134 2612 partmgr - ok
    18:52:50.0196 2612 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    18:52:50.0196 2612 pci - ok
    18:52:50.0290 2612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    18:52:50.0290 2612 pciide - ok
    18:52:50.0368 2612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    18:52:50.0368 2612 pcmcia - ok
    18:52:50.0399 2612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    18:52:50.0399 2612 pcw - ok
    18:52:50.0508 2612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    18:52:50.0524 2612 PEAUTH - ok
    18:52:50.0742 2612 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    18:52:50.0758 2612 PptpMiniport - ok
    18:52:50.0805 2612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    18:52:50.0805 2612 Processor - ok
    18:52:51.0023 2612 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    18:52:51.0023 2612 Psched - ok
    18:52:51.0148 2612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    18:52:51.0179 2612 ql2300 - ok
    18:52:51.0304 2612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    18:52:51.0304 2612 ql40xx - ok
    18:52:51.0429 2612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    18:52:51.0444 2612 QWAVEdrv - ok
    18:52:51.0460 2612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    18:52:51.0460 2612 RasAcd - ok
    18:52:51.0538 2612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:52:51.0538 2612 RasAgileVpn - ok
    18:52:51.0647 2612 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:52:51.0647 2612 Rasl2tp - ok
    18:52:51.0663 2612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    18:52:51.0663 2612 RasPppoe - ok
    18:52:51.0694 2612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    18:52:51.0694 2612 RasSstp - ok
    18:52:51.0756 2612 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    18:52:51.0756 2612 rdbss - ok
    18:52:51.0881 2612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    18:52:51.0881 2612 rdpbus - ok
    18:52:51.0897 2612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:52:51.0897 2612 RDPCDD - ok
    18:52:51.0975 2612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    18:52:51.0990 2612 RDPENCDD - ok
    18:52:52.0068 2612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    18:52:52.0068 2612 RDPREFMP - ok
    18:52:52.0177 2612 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    18:52:52.0193 2612 RDPWD - ok
    18:52:52.0287 2612 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    18:52:52.0287 2612 rdyboost - ok
    18:52:52.0443 2612 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    18:52:52.0443 2612 RimUsb - ok
    18:52:52.0505 2612 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    18:52:52.0505 2612 RimVSerPort - ok
    18:52:52.0567 2612 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    18:52:52.0567 2612 ROOTMODEM - ok
    18:52:52.0973 2612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    18:52:52.0973 2612 rspndr - ok
    18:52:53.0129 2612 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys
    18:52:53.0129 2612 RTL8167 - ok
    18:52:53.0363 2612 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    18:52:53.0363 2612 SASDIFSV - ok
    18:52:53.0363 2612 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    18:52:53.0394 2612 SASKUTIL - ok
    18:52:53.0550 2612 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    18:52:53.0550 2612 sbp2port - ok
    18:52:53.0597 2612 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    18:52:53.0597 2612 scfilter - ok
    18:52:53.0800 2612 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
    18:52:53.0800 2612 sdbus - ok
    18:52:53.0893 2612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    18:52:53.0893 2612 secdrv - ok
    18:52:54.0081 2612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    18:52:54.0081 2612 Serenum - ok
    18:52:54.0127 2612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    18:52:54.0127 2612 Serial - ok
    18:52:54.0174 2612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    18:52:54.0174 2612 sermouse - ok
    18:52:54.0315 2612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    18:52:54.0315 2612 sffdisk - ok
    18:52:54.0377 2612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    18:52:54.0377 2612 sffp_mmc - ok
    18:52:54.0393 2612 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    18:52:54.0393 2612 sffp_sd - ok
    18:52:54.0439 2612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    18:52:54.0439 2612 sfloppy - ok
    18:52:54.0673 2612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:52:54.0673 2612 SiSRaid2 - ok
    18:52:54.0736 2612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    18:52:54.0736 2612 SiSRaid4 - ok
    18:52:54.0907 2612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    18:52:54.0907 2612 Smb - ok
    18:52:54.0970 2612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    18:52:54.0985 2612 spldr - ok
    18:52:55.0157 2612 SRTSP (9a359fb3d10c9de23edc427ada8ac8be) C:\Windows\system32\drivers\N360x64\0500000.07D\SRTSP64.SYS
    18:52:55.0157 2612 SRTSP - ok
    18:52:55.0313 2612 SRTSPX (a14a9aaa8005d411ef1657601f55776d) C:\Windows\system32\drivers\N360x64\0500000.07D\SRTSPX64.SYS
    18:52:55.0329 2612 SRTSPX - ok
    18:52:55.0391 2612 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    18:52:55.0391 2612 srv - ok
    18:52:55.0500 2612 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    18:52:55.0500 2612 srv2 - ok
    18:52:55.0641 2612 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    18:52:55.0641 2612 SrvHsfHDA - ok
    18:52:55.0703 2612 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    18:52:55.0719 2612 SrvHsfV92 - ok
    18:52:55.0828 2612 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    18:52:55.0859 2612 SrvHsfWinac - ok
    18:52:55.0984 2612 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    18:52:55.0984 2612 srvnet - ok
    18:52:56.0093 2612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    18:52:56.0093 2612 stexstor - ok
    18:52:56.0233 2612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    18:52:56.0233 2612 swenum - ok
    18:52:56.0483 2612 SymDS (6d33d1669b3b6193658129d1767a4aff) C:\Windows\system32\drivers\N360x64\0500000.07D\SYMDS64.SYS
    18:52:56.0514 2612 SymDS - ok
    18:52:56.0873 2612 SymEFA (9acc52c79420236dcb1ab1a17ed0df2e) C:\Windows\system32\drivers\N360x64\0500000.07D\SYMEFA64.SYS
    18:52:56.0889 2612 SymEFA - ok
    18:52:57.0060 2612 SymEvent (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    18:52:57.0091 2612 SymEvent - ok
    18:52:57.0169 2612 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0500000.07D\Ironx64.SYS
    18:52:57.0169 2612 SymIRON - ok
    18:52:57.0388 2612 SymNetS (af56ca02f9dc706709c0a7df5c1dab82) C:\Windows\system32\drivers\N360x64\0500000.07D\SYMNETS.SYS
    18:52:57.0388 2612 SymNetS - ok
    18:52:57.0559 2612 SynTP (868dfb220a18312a12cef01ba9ac069b) C:\Windows\system32\DRIVERS\SynTP.sys
    18:52:57.0559 2612 SynTP - ok
    18:52:57.0684 2612 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
    18:52:57.0700 2612 Tcpip - ok
    18:52:57.0934 2612 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
    18:52:57.0965 2612 TCPIP6 - ok
    18:52:58.0090 2612 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    18:52:58.0121 2612 tcpipreg - ok
    18:52:58.0152 2612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    18:52:58.0152 2612 TDPIPE - ok
    18:52:58.0168 2612 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    18:52:58.0168 2612 TDTCP - ok
    18:52:58.0308 2612 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    18:52:58.0308 2612 tdx - ok
    18:52:58.0371 2612 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    18:52:58.0371 2612 TermDD - ok
    18:52:58.0605 2612 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:52:58.0605 2612 tssecsrv - ok
    18:52:58.0714 2612 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    18:52:58.0714 2612 TsUsbFlt - ok
    18:52:58.0901 2612 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    18:52:58.0901 2612 tunnel - ok
    18:52:58.0917 2612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    18:52:58.0917 2612 uagp35 - ok
    18:52:58.0995 2612 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    18:52:58.0995 2612 udfs - ok
    18:52:59.0166 2612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    18:52:59.0182 2612 uliagpkx - ok
    18:52:59.0244 2612 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    18:52:59.0244 2612 umbus - ok
    18:52:59.0291 2612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    18:52:59.0291 2612 UmPass - ok
    18:52:59.0447 2612 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    18:52:59.0447 2612 USBAAPL64 - ok
    18:52:59.0572 2612 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    18:52:59.0572 2612 usbaudio - ok
    18:52:59.0697 2612 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    18:52:59.0712 2612 usbccgp - ok
    18:52:59.0759 2612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    18:52:59.0759 2612 usbcir - ok
    18:52:59.0806 2612 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    18:52:59.0806 2612 usbehci - ok
    18:52:59.0962 2612 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
    18:52:59.0962 2612 usbfilter - ok
    18:53:00.0024 2612 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    18:53:00.0040 2612 usbhub - ok
    18:53:00.0118 2612 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    18:53:00.0118 2612 usbohci - ok
    18:53:00.0180 2612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    18:53:00.0180 2612 usbprint - ok
    18:53:00.0243 2612 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:53:00.0243 2612 USBSTOR - ok
    18:53:00.0321 2612 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    18:53:00.0321 2612 usbuhci - ok
    18:53:00.0430 2612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    18:53:00.0430 2612 vdrvroot - ok
    18:53:00.0586 2612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    18:53:00.0586 2612 vga - ok
    18:53:00.0711 2612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    18:53:00.0711 2612 VgaSave - ok
    18:53:00.0789 2612 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    18:53:00.0789 2612 vhdmp - ok
    18:53:00.0820 2612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    18:53:00.0820 2612 viaide - ok
    18:53:00.0882 2612 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    18:53:00.0898 2612 volmgr - ok
    18:53:00.0976 2612 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    18:53:01.0007 2612 volmgrx - ok
    18:53:01.0054 2612 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    18:53:01.0054 2612 volsnap - ok
    18:53:01.0163 2612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    18:53:01.0163 2612 vsmraid - ok
    18:53:01.0194 2612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    18:53:01.0194 2612 vwifibus - ok
    18:53:01.0303 2612 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    18:53:01.0303 2612 vwififlt - ok
    18:53:01.0413 2612 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    18:53:01.0413 2612 vwifimp - ok
    18:53:01.0491 2612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    18:53:01.0491 2612 WacomPen - ok
    18:53:01.0615 2612 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:53:01.0615 2612 WANARP - ok
    18:53:01.0615 2612 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    18:53:01.0615 2612 Wanarpv6 - ok
    18:53:01.0740 2612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    18:53:01.0740 2612 Wd - ok
    18:53:01.0849 2612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    18:53:01.0849 2612 Wdf01000 - ok
    18:53:02.0037 2612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    18:53:02.0037 2612 WfpLwf - ok
    18:53:02.0068 2612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    18:53:02.0068 2612 WIMMount - ok
    18:53:02.0239 2612 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    18:53:02.0239 2612 WinUsb - ok
    18:53:02.0395 2612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    18:53:02.0395 2612 WmiAcpi - ok
    18:53:02.0520 2612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    18:53:02.0520 2612 ws2ifsl - ok
    18:53:02.0614 2612 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    18:53:02.0614 2612 WudfPf - ok
    18:53:02.0754 2612 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:53:02.0754 2612 WUDFRd - ok
    18:53:02.0863 2612 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    18:53:02.0863 2612 yukonw7 - ok
    18:53:02.0895 2612 MBR (0x1B8) (35a4fa451025305a24e864aaa8e364c9) \Device\Harddisk0\DR0
    18:53:02.0926 2612 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
    18:53:02.0926 2612 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
    18:53:02.0973 2612 Boot (0x1200) (83ba4602b9003ebf5da616e82bbe48d9) \Device\Harddisk0\DR0\Partition0
    18:53:02.0973 2612 \Device\Harddisk0\DR0\Partition0 - ok
    18:53:02.0988 2612 Boot (0x1200) (c0ec3ebc53bcd1e992ab97ca378c4d03) \Device\Harddisk0\DR0\Partition1
    18:53:02.0988 2612 \Device\Harddisk0\DR0\Partition1 - ok
    18:53:03.0019 2612 Boot (0x1200) (58c0e0f4d43bd167a581a56afbf1b86b) \Device\Harddisk0\DR0\Partition2
    18:53:03.0019 2612 \Device\Harddisk0\DR0\Partition2 - ok
    18:53:03.0051 2612 Boot (0x1200) (c5ff74267d9db0fbb5d7fcfded677cb3) \Device\Harddisk0\DR0\Partition3
    18:53:03.0051 2612 \Device\Harddisk0\DR0\Partition3 - ok
    18:53:03.0051 2612 ============================================================
    18:53:03.0051 2612 Scan finished
    18:53:03.0051 2612 ============================================================
    18:53:03.0066 2604 Detected object count: 1
    18:53:03.0066 2604 Actual detected object count: 1
    18:54:42.0440 2604 \Device\Harddisk0\DR0\# - copied to quarantine
    18:54:42.0440 2604 \Device\Harddisk0\DR0 - copied to quarantine
    18:54:42.0455 2604 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
    18:54:42.0455 2604 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
    18:54:42.0455 2604 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
    18:54:42.0455 2604 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
    18:54:42.0455 2604 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
    18:54:42.0471 2604 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
    18:54:42.0471 2604 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
    18:54:42.0486 2604 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    18:54:42.0486 2604 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
    18:54:42.0486 2604 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
    18:54:42.0486 2604 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Quarantine
  7. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    Malwarebytes Anti-Malware (Trial) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.15.04

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.7601.17514
    carola :: CAROLA-HP [administrator]

    Protection: Disabled

    1/15/2012 7:02:35 PM
    mbam-log-2012-01-15 (19-02-35).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 404883
    Time elapsed: 1 hour(s), 10 minute(s), 15 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 472 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\System32\config\systemprofile\AppData\Local\koc.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\koc.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Questions:
    1. Did you check the line in Superantispyware to remove the entries it finds? If you did not, please run it again with that line checked.
    2. Did you use or need my steps #7 and #8 for the display and/or Startup?
    3. Did you reboot into Normal Mode to complete the removals after Malwarebytes?
    ---------------------------------------------------------
    I had not asked you to run Combofix yet- I will do that now, but please don't go ahead with scan unless I direct you. If you get an error message trying to run something, let me know in the closest exact words you can what it says.

    I'd also like to have you run DDS. It produces 2 logs which give me a lot of information about your system.
    --------------------------------------
    Please go back to the link> http://www.techspot.com/vb/topic58138.html
    From that, download and run DDS- instructions are with link. There will be 2 logs: DDS.txt and Attach.txt. Ignore the direction for the Attach.txt log and do not zip it or attach it. Just paste it into the reply same as the DDS.txt log.

    If DDS won't download, first download this file: xp_scr_fix

    Unpack (unzip) the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say Yes.

    You should then be able to run DDS.scr. It's the .scr file extension causing the problem.
    =================================
    Then run Combofix: Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    If Combofix still won run, do this first NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    -------------------------------------
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 3 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Rkill instructions
    Once you've gotten one of them to run
    • immediately double click on friday.exe to run
    • If normal mode still doesn't work, run BOTH tools from safe mode.

    In you have done #2, please post BOTH logs, rKill and Combofix.
    =================================
    Please leave the 2 logs from DDS and the Combofix log in your next reply.
    If you still aren't able to download and run either or both, let me know what happens when you try.

    ================================
    Please advise what remains of the original problems or if anything else has started.
    ================================
    The account for Carola need to do the following:

    Reset Cookies
    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
  9. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    1. yes, i ckecked the line in superantispyware
    2. i dad to use the step for startup, but not for display, the desktop backgroung was ok
    3. i opened in safe mode perfectly and i keep getting popups from malwarebyted that say that it prevented from running a potentially malicious website
  10. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    dds

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by carola at 16:15:36 on 2012-01-17
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.185 [GMT -7:00]
    .
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\atibtmon.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\ccSvcHst.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Windows\Pixart\PAP7501\GUCI_AVS.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.DLL
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\coIEPlg.dll
    uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "C:\Users\carola\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    dPolicies-explorer: HideSCAHealth = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 8.8.8.8 192.168.1.1
    TCP: Interfaces\{8E4360F9-A43C-4887-BF5A-0626F56B95D8} : DhcpNameServer = 8.8.8.8 192.168.1.1
    TCP: Interfaces\{8E4360F9-A43C-4887-BF5A-0626F56B95D8}\34F6C6463747275616D6 : DhcpNameServer = 209.193.72.2 209.193.68.2
    TCP: Interfaces\{8E4360F9-A43C-4887-BF5A-0626F56B95D8}\75962756C6563737 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\coIEPlg.dll
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\carola\AppData\Roaming\Mozilla\Firefox\Profiles\v7m612ug.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\carola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
    R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2011-12-25 476792]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2011-12-25 953904]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 GUCI_AVS;USB2.0 UVC VGA;C:\Windows\system32\DRIVERS\GUCI_AVS.sys --> C:\Windows\system32\DRIVERS\GUCI_AVS.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-17 20:31:38 -------- d-----w- C:\Users\carola\AppData\Local\{B400FA60-4322-4272-BECB-0C0600FB5B6A}
    2012-01-17 20:31:23 -------- d-----w- C:\Users\carola\AppData\Local\{A7495F4C-6D1C-40CE-A18A-E68D530B515C}
    2012-01-16 03:37:03 -------- d-----w- C:\Program Files\ESET
    2012-01-16 01:54:42 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-16 01:17:35 -------- d-----w- C:\Users\carola\AppData\Local\{8B7ACAF1-C6F0-4323-9686-0D2B2058C8F0}
    2012-01-16 01:17:03 -------- d-----w- C:\Users\carola\AppData\Local\{5026E8A9-4298-40F0-87D5-E76AB84443AA}
    2012-01-15 23:20:59 98816 ----a-w- C:\Windows\sed.exe
    2012-01-15 23:20:59 518144 ----a-w- C:\Windows\SWREG.exe
    2012-01-15 23:20:59 256000 ----a-w- C:\Windows\PEV.exe
    2012-01-15 23:20:59 208896 ----a-w- C:\Windows\MBR.exe
    2012-01-15 23:20:50 -------- d-s---w- C:\ComboFix
    2012-01-15 07:24:14 -------- d-----w- C:\c71e73f7b7d6ba42a12f2c144afec1c8
    2012-01-15 07:24:13 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
    2012-01-15 07:24:09 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-01-15 07:24:09 -------- d-----w- C:\706e60b64f45531212
    2012-01-15 07:24:08 -------- d-----w- C:\Users\carola\AppData\Roaming\PC Tools
    2012-01-15 07:24:08 -------- d-----w- C:\Program Files (x86)\Spyware Doctor
    2012-01-15 07:21:00 -------- d-----w- C:\Users\carola\AppData\Roaming\GetRightToGo
    2012-01-15 07:20:00 -------- d-----w- C:\Windows\System32\MpEngineStore
    2012-01-15 07:19:10 -------- d-----w- C:\80edefced2acfb6dd6
    2012-01-15 06:28:06 -------- d-----w- C:\Windows\pss
    2012-01-15 05:34:17 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
    2012-01-15 02:14:44 -------- d-----w- C:\Users\carola\AppData\Local\{0C8DC15C-6BF6-4E2D-AF41-DEFC880DF18F}
    2012-01-15 02:14:28 -------- d-----w- C:\Users\carola\AppData\Local\{C4339ADA-3850-4077-B63C-9CF94493121E}
    2012-01-12 23:40:37 -------- d-----w- C:\Users\carola\AppData\Local\{4E08B0E7-3AA3-409F-8781-EF092559F4F6}
    2012-01-12 23:40:10 -------- d-----w- C:\Users\carola\AppData\Local\{A0EB39F0-E0E2-47D7-B682-12397182760A}
    2012-01-12 00:03:13 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-12 00:03:13 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-12 00:03:13 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-12 00:03:12 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-12 00:00:20 1731920 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-12 00:00:20 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-12 00:00:16 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-12 00:00:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-11 23:26:20 -------- d-----w- C:\Users\carola\AppData\Local\{14F20554-0574-4961-8F49-7A07BD791CD5}
    2012-01-11 23:25:47 -------- d-----w- C:\Users\carola\AppData\Local\{6FDA90F9-6640-48ED-AE71-9EBD3B0CBECF}
    2012-01-11 23:21:55 -------- d-----w- C:\Users\carola\AppData\Local\{782FB899-EE0E-4BD5-999C-9ED7943FEA9D}
    2012-01-11 23:16:06 20480 ------w- C:\Windows\svchost.exe
    2012-01-08 20:43:40 -------- d-----w- C:\Users\carola\AppData\Local\{C260B4A9-3DE1-4F2D-9442-C8DAF353AD06}
    2012-01-08 20:43:09 -------- d-----w- C:\Users\carola\AppData\Local\{57F04F17-64F0-43D6-AA94-B1ECA8EF51FE}
    2012-01-07 06:06:12 -------- d-----w- C:\Users\carola\AppData\Local\{695B01BD-9E8E-4094-AE57-4CBAB560CD87}
    2012-01-07 06:05:53 -------- d-----w- C:\Users\carola\AppData\Local\{495A607B-E302-4E2D-B812-13FB7F584816}
    2012-01-05 06:22:12 -------- d-----w- C:\Users\carola\AppData\Local\{D64A50D3-96EA-47C3-A4EF-5548FA62D30A}
    2012-01-05 06:21:52 -------- d-----w- C:\Users\carola\AppData\Local\{211E186A-A034-4905-A7F9-130BCC3614B5}
    2012-01-05 06:12:32 -------- d-----w- C:\Users\carola\AppData\Local\{5BB4AD45-4071-4856-A6F6-52C6446C1A97}
    2012-01-05 05:58:31 -------- d-----w- C:\Users\carola\AppData\Local\{B663458D-4B72-4A5C-86BA-491703AAF643}
    2011-12-29 21:25:44 -------- d-----w- C:\Users\carola\AppData\Local\{B401817A-D4D4-44E1-B2F1-1B154724E70B}
    2011-12-29 21:25:23 -------- d-----w- C:\Users\carola\AppData\Local\{DF8FF1A0-7FF4-4EC4-A68F-680BA3295C72}
    2011-12-29 01:44:11 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2011-12-29 00:45:58 -------- d-----w- C:\Users\carola\AppData\Local\{EFBBC2D3-ACE0-4677-A4AF-B5D9BF432596}
    2011-12-29 00:45:24 -------- d-----w- C:\Users\carola\AppData\Local\{DB3F39C0-1A24-4EF9-A5C1-5535D421AE31}
    2011-12-27 19:02:18 -------- d-----w- C:\Users\carola\AppData\Local\{E9F62524-59CC-4D62-B848-04BA12D63D2F}
    2011-12-27 19:02:05 -------- d-----w- C:\Users\carola\AppData\Local\{0ABC0DC6-2484-40BF-9D57-1125B86542A4}
    2011-12-27 06:10:21 -------- d-----w- C:\Users\carola\AppData\Local\{6B830823-D0FE-4915-BA69-998FB02C42F1}
    2011-12-27 06:09:37 -------- d-----w- C:\Users\carola\AppData\Local\{9AC611D5-C18E-45F6-A248-996D75694435}
    2011-12-27 05:56:15 -------- d-----w- C:\Users\carola\AppData\Local\{D238D3E9-4587-43DD-88A1-B7528ADBB975}
    2011-12-25 22:26:13 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-12-25 22:26:02 174640 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-12-25 22:26:02 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-12-25 22:23:58 802864 ----a-r- C:\Windows\System32\drivers\N360x64\0500000.07D\SymEFA64.sys
    2011-12-25 22:23:58 450608 ----a-r- C:\Windows\System32\drivers\N360x64\0500000.07D\SymDS64.sys
    2011-12-25 22:23:58 382072 ----a-r- C:\Windows\System32\drivers\N360x64\0500000.07D\symnets.sys
    2011-12-25 22:23:57 735864 ----a-r- C:\Windows\System32\drivers\N360x64\0500000.07D\srtsp64.sys
    2011-12-25 22:23:57 40568 ----a-r- C:\Windows\System32\drivers\N360x64\0500000.07D\srtspx64.sys
    2011-12-25 22:23:57 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0500000.07D\Ironx64.sys
    2011-12-25 22:22:24 -------- d-----w- C:\Windows\System32\drivers\N360x64\0500000.07D
    2011-12-25 22:22:24 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2011-12-25 21:15:27 -------- d-----w- C:\Users\carola\AppData\Local\{FD4C44A9-50BE-4B47-A2B9-65B33161BE72}
    2011-12-25 21:15:10 -------- d-----w- C:\Users\carola\AppData\Local\{86C071FB-8C7A-4FB5-8D3F-43A870454EA8}
    2011-12-25 20:37:00 -------- d-----w- C:\Users\carola\AppData\Local\{C66BA670-25B5-43E6-9D16-EA435AB5A9D6}
    2011-12-25 20:20:54 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-12-25 20:12:54 -------- d-----w- C:\Program Files (x86)\PC Tools Security
    2011-12-25 05:04:20 -------- d-----w- C:\Program Files (x86)\PC Tools
    2011-12-25 05:00:43 -------- d-----w- C:\Users\carola\AppData\Roaming\TestApp
    2011-12-25 04:52:15 -------- d-----w- C:\ProgramData\PC Tools
    2011-12-25 03:56:30 -------- d-----w- C:\Program Files (x86)\Loaris
    2011-12-25 01:34:11 -------- d-----w- C:\Program Files\Symantec
    2011-12-25 01:33:07 -------- d-----w- C:\Program Files (x86)\Norton 360
    2011-12-25 01:30:24 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-12-25 00:58:11 -------- d-----w- C:\Users\carola\AppData\Local\{546973DC-778F-4B31-9080-1819AC360AA0}
    2011-12-25 00:57:49 -------- d-----w- C:\Users\carola\AppData\Local\{80E94AE1-7045-4C69-B40B-7EC6146C3B6C}
    2011-12-24 05:52:39 -------- d-----w- C:\Users\carola\AppData\Local\{3811A094-FD86-44B4-A0BE-0BD24D32351D}
    2011-12-22 23:44:20 -------- d-----w- C:\Users\carola\AppData\Local\{308E598A-9D0A-4515-B1A5-178D28978452}
    2011-12-22 23:43:52 -------- d-----w- C:\Users\carola\AppData\Local\{35D0FCC9-A3DE-4193-AD6F-2A94D1DCE893}
    2011-12-21 22:42:51 -------- d-----w- C:\Users\carola\AppData\Local\{7C27AC7E-3944-4727-B82E-6AE5BA4595E0}
    2011-12-21 22:42:37 -------- d-----w- C:\Users\carola\AppData\Local\{76F9D8C0-4BF4-43E0-8F86-DA0688338C37}
    2011-12-20 19:26:55 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0FAF3B30-D91B-47B1-B792-B3BA7E863848}\mpengine.dll
    2011-12-20 19:18:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-20 19:18:10 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-20 19:00:23 -------- d-----w- C:\Users\carola\AppData\Local\{6AE7B22A-35E4-4197-AE92-BD7BA7E4A534}
    2011-12-20 19:00:06 -------- d-----w- C:\Users\carola\AppData\Local\{F21A0038-21D4-4FA4-8226-44B97722046D}
    .
    ==================== Find3M ====================
    .
    2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
    2011-11-28 17:54:44 140120 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-11-28 17:53:28 258392 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-15 21:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    .
    ============= FINISH: 16:21:37.36 ===============
  11. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/26/2011 11:23:42 PM
    System Uptime: 1/17/2012 3:54:26 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1604
    Processor: AMD V140 Processor | Socket S1G4 | 782/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 281 GiB total, 185.113 GiB free.
    D: is FIXED (NTFS) - 17 GiB total, 2.494 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: BHDrvx64
    Device ID: ROOT\LEGACY_BHDRVX64\0000
    Manufacturer:
    Name: BHDrvx64
    PNP Device ID: ROOT\LEGACY_BHDRVX64\0000
    Service: BHDrvx64
    .
    ==== System Restore Points ===================
    .
    RP149: 12/22/2011 4:47:20 PM - Windows Update
    RP150: 12/24/2011 6:02:32 PM - Restore Operation
    RP151: 12/25/2011 3:30:52 PM - avast! Internet Security Setup
    RP152: 1/11/2012 4:54:57 PM - HPSF Restore Point
    RP153: 1/12/2012 4:46:58 PM - Windows Update
    RP154: 1/14/2012 8:11:03 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.5
    AMD USB Filter Driver
    Apple Application Support
    Apple Software Update
    ArcSoft MediaImpression
    Atheros Driver Installation Program
    avast! Internet Security
    Bejeweled 2 Deluxe
    Bing Bar
    BlackBerry Desktop Software 6.0.1
    BlackBerry Device Software Updater
    Blackhawk Striker 2
    BS.Player FREE
    Build-a-lot 2
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Chuzzle Deluxe
    CinemaNow Media Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Click to Call with Skype
    Control ActiveX de Windows Live Mesh para conexiones remotas
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink YouCam
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    FATE
    Final Drive Nitro
    Galería fotográfica de Windows Live
    Google Chrome
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Advisor
    HP Customer Experience Enhancements
    HP Documentation
    HP Game Console
    HP Games
    HP MediaSmart CinemaNow 2.0
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Support Assistant
    Java Auto Updater
    Java(TM) 6 Update 20
    Jewel Quest 3
    Jewel Quest Solitaire 2
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.60.0.1800
    Mesh Runtime
    Messenger Companion
    Microsoft Default Manager
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 5.0 (x86 en-US)
    MP3 Cutter 1.8
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyLife Notebook Webcam
    Norton 360
    Penguins!
    PhotoNow!
    Plants vs. Zombies
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Recovery Manager
    Roxio CinemaNow 2.0
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Skype™ 5.5
    The Weather Channel Toolbar
    Trojan Killer 2.1
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    Virtual Families
    Virtual Villagers - The Secret City
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR 4.00 (32-bit)
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/17/2012 3:59:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx BHDrvx64
    1/17/2012 3:59:18 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
    1/17/2012 1:19:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
    1/17/2012 1:19:24 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/17/2012 1:19:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    1/15/2012 8:18:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    1/15/2012 8:15:01 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/15/2012 6:42:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/15/2012 6:42:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/15/2012 6:42:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/15/2012 6:42:11 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    1/15/2012 6:42:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/15/2012 6:41:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi BHDrvx64 discache IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SymNetS Wanarpv6
    1/15/2012 4:27:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800024b6f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011512-24195-01.
    1/15/2012 4:21:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    1/15/2012 11:56:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi BHDrvx64 discache IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    1/15/2012 11:21:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/15/2012 11:21:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/15/2012 11:21:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/15/2012 11:18:11 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW aswRdr aswSnx aswSP aswTdi BHDrvx64 DfsC discache IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 11:18:10 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/14/2012 8:05:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.
    1/14/2012 8:05:58 PM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2012 8:05:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
    1/14/2012 8:05:28 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2012 11:36:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/14/2012 11:28:30 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    1/14/2012 11:24:51 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
    1/14/2012 11:20:01 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
    1/14/2012 11:20:00 PM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/14/2012 11:20:00 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
    1/14/2012 11:20:00 PM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
    1/14/2012 11:20:00 PM, Error: Service Control Manager [7000] - The Office Software Protection Platform service failed to start due to the following error: The pipe has been ended.
    1/14/2012 11:20:00 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: A system shutdown is in progress.
    1/14/2012 11:20:00 PM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
    1/14/2012 11:17:55 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    1/14/2012 10:10:36 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/14/2012 10:06:53 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    1/14/2012 10:06:53 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2012 10:06:08 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    1/14/2012 10:06:08 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/14/2012 10:06:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    1/13/2012 12:11:19 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RtVOsdService service.
    1/12/2012 5:00:31 PM, Error: Service Control Manager [7031] - The Norton 360 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    .
    ==== End Of File ===========================
  12. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    when i try running combofix i get a blue screen "blue screen of death", its really fast and i cant read any details,
    everything seems to be working just fine

    question: this is the second time i get malware on my computer in the last month, what antivirus/antimalware do u recommend? thank u
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    One reason for this is because you are running 2 antivirus programs: Norton 360 and Avast. Muiltiple AV programs actually make a system more vulnerable, not less. You can observe one conflict here from Errors in the Event Viewer:
    So here are 2 AV programs trying to do the same job and neither one is working.
    Please choose which you want to keep and uninstall the other. Reboot the computer when finished.
    ----------------------------------
    I see 2 antimalware programs, both offer free trial, then pay. These trials are usually not fully functional:
    1. I see is Trojan Killer. Price: Free to try (15-day/2-malware item removing trial); $39.99 to buy. If you are still in the Trial and haven't paid yet- don't purchase this program.
    2. And Loaris Trojan Remover with the same type of Price: Free to try (Removal and updates limitation); $35.00 to buy. Also, if this is still trial, don't purchase it.
    I can give you better suggestions and they will be free- and good.
    When we finish, I will give you a list of security programs and links.
    ===========================================
    I'd like you do this for me please: The current Malwarebytes download site is putting a box on the screen offering you a free trial. There is a choice to click on Accept or Decline. You clicked on Accept, as you got Malwarebytes Anti-Malware (Trial) 1.60.0.1800)

    There' is nothing wrong with this, but for our purposes here, it is better to run just the free version, not the trial as it has additional features that tend to confuse the issue. Please uninstall the Malwarebytes you have now. Uninstall the program, then use Windows Explorer> Computer> Local Drive (C)> Programs> Find the Malwarebytes folder and do a right click> Delete.

    Now go back to the same link, but when the box displays over the scan screen, click on Decline the go ahead with the free download and run a new Full Scan. Run Mbam in Normal Mode and be sure to reboot when finished to complete the removals if any entries are found. Paste the results in the next reply. It should not show 'trial' at the top of the log and I don't think you'll get popups about it blocking a site.
    ======================================
    It appears that some or your Services are not set correctly so let's check that:
    Please download Farbar Service Scanner
    • Check Include all files option
    • Press the Scan button
    • Log named FSS.txt will be created in the same directory as the tool
    • Please paste the log into your next reply
    =================================
    Please run this Security Check:
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    ============================================
    I will give you some security tips when we finish. These rogue programs are hitting a lot of people now. Some of the things that can make a system more vulnerable is out dated program such as Java and Adobe reader. Sounds simple, doesn't it?

    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system. you have Java v6u20 which is 10 updates behind the current version.
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

    This means the system most likely will have malware in the Java cache, so it needs to be emptied:
    This should help with clearing the Java cache:
    1. Click Start, and then click Control Panel.
    [​IMG]
    2. Click Programs, and then click the Java icon.
    [​IMG]
    If you are using Windows 7 and your View by is set to either Large icons or Small icons, then click the Java icon.
    [​IMG]
    ------------------>[​IMG]
    3. Click the General tab> Temporary Internet Files section> click Settings.
    4. Click Delete Files.
    5. In the Delete Temporary Files window, select all the check boxes, and then click OK.
    6. Click OK to close the Temporary Files Settings window.
    7. Click OK to close the Java Control Panel window.
    Images courtesy AOL Help
    ===================================================
    Did you go through these directions in my Reply #8 "If Combofix still won run, do this first NOTE: If, for some reason, Combofix refuses to run, try one of the following:"
    You should uninstall what you have now, and follow the steps I set up.
    ===================================
    Please include the logs for New Mbam log, FSS.txt for Services, , Security Check and any for the attempt to run Combofix. The uninstall instruction is in the original post to run Combofix.
     
  14. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.20.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    carola :: CAROLA-HP [administrator]

    1/20/2012 12:30:55 PM
    mbam-log-2012-01-20 (12-30-55).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 413153
    Time elapsed: 2 hour(s), 52 minute(s), 25 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3112 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\Temp\2.352330530247133E8.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
  15. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by carola (administrator) on 20-01-2012 at 15:37:35
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Attempt to access Google IP returned error: Google IP is offline
    Yahoo IP is accessible.


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  16. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by carola (administrator) on 20-01-2012 at 15:38:43
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  17. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    Results of screen317's Security Check version 0.99.30
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 20
    Java version out of date!
    Adobe Flash Player 10.3.181.26 Flash Player out of Date!
    Adobe Reader X 10.1.0 Adobe Reader out of Date!
    Mozilla Firefox 5.0. Firefox out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
  18. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/20/2012 at 23:34:06.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    \\.\globalroot\systemroot\svchost.exe
    \\.\globalroot\systemroot\svchost.exe
    \\.\globalroot\systemroot\svchost.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\carola\AppData\Local\Google\Chrome\Application\chrome.exe


    Rkill completed on 01/20/2012 at 23:34:29.
  19. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    exeHelper by Raktor
    Build 20100414
    Run at 23:35:31 on 01/20/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Have you tried to run Combofix again? If not, please do it. (#8)
    NOTE: If, for some reason, Combofix refuses to run, try one of the following:
    1. Run Combofix from Safe Mode.
    2. Delete Combofix file, download fresh one, but rename combofix.exe to
    friday.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    -------------------------------------
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 3 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
    • Rkill.com
    • Rkill.scr
    • Rkill.exe
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run then try to immediately run the following>>>>.

    Please download exeHelper by Raktor and save it to your desktop.
    • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
    • A black window should pop up, press any key to close once the fix is completed.
    • A log file called exehelperlog.txt will be created and should open at the end of the scan)
    • A copy of that log will also be saved in the directory where you ran exeHelper.com
    • Copy and paste the contents of exehelperlog.txt in your next reply.

    Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

    Rkill instructions
    Once you've gotten one of them to run
    • immediately double click on friday.exe to run
    • If normal mode still doesn't work, run BOTH tools from safe mode.

    In you have done #2, please post BOTH logs, rKill and Combofix.
    ===================================
    Note:Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..

    You had 2 antivirus programs, now you have none!
    Security Check:
    Antivirus/Firewall Check:
    Windows Firewall Disabled!
    No AV showing. Please add one of the following:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast-Free Antivirus
    Although you have to disable the security to run some of the scans, you should still have an antivirus program on the system.
    ---------------------------------
    There are multiple outdated programs on the system, all of which are vulnerabilities:
    Anti-malware/Other Utilities Check:
    1. Java(TM) 6 Update 20> Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    2. Adobe Flash Player 10.3.181.26. Please update Flash Player
    3. Adobe Reader X 10.1.0 > I think this is current, but check Adobe Reader site and see if there is an update. Uninstall any earlier updates as they are vulnerabilities.
    4. Mozilla Firefox 5.0.> Update to current version.
    =============================
    There is one Service you need to Reset:
    Click on Start> Run> type in services.msc> Enter>. Double click on Volume Shadow Copy (VSS) to open> Set Startup type to Manual> Click to Start the Service.

    Check the following Services and make sure they are running:
    Remote Procedure Call (RPC)
    DCOM Server Process Launcher
    RPC Endpoint Mapper
    VSS depends on these Services in order for it to run.
    =============================
    Please let me know what problems have been resolved so far. If we can get Combofix to run, it should remove any additional bad entries.
  21. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    after i run combofix windows wouldn't start and i had to restore everything to an earlier point, so i;m going to tun everything again.
    im using eset antivirus
    already updated javi, adobe and firefox

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/21/2012 at 17:36:13.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    \\.\globalroot\systemroot\svchost.exe
    \\.\globalroot\systemroot\svchost.exe
    C:\Windows\SysWOW64\grpconv.exe


    Rkill completed on 01/21/2012 at 17:38:59.
  22. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    exeHelper by Raktor
    Build 20100414
    Run at 17:40:47 on 01/21/12
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--
  23. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    finally!
    ComboFix 12-01-21.02 - carola 01/21/2012 17:44:56.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.516 [GMT -7:00]
    Running from: c:\users\carola\Desktop\friday.exe.exe
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\Install.exe
    c:\windows\svchost.exe
    .
    ---- Previous Run -------
    .
    C:\install.exe
    c:\programdata\~KA9sCFN44BQ3m6
    c:\programdata\~KA9sCFN44BQ3m6r
    c:\programdata\KA9sCFN44BQ3m6
    c:\users\carola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\carola\AppData\Roaming\Mozilla\Firefox\Profiles\v7m612ug.default\extensions\{978ff0c1-3c38-4316-ae72-f40c6523c40d}
    c:\users\carola\AppData\Roaming\Mozilla\Firefox\Profiles\v7m612ug.default\extensions\{978ff0c1-3c38-4316-ae72-f40c6523c40d}\chrome\xulcache.jar
    c:\users\carola\AppData\Roaming\Mozilla\Firefox\Profiles\v7m612ug.default\extensions\{978ff0c1-3c38-4316-ae72-f40c6523c40d}\defaults\preferences\xulcache.js
    c:\users\carola\AppData\Roaming\Mozilla\Firefox\Profiles\v7m612ug.default\extensions\{978ff0c1-3c38-4316-ae72-f40c6523c40d}\install.rdf
    c:\windows\svchost.exe
    c:\windows\system32\java.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-22 to 2012-01-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-22 00:58 . 2012-01-22 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-16 03:37 . 2012-01-16 03:37 -------- d-----w- c:\program files\ESET
    2012-01-16 01:54 . 2012-01-16 01:54 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-15 07:24 . 2012-01-15 07:24 -------- d-----w- C:\c71e73f7b7d6ba42a12f2c144afec1c8
    2012-01-15 07:24 . 2010-02-05 16:25 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
    2012-01-15 07:24 . 2012-01-15 07:24 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-01-15 07:24 . 2012-01-15 07:24 -------- d-----w- C:\706e60b64f45531212
    2012-01-15 07:24 . 2012-01-21 08:11 -------- d-----w- c:\program files (x86)\Spyware Doctor
    2012-01-15 07:24 . 2012-01-15 07:24 -------- d-----w- c:\users\carola\AppData\Roaming\PC Tools
    2012-01-15 07:21 . 2012-01-15 18:22 -------- d-----w- c:\users\carola\AppData\Roaming\GetRightToGo
    2012-01-15 07:20 . 2012-01-15 07:20 -------- d-----w- c:\windows\system32\MpEngineStore
    2012-01-15 07:19 . 2012-01-15 07:19 -------- d-----w- C:\80edefced2acfb6dd6
    2012-01-12 00:03 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-01-12 00:03 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-01-12 00:03 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-01-12 00:03 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-12 00:00 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-12 00:00 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-12 00:00 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-12 00:00 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-11 23:16 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe
    2011-12-29 01:44 . 2011-12-29 01:44 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2011-12-25 22:26 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-12-25 22:26 . 2012-01-21 08:11 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-12-25 22:26 . 2011-12-25 22:26 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-12-25 22:22 . 2012-01-12 00:13 -------- d-----w- c:\windows\system32\drivers\N360x64
    2011-12-25 20:12 . 2012-01-15 04:57 -------- d-----w- c:\program files (x86)\PC Tools Security
    2011-12-25 05:04 . 2011-12-25 05:04 -------- d-----w- c:\program files (x86)\PC Tools
    2011-12-25 05:00 . 2011-12-25 05:00 -------- d-----w- c:\users\carola\AppData\Roaming\TestApp
    2011-12-25 04:52 . 2011-12-25 05:04 -------- d-----w- c:\programdata\PC Tools
    2011-12-25 01:33 . 2012-01-21 08:11 -------- d-----w- c:\program files (x86)\Norton 360
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-30 09:21 . 2011-12-20 19:26 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FAF3B30-D91B-47B1-B792-B3BA7E863848}\mpengine.dll
    2011-11-28 18:01 . 2011-06-05 15:23 256960 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-24 04:52 . 2011-12-18 06:41 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 21:29 . 2011-03-28 18:30 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-05 05:41 . 2011-12-18 06:41 1188864 ----a-w- c:\windows\system32\wininet.dll
    2011-11-05 05:32 . 2011-12-20 19:18 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 04:35 . 2011-12-18 06:41 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-11-05 04:26 . 2011-12-20 19:18 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-11-05 03:32 . 2011-12-18 06:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-05 02:48 . 2011-12-18 06:41 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-10-26 05:21 . 2011-12-18 06:42 43520 ----a-w- c:\windows\system32\csrsrv.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 5486464]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "HideSCAHealth"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0500000.07D\Ironx64.SYS [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 GUCI_AVS;USB2.0 UVC VGA;c:\windows\system32\DRIVERS\GUCI_AVS.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0500000.07D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0500000.07D\SYMEFA64.SYS [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [2010-11-11 476792]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\0500000.07D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 N360;Norton 360;c:\program files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\ccSvcHst.exe [2010-11-24 130000]
    S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-05-19 18:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4089670730-1492970157-2874192432-1000Core.job
    - c:\users\carola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 02:12]
    .
    2012-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4089670730-1492970157-2874192432-1000UA.job
    - c:\users\carola\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-15 02:12]
    .
    2011-12-20 c:\windows\Tasks\HPCeeScheduleForcarola.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-03-06 6489704]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
    "PAP7501_Monitor"="c:\windows\Pixart\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 8.8.8.8 192.168.1.1
    FF - ProfilePath - c:\users\carola\AppData\Roaming\Mozilla\Firefox\Profiles\v7m612ug.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Norton 360\Engine\5.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atibtmon.exe
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\\.\globalroot\systemroot\svchost.exe
    c:\\.\globalroot\systemroot\svchost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-21 18:15:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-22 01:15
    .
    Pre-Run: 216,008,048,640 bytes free
    Post-Run: 215,756,255,232 bytes free
    .
    - - End Of File - - 0B1CD9EA52FF22A13CC5A26BB3BB8D12
  24. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    all of the services are running
  25. carola89

    carola89 Newcomer, in training Topic Starter Posts: 22

    some items on my start menu are still empty, i have the folders but theres nothing on them, i'll send a picture of what i say

    Attached Files:

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.