Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

How to deal with malware infected files

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: How to deal with malware infected files

Unread postby nunped » February 3rd, 2013, 7:29 am

Hi constantin,

Upload File/Files for testing

Please go to Virustotal or jotti.org

Copy/paste these files, one at a time, into the white box at the top:
C:\Documents and Settings\Tinel\Desktop\DEPAN. PC-IAN.2013\hwmonitor_1.21-setup.exe
C:\Program Files\WebSite X5 v9 - Compact\imRegister.exe
D:\INSTALLERS\INSTALLERS\cbsi-3_2_5_41-10703122.exe
D:\INSTALLERS\INSTALLERS\FreeStudio(1).exe
D:\INSTALLERS.1\FreeImageConvertAndResize.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalinks (web addresses) in your next response.
Example of web address :
Image
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Re: How to deal with malware infected files

Unread postby constantin » February 3rd, 2013, 6:42 pm

Hi,

Results from VirusTotal :

https://www.virustotal.com/file/4790142 ... 359926544/

https://www.virustotal.com/file/604ea9f ... 359927315/

https://www.virustotal.com/file/4abe18f ... 359927442/

https://www.virustotal.com/file/50dc565 ... 359927674/

NOTE: File D:\INSTALLERS\INSTALLERS\FreeStudio(1).exe is to large (exceeds 32 MB allowed by VirusTotal).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Results from Jotti :

http://virusscan.jotti.org/en/scanresul ... b1c2b16d99

http://virusscan.jotti.org/en/scanresul ... 8ae712f91a

http://virusscan.jotti.org/en/scanresul ... b9e4b29895

http://virusscan.jotti.org/en/scanresul ... a6aa489bf4

NOTE : Again uploading file D:\INSTALLERS\INSTALLERS\FreeStudio(1).exe has been rejected by program.
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » February 4th, 2013, 11:56 am

Hi constantin,

TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com). If you don't see file extensions, please see: How to change the file extension.
  • Click the Start Scan button. Do not use the computer during the scan!
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure SKIP is selected... DO NOT attempt to FIX anything yet!
    • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » February 4th, 2013, 2:07 pm

Hi,
Scan with TDSSKiller.exe done !
No object found.
Here is the report :

19:45:01.0968 0356 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:45:02.0203 0356 ============================================================
19:45:02.0203 0356 Current date / time: 2013/02/04 19:45:02.0203
19:45:02.0203 0356 SystemInfo:
19:45:02.0203 0356
19:45:02.0203 0356 OS Version: 5.1.2600 ServicePack: 3.0
19:45:02.0203 0356 Product type: Workstation
19:45:02.0203 0356 ComputerName: TINEL-UCJA9IB1F
19:45:02.0203 0356 UserName: Tinel
19:45:02.0203 0356 Windows directory: C:\WINDOWS
19:45:02.0203 0356 System windows directory: C:\WINDOWS
19:45:02.0203 0356 Processor architecture: Intel x86
19:45:02.0203 0356 Number of processors: 1
19:45:02.0203 0356 Page size: 0x1000
19:45:02.0203 0356 Boot type: Safe boot with network
19:45:02.0203 0356 ============================================================
19:45:04.0593 0356 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
19:45:04.0593 0356 ============================================================
19:45:04.0593 0356 \Device\Harddisk0\DR0:
19:45:04.0593 0356 MBR partitions:
19:45:04.0593 0356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x445CF11
19:45:04.0609 0356 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x445CF8F, BlocksNum 0x75EFFF1
19:45:04.0609 0356 ============================================================
19:45:04.0656 0356 C: <-> \Device\Harddisk0\DR0\Partition1
19:45:04.0687 0356 D: <-> \Device\Harddisk0\DR0\Partition2
19:45:04.0765 0356 ============================================================
19:45:04.0765 0356 Initialize success
19:45:04.0765 0356 ============================================================
19:45:40.0937 1276 ============================================================
19:45:40.0937 1276 Scan started
19:45:40.0937 1276 Mode: Manual;
19:45:40.0937 1276 ============================================================
19:45:41.0906 1276 ================ Scan system memory ========================
19:45:41.0921 1276 System memory - ok
19:45:41.0937 1276 ================ Scan services =============================
19:45:42.0093 1276 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
19:45:42.0125 1276 !SASCORE - ok
19:45:42.0375 1276 Abiosdsk - ok
19:45:42.0437 1276 abp480n5 - ok
19:45:42.0625 1276 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:45:42.0671 1276 ACPI - ok
19:45:42.0750 1276 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:45:42.0750 1276 ACPIEC - ok
19:45:42.0968 1276 [ 4A00E527BB34FCA0E458DB1089F97B3B ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
19:45:43.0109 1276 AcrSch2Svc - ok
19:45:43.0265 1276 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:45:43.0359 1276 AdobeFlashPlayerUpdateSvc - ok
19:45:43.0421 1276 adpu160m - ok
19:45:43.0546 1276 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:45:43.0593 1276 aec - ok
19:45:43.0671 1276 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:45:43.0718 1276 AFD - ok
19:45:43.0781 1276 [ 6725ED93135E6477E80EF3F72B79CEA9 ] AFPAnsi C:\WINDOWS\system32\Drivers\AFPAnsi.sys
19:45:43.0796 1276 AFPAnsi - ok
19:45:43.0828 1276 Aha154x - ok
19:45:43.0890 1276 aic78u2 - ok
19:45:43.0921 1276 aic78xx - ok
19:45:44.0015 1276 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:45:44.0015 1276 Alerter - ok
19:45:44.0062 1276 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:45:44.0078 1276 ALG - ok
19:45:44.0125 1276 AliIde - ok
19:45:44.0234 1276 ALSysIO - ok
19:45:44.0265 1276 amsint - ok
19:45:44.0328 1276 AppMgmt - ok
19:45:44.0421 1276 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:45:44.0437 1276 Arp1394 - ok
19:45:44.0468 1276 asc - ok
19:45:44.0531 1276 asc3350p - ok
19:45:44.0593 1276 asc3550 - ok
19:45:44.0796 1276 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:45:44.0812 1276 aspnet_state - ok
19:45:44.0890 1276 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:45:44.0890 1276 AsyncMac - ok
19:45:44.0968 1276 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:45:44.0984 1276 atapi - ok
19:45:45.0031 1276 Atdisk - ok
19:45:45.0125 1276 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:45:45.0140 1276 Atmarpc - ok
19:45:45.0218 1276 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:45:45.0218 1276 AudioSrv - ok
19:45:45.0281 1276 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:45:45.0281 1276 audstub - ok
19:45:45.0359 1276 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:45:45.0375 1276 Beep - ok
19:45:45.0765 1276 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130111.001\BHDrvx86.sys
19:45:46.0093 1276 BHDrvx86 - ok
19:45:46.0281 1276 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:45:46.0437 1276 BITS - ok
19:45:46.0546 1276 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:45:46.0562 1276 Browser - ok
19:45:46.0687 1276 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
19:45:46.0703 1276 BthEnum - ok
19:45:46.0781 1276 [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM C:\WINDOWS\system32\DRIVERS\bthmodem.sys
19:45:46.0781 1276 BTHMODEM - ok
19:45:46.0937 1276 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
19:45:47.0000 1276 BthPan - ok
19:45:47.0203 1276 [ 662BFD909447DD9CC15B1A1C366583B4 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
19:45:47.0281 1276 BTHPORT - ok
19:45:47.0437 1276 [ F4C43C66471B87996D95DB7A3A664A37 ] BthServ C:\WINDOWS\System32\bthserv.dll
19:45:47.0468 1276 BthServ - ok
19:45:47.0562 1276 [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
19:45:47.0578 1276 BTHUSB - ok
19:45:47.0656 1276 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:45:47.0671 1276 cbidf2k - ok
19:45:47.0718 1276 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:45:47.0734 1276 CCDECODE - ok
19:45:47.0859 1276 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NAV C:\WINDOWS\system32\drivers\NAV\1309000.009\ccSetx86.sys
19:45:47.0890 1276 ccSet_NAV - ok
19:45:48.0000 1276 cd20xrnt - ok
19:45:48.0078 1276 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:45:48.0078 1276 Cdaudio - ok
19:45:48.0140 1276 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:45:48.0171 1276 Cdfs - ok
19:45:48.0234 1276 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:45:48.0250 1276 Cdrom - ok
19:45:48.0296 1276 Changer - ok
19:45:48.0359 1276 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:45:48.0359 1276 CiSvc - ok
19:45:48.0421 1276 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:45:48.0437 1276 ClipSrv - ok
19:45:48.0609 1276 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:45:48.0625 1276 clr_optimization_v2.0.50727_32 - ok
19:45:48.0734 1276 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:45:48.0781 1276 clr_optimization_v4.0.30319_32 - ok
19:45:48.0875 1276 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:45:48.0875 1276 CmBatt - ok
19:45:48.0906 1276 CmdIde - ok
19:45:48.0984 1276 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:45:48.0984 1276 Compbatt - ok
19:45:49.0031 1276 COMSysApp - ok
19:45:49.0125 1276 Cpqarray - ok
19:45:49.0171 1276 cpudrv - ok
19:45:49.0265 1276 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:45:49.0281 1276 CryptSvc - ok
19:45:49.0328 1276 dac2w2k - ok
19:45:49.0375 1276 dac960nt - ok
19:45:49.0484 1276 [ 1813ECF21A11A4A8FE59C3A0F7975753 ] DCamUSBEMPIA C:\WINDOWS\system32\DRIVERS\emDevice.sys
19:45:49.0515 1276 DCamUSBEMPIA - ok
19:45:49.0703 1276 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:45:49.0812 1276 DcomLaunch - ok
19:45:49.0984 1276 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:45:50.0031 1276 Dhcp - ok
19:45:50.0078 1276 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:45:50.0093 1276 Disk - ok
19:45:50.0125 1276 dmadmin - ok
19:45:50.0437 1276 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:45:50.0671 1276 dmboot - ok
19:45:50.0781 1276 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:45:50.0828 1276 dmio - ok
19:45:50.0953 1276 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:45:50.0953 1276 dmload - ok
19:45:51.0046 1276 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:45:51.0046 1276 dmserver - ok
19:45:51.0187 1276 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:45:51.0203 1276 DMusic - ok
19:45:51.0281 1276 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:45:51.0296 1276 Dnscache - ok
19:45:51.0437 1276 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:45:51.0468 1276 Dot3svc - ok
19:45:51.0531 1276 dpti2o - ok
19:45:51.0609 1276 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:45:51.0640 1276 drmkaud - ok
19:45:51.0734 1276 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:45:51.0750 1276 EapHost - ok
19:45:51.0906 1276 [ 64585B1D85FF7566B99CED303A02F357 ] EaseUS Agent C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
19:45:51.0937 1276 EaseUS Agent - ok
19:45:52.0156 1276 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:45:52.0296 1276 eeCtrl - ok
19:45:52.0359 1276 [ F07BA56B0235F15EFF8F10DC6389C42E ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
19:45:52.0375 1276 epmntdrv - ok
19:45:52.0500 1276 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:45:52.0531 1276 ERSvc - ok
19:45:52.0625 1276 [ 40F272BC66A4692C4E5A07008B3C428D ] EUBAKUP C:\WINDOWS\system32\drivers\eubakup.sys
19:45:52.0640 1276 EUBAKUP - ok
19:45:52.0703 1276 [ D6DD9E76F2D084292D3A032AA7CE9AEC ] EUBKMON C:\WINDOWS\system32\drivers\EUBKMON.sys
19:45:52.0718 1276 EUBKMON - ok
19:45:52.0765 1276 [ B5A6D8FFB1BE1EA333C96F8788C6A909 ] EUDSKACS C:\WINDOWS\system32\drivers\eudskacs.sys
19:45:52.0765 1276 EUDSKACS - ok
19:45:52.0843 1276 [ A67BF5BB59C6C15FAB47C771DBE00C20 ] EUFDDISK C:\WINDOWS\system32\drivers\EuFdDisk.sys
19:45:52.0890 1276 EUFDDISK - ok
19:45:52.0968 1276 [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
19:45:52.0984 1276 EuGdiDrv - ok
19:45:53.0046 1276 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:45:53.0125 1276 Eventlog - ok
19:45:53.0265 1276 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\System32\es.dll
19:45:53.0359 1276 EventSystem - ok
19:45:53.0437 1276 [ AA855FB8A866281AACB393C1FEAB91AE ] FA312 C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
19:45:53.0437 1276 FA312 - ok
19:45:53.0531 1276 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:45:53.0578 1276 Fastfat - ok
19:45:53.0718 1276 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:45:53.0750 1276 FastUserSwitchingCompatibility - ok
19:45:53.0843 1276 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:45:53.0859 1276 Fdc - ok
19:45:53.0953 1276 [ 694D14543FF884F00012534F790F8E73 ] FiltUSBEMPIA C:\WINDOWS\system32\DRIVERS\emFilter.sys
19:45:53.0968 1276 FiltUSBEMPIA - ok
19:45:54.0046 1276 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:45:54.0062 1276 Fips - ok
19:45:54.0125 1276 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:45:54.0125 1276 Flpydisk - ok
19:45:54.0234 1276 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:45:54.0296 1276 FltMgr - ok
19:45:54.0421 1276 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:45:54.0437 1276 FontCache3.0.0.0 - ok
19:45:54.0515 1276 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:45:54.0515 1276 Fs_Rec - ok
19:45:54.0609 1276 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:45:54.0640 1276 Ftdisk - ok
19:45:54.0718 1276 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:45:54.0718 1276 GEARAspiWDM - ok
19:45:54.0796 1276 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:45:54.0796 1276 Gpc - ok
19:45:54.0890 1276 [ A6A4223573CFCF87843CFCB3A9C237C7 ] Guard Agent C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
19:45:54.0906 1276 Guard Agent - ok
19:45:55.0031 1276 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:45:55.0093 1276 gupdate - ok
19:45:55.0187 1276 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:45:55.0218 1276 gupdatem - ok
19:45:55.0312 1276 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:45:55.0359 1276 gusvc - ok
19:45:55.0515 1276 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:45:55.0515 1276 helpsvc - ok
19:45:55.0593 1276 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:45:55.0609 1276 HidServ - ok
19:45:55.0718 1276 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:45:55.0718 1276 hidusb - ok
19:45:55.0812 1276 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:45:55.0828 1276 hkmsvc - ok
19:45:55.0890 1276 hpn - ok
19:45:55.0968 1276 [ 9F1D80908658EB7F1BF70809E0B51470 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:45:55.0984 1276 HPZid412 - ok
19:45:56.0046 1276 [ F7E3E9D50F9CD3DE28085A8FDAA0A1C3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:45:56.0046 1276 HPZipr12 - ok
19:45:56.0140 1276 [ CF1B7951B4EC8D13F3C93B74BB2B461B ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:45:56.0140 1276 HPZius12 - ok
19:45:56.0312 1276 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:45:56.0375 1276 HTTP - ok
19:45:56.0468 1276 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:45:56.0484 1276 HTTPFilter - ok
19:45:56.0546 1276 i2omgmt - ok
19:45:56.0593 1276 i2omp - ok
19:45:56.0687 1276 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:45:56.0718 1276 i8042prt - ok
19:45:56.0828 1276 [ A79029861CB69CD3CF4EAB9EBFEE32DD ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:45:56.0859 1276 ialm - ok
19:45:57.0250 1276 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:45:57.0484 1276 idsvc - ok
19:45:57.0656 1276 [ C19BF2A07BE972A110220DF6B1E89D14 ] IDSxpx86 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130113.001\IDSxpx86.sys
19:45:57.0781 1276 IDSxpx86 - ok
19:45:57.0875 1276 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:45:57.0890 1276 Imapi - ok
19:45:58.0015 1276 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\System32\imapi.exe
19:45:58.0093 1276 ImapiService - ok
19:45:58.0171 1276 ini910u - ok
19:45:58.0265 1276 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:45:58.0281 1276 IntelIde - ok
19:45:58.0328 1276 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:45:58.0343 1276 intelppm - ok
19:45:58.0406 1276 [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:45:58.0421 1276 ip6fw - ok
19:45:58.0500 1276 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:45:58.0515 1276 IpFilterDriver - ok
19:45:58.0578 1276 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:45:58.0578 1276 IpInIp - ok
19:45:58.0656 1276 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:45:58.0703 1276 IpNat - ok
19:45:58.0781 1276 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:45:58.0796 1276 IPSec - ok
19:45:58.0843 1276 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:45:58.0859 1276 IRENUM - ok
19:45:58.0953 1276 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:45:58.0968 1276 isapnp - ok
19:45:59.0140 1276 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:45:59.0187 1276 JavaQuickStarterService - ok
19:45:59.0265 1276 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:45:59.0265 1276 Kbdclass - ok
19:45:59.0343 1276 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:45:59.0343 1276 kbdhid - ok
19:45:59.0468 1276 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:45:59.0515 1276 kmixer - ok
19:45:59.0609 1276 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:45:59.0640 1276 KSecDD - ok
19:45:59.0734 1276 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:45:59.0781 1276 lanmanserver - ok
19:45:59.0890 1276 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:45:59.0968 1276 lanmanworkstation - ok
19:46:00.0031 1276 lbrtfdc - ok
19:46:00.0171 1276 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:46:00.0203 1276 LmHosts - ok
19:46:00.0296 1276 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
19:46:00.0296 1276 MBAMProtector - ok
19:46:00.0531 1276 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:46:00.0625 1276 MBAMScheduler - ok
19:46:00.0875 1276 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:46:01.0109 1276 MBAMService - ok
19:46:01.0234 1276 [ C226CE46CD17FCE6261A9DE406F01C8B ] McAfee SiteAdvisor Service c:\PROGRA~1\mcafee\siteadvisor\mcsacore.exe
19:46:01.0281 1276 McAfee SiteAdvisor Service - ok
19:46:01.0468 1276 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
19:46:01.0578 1276 MDM - ok
19:46:01.0656 1276 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:46:01.0671 1276 Messenger - ok
19:46:01.0750 1276 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:46:01.0750 1276 mnmdd - ok
19:46:01.0843 1276 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
19:46:01.0859 1276 mnmsrvc - ok
19:46:01.0953 1276 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:46:01.0953 1276 Modem - ok
19:46:02.0015 1276 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:46:02.0015 1276 MODEMCSA - ok
19:46:02.0046 1276 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:46:02.0046 1276 Mouclass - ok
19:46:02.0109 1276 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:46:02.0109 1276 mouhid - ok
19:46:02.0187 1276 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:46:02.0203 1276 MountMgr - ok
19:46:02.0296 1276 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:46:02.0328 1276 MozillaMaintenance - ok
19:46:02.0390 1276 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
19:46:02.0390 1276 MPE - ok
19:46:02.0421 1276 mraid35x - ok
19:46:02.0531 1276 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:46:02.0625 1276 MRxDAV - ok
19:46:02.0812 1276 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:46:02.0968 1276 MRxSmb - ok
19:46:03.0046 1276 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\System32\msdtc.exe
19:46:03.0062 1276 MSDTC - ok
19:46:03.0218 1276 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:46:03.0234 1276 Msfs - ok
19:46:03.0281 1276 MSIServer - ok
19:46:03.0359 1276 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:46:03.0390 1276 MSKSSRV - ok
19:46:03.0453 1276 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:46:03.0453 1276 MSPCLOCK - ok
19:46:03.0546 1276 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:46:03.0546 1276 MSPQM - ok
19:46:03.0625 1276 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:46:03.0625 1276 mssmbios - ok
19:46:03.0750 1276 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:46:03.0750 1276 MSTEE - ok
19:46:03.0875 1276 [ 8BC576BF81628AD9B03621BD381EB3C8 ] Mtlmnt5 C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
19:46:03.0937 1276 Mtlmnt5 - ok
19:46:04.0359 1276 [ 5B27B085AFF7BABD61393E3050CA5013 ] Mtlstrm C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys
19:46:04.0718 1276 Mtlstrm - ok
19:46:04.0843 1276 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:46:04.0875 1276 Mup - ok
19:46:04.0984 1276 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:46:05.0000 1276 NABTSFEC - ok
19:46:05.0171 1276 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:46:05.0250 1276 napagent - ok
19:46:05.0562 1276 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
19:46:05.0750 1276 NAUpdate - ok
19:46:05.0890 1276 [ F2840DBFE9322F35557219AE82CC4597 ] NAV C:\Program Files\Norton AntiVirus\Engine\19.9.0.9\ccSvcHst.exe
19:46:05.0937 1276 NAV - ok
19:46:06.0078 1276 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130116.006\NAVENG.SYS
19:46:06.0140 1276 NAVENG - ok
19:46:06.0687 1276 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130116.006\NAVEX15.SYS
19:46:07.0140 1276 NAVEX15 - ok
19:46:07.0218 1276 [ 0AE25530894A934C6CA600865C6E9D7C ] NBVol C:\WINDOWS\system32\DRIVERS\NBVol.sys
19:46:07.0234 1276 NBVol - ok
19:46:07.0296 1276 [ 1DDCEF3039C9D90AF3529DEE6699967D ] NBVolUp C:\WINDOWS\system32\DRIVERS\NBVolUp.sys
19:46:07.0312 1276 NBVolUp - ok
19:46:07.0406 1276 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:46:07.0484 1276 NDIS - ok
19:46:07.0593 1276 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:46:07.0593 1276 NdisIP - ok
19:46:07.0671 1276 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:46:07.0671 1276 NdisTapi - ok
19:46:07.0781 1276 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:46:07.0781 1276 Ndisuio - ok
19:46:07.0859 1276 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:46:07.0890 1276 NdisWan - ok
19:46:08.0000 1276 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:46:08.0000 1276 NDProxy - ok
19:46:08.0375 1276 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
19:46:08.0656 1276 Nero BackItUp Scheduler 4.0 - ok
19:46:08.0703 1276 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:46:08.0718 1276 NetBIOS - ok
19:46:08.0828 1276 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:46:08.0890 1276 NetBT - ok
19:46:08.0984 1276 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:46:09.0031 1276 NetDDE - ok
19:46:09.0125 1276 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:46:09.0171 1276 NetDDEdsdm - ok
19:46:09.0265 1276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\System32\lsass.exe
19:46:09.0265 1276 Netlogon - ok
19:46:09.0406 1276 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:46:09.0468 1276 Netman - ok
19:46:09.0578 1276 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:46:09.0640 1276 NetTcpPortSharing - ok
19:46:09.0734 1276 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:46:09.0750 1276 NIC1394 - ok
19:46:09.0906 1276 [ 7F0C8DE8232029D8214003231103770E ] NitroDriverReadSpool2 C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
19:46:09.0968 1276 NitroDriverReadSpool2 - ok
19:46:10.0109 1276 [ 06826A6D40B2AA967E4666C926821BA3 ] NitroReaderDriverReadSpool2 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
19:46:10.0187 1276 NitroReaderDriverReadSpool2 - ok
19:46:10.0328 1276 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:46:10.0421 1276 Nla - ok
19:46:10.0500 1276 [ B6E56578E167AD7D146F1B316490AC03 ] nlsX86cc C:\WINDOWS\system32\NLSSRV32.EXE
19:46:10.0531 1276 nlsX86cc - ok
19:46:10.0609 1276 Norton PC Checkup Application Launcher - ok
19:46:10.0734 1276 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf C:\WINDOWS\system32\drivers\npf.sys
19:46:10.0734 1276 npf - ok
19:46:10.0812 1276 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:46:10.0828 1276 Npfs - ok
19:46:11.0046 1276 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:46:11.0203 1276 Ntfs - ok
19:46:11.0265 1276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
19:46:11.0296 1276 NtLmSsp - ok
19:46:11.0484 1276 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:46:11.0625 1276 NtmsSvc - ok
19:46:11.0750 1276 [ D4C9A61408DA38652267648D51739FDB ] NtMtlFax C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys
19:46:11.0796 1276 NtMtlFax - ok
19:46:11.0875 1276 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:46:11.0890 1276 Null - ok
19:46:11.0984 1276 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:46:11.0984 1276 NwlnkFlt - ok
19:46:12.0062 1276 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:46:12.0062 1276 NwlnkFwd - ok
19:46:12.0171 1276 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:46:12.0187 1276 ohci1394 - ok
19:46:12.0281 1276 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:46:12.0312 1276 Parport - ok
19:46:12.0375 1276 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:46:12.0375 1276 PartMgr - ok
19:46:12.0468 1276 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:46:12.0484 1276 ParVdm - ok
19:46:12.0562 1276 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe
19:46:12.0609 1276 PCCUJobMgr - ok
19:46:12.0687 1276 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:46:12.0734 1276 PCI - ok
19:46:12.0796 1276 PCIDump - ok
19:46:12.0859 1276 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:46:12.0859 1276 PCIIde - ok
19:46:12.0968 1276 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
19:46:13.0031 1276 Pcmcia - ok
19:46:13.0078 1276 PDCOMP - ok
19:46:13.0140 1276 PDFRAME - ok
19:46:13.0203 1276 PDRELI - ok
19:46:13.0265 1276 PDRFRAME - ok
19:46:13.0296 1276 pdserv - ok
19:46:13.0359 1276 perc2 - ok
19:46:13.0406 1276 perc2hib - ok
19:46:13.0593 1276 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:46:13.0640 1276 PlugPlay - ok
19:46:13.0750 1276 [ 2D091A99624FB9E7EEF0A86D872EC0C3 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
19:46:13.0765 1276 Pml Driver HPZ12 - ok
19:46:13.0828 1276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
19:46:13.0859 1276 PolicyAgent - ok
19:46:13.0921 1276 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:46:13.0937 1276 PptpMiniport - ok
19:46:14.0000 1276 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
19:46:14.0015 1276 Processor - ok
19:46:14.0062 1276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:46:14.0078 1276 ProtectedStorage - ok
19:46:14.0156 1276 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:46:14.0171 1276 PSched - ok
19:46:14.0234 1276 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:46:14.0250 1276 Ptilink - ok
19:46:14.0296 1276 ql1080 - ok
19:46:14.0328 1276 Ql10wnt - ok
19:46:14.0390 1276 ql12160 - ok
19:46:14.0437 1276 ql1240 - ok
19:46:14.0500 1276 ql1280 - ok
19:46:14.0578 1276 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:46:14.0578 1276 RasAcd - ok
19:46:14.0671 1276 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:46:14.0703 1276 RasAuto - ok
19:46:14.0781 1276 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:46:14.0796 1276 Rasl2tp - ok
19:46:14.0953 1276 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:46:15.0015 1276 RasMan - ok
19:46:15.0078 1276 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:46:15.0093 1276 RasPppoe - ok
19:46:15.0187 1276 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:46:15.0187 1276 Raspti - ok
19:46:15.0296 1276 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:46:15.0343 1276 Rdbss - ok
19:46:15.0437 1276 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:46:15.0453 1276 RDPCDD - ok
19:46:15.0625 1276 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:46:15.0687 1276 RDPWD - ok
19:46:15.0812 1276 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:46:15.0859 1276 RDSessMgr - ok
19:46:15.0953 1276 [ E9AAA0092D74A9D371659C4C38882E12 ] RecAgent C:\WINDOWS\System32\DRIVERS\RecAgent.sys
19:46:15.0953 1276 RecAgent - ok
19:46:16.0031 1276 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:46:16.0046 1276 redbook - ok
19:46:16.0125 1276 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:46:16.0140 1276 RemoteAccess - ok
19:46:16.0250 1276 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
19:46:16.0265 1276 RFCOMM - ok
19:46:16.0359 1276 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\System32\locator.exe
19:46:16.0375 1276 RpcLocator - ok
19:46:16.0562 1276 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:46:16.0671 1276 RpcSs - ok
19:46:16.0812 1276 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\System32\rsvp.exe
19:46:16.0859 1276 RSVP - ok
19:46:16.0953 1276 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:46:16.0984 1276 SamSs - ok
19:46:17.0078 1276 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:46:17.0093 1276 SASDIFSV - ok
19:46:17.0171 1276 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:46:17.0203 1276 SASKUTIL - ok
19:46:17.0312 1276 [ 56E6C458042B3BDE1F3D0202E1085C1F ] ScanUSBEMPIA C:\WINDOWS\system32\DRIVERS\emScan.sys
19:46:17.0312 1276 ScanUSBEMPIA - ok
19:46:17.0406 1276 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:46:17.0437 1276 SCardSvr - ok
19:46:17.0593 1276 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:46:17.0640 1276 Schedule - ok
19:46:17.0765 1276 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:46:17.0796 1276 Secdrv - ok
19:46:17.0875 1276 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:46:17.0890 1276 seclogon - ok
19:46:17.0968 1276 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:46:17.0984 1276 SENS - ok
19:46:18.0046 1276 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:46:18.0062 1276 Serial - ok
19:46:18.0328 1276 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:46:18.0359 1276 Sfloppy - ok
19:46:18.0515 1276 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:46:18.0593 1276 SharedAccess - ok
19:46:18.0703 1276 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:46:18.0750 1276 ShellHWDetection - ok
19:46:18.0796 1276 Simbad - ok
19:46:19.0796 1276 [ 0F97E7A47A52F4A36969F0FC319654C2 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:46:20.0625 1276 Skype C2C Service - ok
19:46:20.0765 1276 [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:46:20.0796 1276 SkypeUpdate - ok
19:46:20.0906 1276 [ EACA11D07D7E74D72B913089B75B1416 ] SLEE_17_DRIVER C:\WINDOWS\system32\drivers\Sleen17.sys
19:46:20.0937 1276 SLEE_17_DRIVER - ok
19:46:21.0046 1276 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:46:21.0062 1276 SLIP - ok
19:46:21.0281 1276 [ 9D3805CBF16056359A52DFB37A71AA49 ] Slntamr C:\WINDOWS\system32\DRIVERS\slntamr.sys
19:46:21.0406 1276 Slntamr - ok
19:46:21.0515 1276 [ 0F3536110D1027E8BB07E0ADB9058039 ] SlNtHal C:\WINDOWS\system32\DRIVERS\Slnthal.sys
19:46:21.0562 1276 SlNtHal - ok
19:46:21.0593 1276 SLService - ok
19:46:21.0656 1276 [ 3B4A3B282F62FE5D75127D22B26909ED ] SlWdmSup C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
19:46:21.0671 1276 SlWdmSup - ok
19:46:21.0765 1276 [ CDE05A7FB8F3707391716780427DC0FC ] SMR311 C:\WINDOWS\system32\drivers\SMR311.SYS
19:46:21.0796 1276 SMR311 - ok
19:46:21.0937 1276 [ C3BF55189AA92B8F919108EF9E4ACCAE ] snapman C:\WINDOWS\system32\DRIVERS\snapman.sys
19:46:21.0984 1276 snapman - ok
19:46:22.0093 1276 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
19:46:22.0093 1276 SONYPVU1 - ok
19:46:22.0156 1276 Sparrow - ok
19:46:22.0234 1276 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:46:22.0250 1276 splitter - ok
19:46:22.0328 1276 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:46:22.0375 1276 Spooler - ok
19:46:22.0468 1276 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:46:22.0484 1276 sr - ok
19:46:22.0640 1276 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\System32\srsvc.dll
19:46:22.0687 1276 srservice - ok
19:46:22.0953 1276 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\WINDOWS\System32\Drivers\NAV\1309000.009\SRTSP.SYS
19:46:23.0093 1276 SRTSP - ok
19:46:23.0171 1276 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\WINDOWS\system32\drivers\NAV\1309000.009\SRTSPX.SYS
19:46:23.0187 1276 SRTSPX - ok
19:46:23.0328 1276 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:46:23.0453 1276 Srv - ok
19:46:23.0562 1276 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:46:23.0593 1276 SSDPSRV - ok
19:46:23.0765 1276 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:46:23.0859 1276 stisvc - ok
19:46:23.0953 1276 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:46:23.0968 1276 streamip - ok
19:46:24.0031 1276 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:46:24.0031 1276 swenum - ok
19:46:24.0093 1276 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:46:24.0109 1276 swmidi - ok
19:46:24.0156 1276 SwPrv - ok
19:46:24.0234 1276 symc810 - ok
19:46:24.0265 1276 symc8xx - ok
19:46:24.0437 1276 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\WINDOWS\system32\drivers\NAV\1309000.009\SYMDS.SYS
19:46:24.0546 1276 SymDS - ok
19:46:24.0906 1276 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\WINDOWS\system32\drivers\NAV\1309000.009\SYMEFA.SYS
19:46:25.0171 1276 SymEFA - ok
19:46:25.0281 1276 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
19:46:25.0343 1276 SymEvent - ok
19:46:25.0468 1276 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\WINDOWS\system32\drivers\NAV\1309000.009\Ironx86.SYS
19:46:25.0500 1276 SymIRON - ok
19:46:25.0703 1276 [ 508BD882040F9CB12319E3A4FC78EDB9 ] SYMTDI C:\WINDOWS\System32\Drivers\NAV\1309000.009\SYMTDI.SYS
19:46:25.0781 1276 SYMTDI - ok
19:46:25.0843 1276 sym_hi - ok
19:46:25.0906 1276 sym_u3 - ok
19:46:26.0015 1276 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:46:26.0031 1276 sysaudio - ok
19:46:26.0109 1276 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:46:26.0171 1276 SysmonLog - ok
19:46:26.0421 1276 [ 968E23EC4E0AF2F107E73C733B0D7A8E ] SystemExplorerHelpService C:\Program Files\System Explorer\service\SystemExplorerService.exe
19:46:26.0562 1276 SystemExplorerHelpService - ok
19:46:26.0718 1276 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:46:26.0796 1276 TapiSrv - ok
19:46:27.0000 1276 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:46:27.0078 1276 Tcpip - ok
19:46:27.0171 1276 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:46:27.0171 1276 TDPIPE - ok
19:46:27.0359 1276 [ 3B7B6779EB231F731BBA8F9FE67AADFC ] tdrpman C:\WINDOWS\system32\DRIVERS\tdrpman.sys
19:46:27.0453 1276 tdrpman - ok
19:46:27.0562 1276 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:46:27.0562 1276 TDTCP - ok
19:46:27.0656 1276 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:46:27.0671 1276 TermDD - ok
19:46:27.0843 1276 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:46:27.0937 1276 TermService - ok
19:46:28.0062 1276 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:46:28.0109 1276 Themes - ok
19:46:28.0203 1276 [ B0B3122BFF3910E0BA97014045467778 ] tifsfilter C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
19:46:28.0203 1276 tifsfilter - ok
19:46:28.0406 1276 [ 13BFE330880AC0CE8672D00AA5AFF738 ] timounter C:\WINDOWS\system32\DRIVERS\timntr.sys
19:46:28.0546 1276 timounter - ok
19:46:28.0609 1276 TosIde - ok
19:46:28.0703 1276 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:46:28.0734 1276 TrkWks - ok
19:46:28.0984 1276 [ BC236BBB0B16049392E020E53F17D04C ] TryAndDecideService C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
19:46:29.0156 1276 TryAndDecideService - ok
19:46:29.0750 1276 [ 64F479F4BAA9D34CE94DB6ED7D25B34B ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
19:46:30.0156 1276 TuneUp.UtilitiesSvc - ok
19:46:30.0265 1276 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
19:46:30.0265 1276 TuneUpUtilitiesDrv - ok
19:46:30.0359 1276 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:46:30.0375 1276 Udfs - ok
19:46:30.0437 1276 ultra - ok
19:46:30.0656 1276 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:46:30.0765 1276 Update - ok
19:46:30.0890 1276 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:46:30.0953 1276 upnphost - ok
19:46:31.0046 1276 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:46:31.0062 1276 UPS - ok
19:46:31.0234 1276 [ 68A00F7BD18BC3AF2D98A75142E1C74E ] USB28xxBGA C:\WINDOWS\system32\DRIVERS\emBDA.sys
19:46:31.0328 1276 USB28xxBGA - ok
19:46:31.0406 1276 [ D52F4FC7788D670A78B2C253717B5330 ] USB28xxOEM C:\WINDOWS\system32\DRIVERS\emOEM.sys
19:46:31.0406 1276 USB28xxOEM - ok
19:46:31.0500 1276 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:46:31.0515 1276 usbccgp - ok
19:46:31.0578 1276 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:46:31.0609 1276 usbehci - ok
19:46:31.0703 1276 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:46:31.0718 1276 usbhub - ok
19:46:31.0796 1276 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:46:31.0812 1276 usbprint - ok
19:46:31.0906 1276 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:46:31.0906 1276 usbscan - ok
19:46:32.0000 1276 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:46:32.0015 1276 USBSTOR - ok
19:46:32.0078 1276 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:46:32.0078 1276 usbuhci - ok
19:46:32.0171 1276 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:46:32.0187 1276 VgaSave - ok
19:46:32.0218 1276 ViaIde - ok
19:46:32.0328 1276 [ 676418770F7EFD7342D19116F4B8911E ] VIAudio C:\WINDOWS\system32\drivers\vinyl97.sys
19:46:32.0375 1276 VIAudio - ok
19:46:32.0453 1276 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:46:32.0468 1276 VolSnap - ok
19:46:32.0593 1276 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:46:32.0703 1276 VSS - ok
19:46:32.0828 1276 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\System32\w32time.dll
19:46:32.0875 1276 W32Time - ok
19:46:33.0000 1276 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:46:33.0015 1276 Wanarp - ok
19:46:33.0093 1276 WDICA - ok
19:46:33.0171 1276 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:46:33.0187 1276 wdmaud - ok
19:46:33.0265 1276 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:46:33.0312 1276 WebClient - ok
19:46:33.0500 1276 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:46:33.0562 1276 winmgmt - ok
19:46:33.0750 1276 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:46:33.0765 1276 WmdmPmSN - ok
19:46:33.0921 1276 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
19:46:33.0968 1276 WmiApSrv - ok
19:46:34.0343 1276 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:46:34.0562 1276 WMPNetworkSvc - ok
19:46:34.0921 1276 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:46:35.0156 1276 WPFFontCache_v0400 - ok
19:46:35.0250 1276 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:46:35.0281 1276 wscsvc - ok
19:46:35.0406 1276 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:46:35.0437 1276 WSTCODEC - ok
19:46:35.0500 1276 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:46:35.0515 1276 wuauserv - ok
19:46:35.0625 1276 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:46:35.0671 1276 WudfPf - ok
19:46:35.0781 1276 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:46:35.0796 1276 WudfRd - ok
19:46:35.0890 1276 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:46:35.0937 1276 WudfSvc - ok
19:46:36.0140 1276 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:46:36.0296 1276 WZCSVC - ok
19:46:36.0406 1276 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:46:36.0437 1276 xmlprov - ok
19:46:36.0562 1276 [ 0255FA04DD9C770635482D9CA97AFC59 ] {5C8B2B62-A385-11d5-A78B-00104B672758} C:\WINDOWS\system32\drivers\A311.sys
19:46:36.0578 1276 {5C8B2B62-A385-11d5-A78B-00104B672758} - ok
19:46:36.0625 1276 [ F090C9C321F70979BE80BF1B6F6F794C ] {5C8B2B65-A385-11d5-A78B-00104B672758} C:\WINDOWS\system32\drivers\A310.sys
19:46:36.0640 1276 {5C8B2B65-A385-11d5-A78B-00104B672758} - ok
19:46:36.0734 1276 [ 3EE36328E860FBF102B54608A055C6BE ] {6080A529-897E-4629-A488-ABA0C29B635E} C:\WINDOWS\system32\drivers\ialmsbw.sys
19:46:36.0765 1276 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
19:46:36.0906 1276 [ 17F39A1916733ED228EB46AD67C35426 ] {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} C:\WINDOWS\system32\drivers\ialmkchw.sys
19:46:36.0937 1276 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
19:46:36.0968 1276 ================ Scan global ===============================
19:46:37.0031 1276 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:46:37.0140 1276 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:46:37.0375 1276 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:46:37.0531 1276 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:46:37.0562 1276 [Global] - ok
19:46:37.0593 1276 ================ Scan MBR ==================================
19:46:37.0640 1276 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:46:37.0875 1276 \Device\Harddisk0\DR0 - ok
19:46:37.0906 1276 ================ Scan VBR ==================================
19:46:37.0937 1276 [ 70C510ABCDFA130803E954BEE71B840E ] \Device\Harddisk0\DR0\Partition1
19:46:37.0953 1276 \Device\Harddisk0\DR0\Partition1 - ok
19:46:38.0031 1276 [ 9B1208AF3CD579B39B4EA3B7BF567532 ] \Device\Harddisk0\DR0\Partition2
19:46:38.0046 1276 \Device\Harddisk0\DR0\Partition2 - ok
19:46:38.0062 1276 ============================================================
19:46:38.0062 1276 Scan finished
19:46:38.0062 1276 ============================================================
19:46:38.0140 1932 Detected object count: 0
19:46:38.0140 1932 Actual detected object count: 0
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » February 5th, 2013, 2:11 pm

Hi constantin,

Looks clean for now, but let's check with ComboFix:
Download and Run ComboFix

  • Please download ComboFix. (Alternate site: here)
    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • If not already installed... Press "Yes" to any "Recovery Console" prompts.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!
    When finished, Notepad will open a log file called "ComboFix.txt".
  • Please copy/paste the contents of ComboFix.txt in your next reply.

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » February 5th, 2013, 7:26 pm

Hi, Nunpad

This is the ComboFix Report :

ComboFix 13-02-03.03 - Tinel 02/06/2013 0:37.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.789 [GMT 2:00]
Running from: c:\documents and settings\Tinel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\1359054109.bdinstall.bin
c:\documents and settings\All Users\Application Data\1359152412.bdinstall.bin
c:\documents and settings\All Users\Application Data\1359199325.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Tinel\Application Data\HPSU_48BitScanUpdate.log
C:\Documents
c:\windows\system32\bn.dll
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\office.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tempdir
c:\windows\system32\tempdir\tinypdf.chm
c:\windows\system32\tempdir\tinypdf.dll
c:\windows\system32\tempdir\tinypdf1.dll
c:\windows\system32\tempdir\tinypdf2.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\msvcr71.dll.001
c:\windows\system32\URTTemp\msvcr71.dll.int
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AFPANSI
-------\Legacy_NPF
-------\Service_AFPAnsi
-------\Service_npf
-------\Legacy_Skype_C2C_Service
-------\Legacy_SMR311
-------\Legacy_SMR311
-------\Legacy_SMR311
-------\Legacy_SMR311
-------\Service_Skype C2C Service
-------\Service_SMR311
-------\Service_SMR311
-------\Service_SMR311
-------\Service_SMR311
.
.
((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))
.
.
2013-02-05 19:01 . 2013-02-05 19:01 -------- d-----w- c:\documents and settings\Tinel\Application Data\AVG2013
2013-02-05 18:59 . 2013-02-05 18:59 -------- d-----w- c:\documents and settings\Tinel\Local Settings\Application Data\AVG Secure Search
2013-02-05 18:59 . 2013-02-05 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2013-02-05 18:59 . 2013-02-05 18:59 -------- d-----w- c:\documents and settings\Tinel\Application Data\AVG Secure Search
2013-02-05 18:59 . 2013-02-05 18:59 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-05 18:59 . 2013-02-05 18:59 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-02-05 18:59 . 2013-02-05 18:59 -------- d-----w- c:\program files\AVG Secure Search
2013-02-05 18:58 . 2013-02-05 18:59 -------- d-----w- c:\windows\LastGood.Tmp
2013-02-05 18:58 . 2013-02-05 18:58 -------- d-----w- C:\$AVG
2013-02-05 18:58 . 2013-02-05 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-02-05 18:57 . 2013-02-05 18:57 -------- d-----w- c:\program files\AVG
2013-02-05 18:49 . 2013-02-05 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-02-05 18:49 . 2013-02-05 18:49 -------- d-----w- c:\documents and settings\Tinel\Local Settings\Application Data\MFAData
2013-02-05 18:49 . 2013-02-05 18:49 -------- d-----w- c:\documents and settings\Tinel\Local Settings\Application Data\Avg2013
2013-02-05 18:37 . 2013-02-05 18:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-02-05 18:37 . 2012-12-14 14:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-04 22:43 . 2013-02-04 22:43 -------- d-----w- c:\program files\NirSoft
2013-02-02 18:58 . 2013-02-02 18:58 -------- d-----w- c:\documents and settings\Tinel\Local Settings\Application Data\Innovative Solutions
2013-02-02 18:58 . 2013-02-02 18:58 -------- d-----w- c:\program files\Innovative Solutions
2013-02-02 18:38 . 2009-08-21 21:07 620032 ----a-w- c:\windows\system32\xtsupermenuHook.dll
2013-02-02 18:38 . 2008-02-24 14:17 11264 ----a-w- c:\windows\system32\drivers\supermounter.sys
2013-02-02 18:38 . 2007-03-11 19:39 44000 ----a-w- c:\windows\system32\drivers\AFPUni.sys
2013-02-02 18:38 . 2007-03-11 19:39 43936 ----a-w- c:\windows\system32\drivers\AFPAnsi.sys
2013-02-02 18:38 . 2003-10-16 20:56 6144 ----a-w- c:\windows\system32\SuperRes.dll
2013-02-02 18:38 . 2003-10-11 08:24 89088 ----a-w- c:\windows\system32\Shreder.dll
2013-02-02 18:38 . 2003-09-06 20:32 73728 ----a-w- c:\windows\system32\smh.dat
2013-02-02 18:38 . 2008-08-04 12:21 1509376 ----a-w- c:\windows\system32\context.dll
2013-02-02 18:38 . 2013-02-02 18:38 -------- d-----w- c:\program files\XP Tools
2013-01-30 22:58 . 2013-01-30 22:58 -------- d-----w- c:\program files\ESET
2013-01-30 22:20 . 2013-01-30 22:20 -------- d-----w- C:\_OTL
2013-01-27 21:11 . 2013-01-27 21:11 -------- d-----w- c:\documents and settings\Tinel\Application Data\Malwarebytes
2013-01-27 21:11 . 2013-01-27 21:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-27 20:46 . 2013-01-27 20:46 -------- d-----w- c:\windows\ERUNT
2013-01-27 20:46 . 2013-01-27 20:46 -------- d-----w- C:\JRT
2013-01-26 09:01 . 2013-01-26 09:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2013-01-25 22:32 . 2013-01-25 22:32 -------- d-----w- c:\documents and settings\LocalService\Application Data\QuickScan
2013-01-24 19:02 . 2013-01-24 19:02 -------- d-----w- c:\program files\Bitdefender
2013-01-23 09:19 . 2013-01-23 09:19 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-01-23 09:13 . 2013-01-23 09:13 -------- d-----w- c:\program files\CPUID
2013-01-22 21:34 . 2013-01-22 21:34 -------- d-----w- c:\documents and settings\Tinel\Application Data\SUPERAntiSpyware.com
2013-01-22 21:34 . 2013-01-22 21:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-22 21:34 . 2013-01-22 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-01-22 19:40 . 2013-01-22 19:40 -------- d-----w- c:\documents and settings\Tinel\Doctor Web
2013-01-21 12:14 . 2013-01-21 12:14 -------- d-----w- c:\program files\ACW
2013-01-21 12:06 . 2013-01-21 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2013-01-21 12:06 . 2013-01-21 12:06 -------- d-----w- c:\program files\Panda USB Vaccine
2013-01-18 10:32 . 2013-01-18 10:32 -------- d-----w- c:\windows\system32\wbem\Repository
2013-01-18 10:26 . 2013-01-18 10:26 -------- d-----w- C:\Output
2013-01-18 10:23 . 2013-01-18 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SystemExplorer
2013-01-18 10:23 . 2013-01-18 10:23 -------- d-----w- c:\program files\System Explorer
2013-01-18 10:22 . 2013-01-25 22:15 -------- d-----w- c:\program files\Uniblue
2013-01-18 10:22 . 2013-01-23 09:32 -------- d-----w- c:\documents and settings\Tinel\Application Data\Uniblue
2013-01-17 10:08 . 2013-01-18 10:15 -------- d-s---w- c:\documents and settings\Administrator
2013-01-13 15:57 . 2013-01-13 15:57 -------- d-----w- c:\documents and settings\Tinel\Application Data\WinZip
2013-01-13 15:52 . 2013-01-18 10:22 -------- d-----w- c:\program files\WinZip System Utilities Suite
2013-01-12 23:15 . 2013-01-18 10:22 -------- d-----w- c:\program files\SopCast
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 12:24 . 2012-03-30 08:36 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-30 12:24 . 2011-10-25 15:18 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2002-08-29 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-27 09:52 . 2012-11-27 10:52 179336 ----a-w- c:\program files\64res.dll
2012-11-15 21:33 . 2012-11-15 21:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2012-11-13 01:25 . 2002-08-29 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2013-01-19 14:26 . 2013-01-19 14:26 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\drivermax.exe" [2013-01-16 11325304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-05 1046984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tinel^Start Menu^Programs^Startup^PandaUSBVaccine.lnk]
path=c:\documents and settings\Tinel\Start Menu\Programs\Startup\PandaUSBVaccine.lnk
backup=c:\windows\pss\PandaUSBVaccine.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tinel^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Tinel\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2008-04-09 18:14 136472 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2008-04-09 18:23 909208 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 08:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Agent]
2002-10-01 13:57 94208 ----a-w- c:\program files\CyberLink\PowerVCRII\agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 02:42 110592 ------w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 02:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7]
2013-01-20 23:43 13105848 ----a-w- c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
2011-12-26 11:06 743560 ----a-w- c:\program files\EASEUS\Todo Backup\bin\TrayNotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
2011-12-22 21:09 70792 ----a-w- c:\program files\EASEUS\Todo Backup\bin\EuWatch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emMON]
2006-05-30 19:24 61440 ----a-w- c:\windows\emMON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-03-11 06:11 114688 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 13:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 11:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-03-11 06:24 155648 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2012-01-13 13:22 1493288 ----a-w- c:\program files\Nero\Nero 11\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Remote_Agent]
2004-09-10 08:05 40960 ----a-w- c:\program files\CyberLink\PowerVCRII\RemoteAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2013-01-22 21:47 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2008-04-09 18:11 2595792 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"TuneUp.UtilitiesSvc"=2 (0x2)
"SystemExplorerHelpService"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"PCCUJobMgr"=2 (0x2)
"Norton PC Checkup Application Launcher"=2 (0x2)
"NitroReaderDriverReadSpool2"=3 (0x3)
"NitroDriverReadSpool2"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"NAV"=2 (0x2)
"NAUpdate"=2 (0x2)
"MozillaMaintenance"=3 (0x3)
"MDM"=3 (0x3)
"McAfee SiteAdvisor Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"DefaultTabUpdate"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"!SASCORE"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\CyberLink\\PowerVCRII\\PVCR.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Tinel\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Nero\\KM\\KwikMedia.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [1/6/2012 12:14 PM 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [1/6/2012 12:14 PM 43784]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [8/9/2012 9:01 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [8/9/2012 9:01 PM 12464]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2/5/2013 8:59 PM 26984]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [1/6/2012 12:14 PM 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [1/6/2012 12:14 PM 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 11:55 PM 67664]
R1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\SleeN17.sys [2/17/2010 2:21 PM 94560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/5/2013 8:37 PM 682344]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe [4/4/2012 9:48 AM 126392]
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc --> c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [7/4/2012 9:49 AM 1528672]
R2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2/5/2013 8:59 PM 894920]
R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;c:\windows\system32\drivers\a311.sys [10/25/2011 12:58 PM 31287]
R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;c:\windows\system32\drivers\a310.sys [10/25/2011 12:58 PM 33335]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/5/2013 8:37 PM 21104]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [5/3/2012 9:43 AM 10064]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2/5/2013 8:37 PM 398184]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\Tinel\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\Tinel\LOCALS~1\Temp\ALSysIO.sys [?]
S3 cpudrv;cpudrv;\??\c:\program files\SystemRequirementsLab\cpudrv.sys --> c:\program files\SystemRequirementsLab\cpudrv.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/30/2011 9:10 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/30/2011 9:10 PM 8456]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 8:54 PM 116608]
S4 EaseUS Agent;EaseUS Agent;c:\program files\EASEUS\Todo Backup\bin\Agent.exe [1/6/2012 12:09 PM 61064]
S4 Guard Agent;Guard Agent;c:\program files\EASEUS\Todo Backup\bin\GuardAgent.exe [1/6/2012 12:09 PM 23176]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\siteadvisor\mcsacore.exe [8/29/2012 10:49 PM 95232]
S4 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [11/25/2011 3:32 PM 687400]
S4 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [5/16/2012 2:33 PM 184840]
S4 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [5/16/2012 8:11 PM 184848]
S4 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [5/16/2012 2:33 PM 69640]
S4 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.17.48\SymcPCCULaunchSvc.exe [4/4/2012 9:48 AM 123320]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:14 PM 160944]
S4 SystemExplorerHelpService;System Explorer Service;c:\program files\System Explorer\service\SystemExplorerService.exe [12/5/2012 9:24 PM 567256]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSCHEDULER
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 12:24]
.
2013-02-05 c:\windows\Tasks\cardworksShakeIcon.job
- c:\program files\NCH Software\CardWorks\cardworks.exe [2011-12-25 17:38]
.
2013-01-23 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\driverscanner.exe [2013-01-23 06:56]
.
2013-01-23 c:\windows\Tasks\dsmonitor.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-01-23 06:56]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 17:45]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-16 17:45]
.
2013-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-220523388-1801674531-1004Core.job
- c:\documents and settings\Tinel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-23 18:00]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-220523388-1801674531-1004UA.job
- c:\documents and settings\Tinel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-09-23 18:00]
.
2013-02-05 c:\windows\Tasks\photopadShakeIcon.job
- c:\program files\NCH Software\PhotoPad\photopad.exe [2012-01-01 21:11]
.
2012-08-11 c:\windows\Tasks\pixillionDowngrade.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2012-01-01 21:11]
.
2012-08-11 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2012-01-01 21:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.mg5.mail.yahoo.com/neo/launch
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\Tinel\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Tinel\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\
FF - ExtSQL: 2013-01-12 01:03; {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}; c:\documents and settings\Tinel\Application Data\Mozilla\Firefox\Profiles\7pqu4e97.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF - ExtSQL: 2013-02-05 20:59; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\13.3.0.17
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-DriverMax_RESTART - (no file)
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-K!IR - c:\program files\K!TV\K!IR.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-06 00:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.48\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.48\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1064)
c:\windows\system32\relog_ap.dll
.
- - - - - - - > 'explorer.exe'(2128)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\netdde.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Bitdefender\60-Second Virus Scanner\pdscan.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\AVG\AVG2013\avgmfapx.exe
c:\program files\TuneUp Utilities 2012\OneClickStarter.exe
.
**************************************************************************
.
Completion time: 2013-02-06 01:11:55 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-05 23:11
.
Pre-Run: 10,979,131,392 bytes free
Post-Run: 10,889,646,080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /bootlog
.
- - End Of File - - E9224F8C4CFF7F3A73A4E402EF4A185F
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » February 6th, 2013, 2:08 pm

Hi constantin,

Please, locate the following file:
C:\QooBox\Quarantine\Registry_backups\Service_SMR311 .reg.dat

Open it with Notepad
Copy and paste its contents in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » February 6th, 2013, 5:43 pm

Hi, Nunpad

File you asked for :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\smr311]
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » February 7th, 2013, 12:29 pm

Hi Constantin,

Can you tell me the exact name of the Norton product (antivirus) you are using?

Then:
Defence Inspector
  • Please download Defence Inspector.exe and save it to your desktop.
  • Double click DefenceInspector to run it.
  • When presented with the option to begin the scan, please press any key to continue.
  • When DefenceInspector has finished scanning a log will appear.
  • Please post the entire contents of this log in your next reply.
.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » February 8th, 2013, 2:11 pm

Hi, Nunpad

Untill yesterday I have had Norton Antivirus Online (NAV Online) as a paid subscription trough my ISP.
Since I found that my Blue Screen Stop (BSOD) issue was due to a kernel memory file corrupted by a NAV driver, I uninstalled NAV and now BSOD ceased and can boot in normal mode.
Mention that for a while I installed AVG 2013 Internet Security (Trial), just to have a protection.
Below is the Defence Inspector report :

Defence Inspector (Version 1.0.1)
Log created at 19:52:10 on February 08, 2013

-= System =-
Windows XP (32-bit, Service Pack 3)
Windows Update: Automatic installation
System Restore: ON (49 restore point(s) available)

-= User Accounts =-
Administrator (Admin)
ASPNET
Guest
HelpAssistant (Disabled)
SUPPORT_388945a0 (Disabled)
Tinel (Admin)

-= Security Programs =-
Malwarebytes' Anti-Malware
SUPERAntiSpyware
Windows Firewall: Enabled

-= Other Programs =-
Adobe AIR 3.0.0.4080
Adobe Flash Player (Plugin) 11.5.502.149
Adobe Flash Player (ActiveX) 11.5.502.149
Internet Explorer 8.0.6001.18702
Java (Version Unknown)
Mozilla Firefox 17.0.1 (en-US)

-= EOF =-
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » February 9th, 2013, 11:49 am

Hi constantin,

Since I found that my Blue Screen Stop (BSOD) issue was due to a kernel memory file corrupted by a NAV driver, I uninstalled NAV and now BSOD ceased and can boot in normal mode.


Glad to hear that! Your computer appears to be free from malware.

Now, some clean-up steps:

Uninstall Combofix
  • Click on Start >> Run...
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

OTL-Cleanup
You should still have this on your desktop, if so, please ignore the download instructions.
Please download OTL Save it to your Desktop.
  1. Double click on OTL.exe to run it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal... please select OK to reboot your computer.
If you did not reboot your computer normally, please do so now, before continuing.

Don't forget to re-enable your security programs!

Your Java is out of date.
It can be updated by the Java control panel
  • click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.


Update your Antivirus programs and other programs regularly. This is one good way to avoid new threats. The following websites can be used to check if you need any update.
Secunia Personal Software Inspector
F-secure Health Check
FileHippo.com Update Checker - © Copyright FileHippo.com

Some free programs that can improve your computer security:
Malwarebytes Anti-malware
This is a great anti-malware application that can remove a good percentage of infections. You should run a scan with it at least once week, after you download the latest updates.
You can find information and Download it from HERE

SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

Stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please reply to this post so I know you have read it. If you don't have any further questions this thread will be closed.

Safe surfing! ;)
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » February 9th, 2013, 7:16 pm

Hi, Nunpad

Done with ComboFix and OTL.
Java is now up to date.
The other programs follow.

Last day AVG detected malware. Here is the report :

Resident Shield detection
Detection name;"Result";"Detection time";"Object Type";"Process"
Virus identified Worm/Generic3.BST, c:\System Volume Information\_restore{61284D70-A868-4CCC-91A4-5235801467FD}\RP56\A0025044.exe;"Moved to Virus Vault";"2/9/2013, 2:06:42 PM";"File or Directory";""
Virus identified Worm/Generic3.BST, c:\System Volume Information\_restore{61284D70-A868-4CCC-91A4-5235801467FD}\RP56\A0025045.exe;"Moved to Virus Vault";"2/9/2013, 7:13:57 PM";"File or Directory";""
Virus identified Worm/Generic3.BST, c:\System Volume Information\_restore{61284D70-A868-4CCC-91A4-5235801467FD}\RP56\A0025045.exe;"Secured";"2/9/2013, 7:36:12 PM";"File or Directory";""
Virus identified Worm/Generic3.BST, c:\System Volume Information\_restore{61284D70-A868-4CCC-91A4-5235801467FD}\RP56\A0025046.exe;"Moved to Virus Vault";"2/9/2013, 8:28:41 PM";"File or Directory";""

Should I remove those from Virus Vault ?
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » February 10th, 2013, 12:42 pm

Hi constantin,

Those files correspond to infected system restore points.

Create a new System Restore Point (SRP)
We'll create a new SRP, then remove old infected SRPs.
Create a new SRP
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point then press the Next button.
  3. Type a name for the new SRP, like All Clean then press the Create button.
  4. When finished, press the Close button.
Remove old SRP entries
  1. Go to Start > Run type in: cleanmgr press the OK button.
    The Disk Cleanup begins "calculating" space savings by compressing old files. This could take several minutes.
  2. When available, select the More Options tab.
  3. In the System Restore section Press the Clean up button.
  4. Reply Yes to the prompt. Press the X to close and exit.
    All existing restore points will be deleted, except the new one you just created.


After that, run a new AVG scan and tell me how it went.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: How to deal with malware infected files

Unread postby constantin » February 12th, 2013, 8:26 pm

Hi, Nunpad

Operation on SRP was successfully done.

Ran a new AVG scan which returned no threat.

Does it means that infected files was removed out of system ? Would be any trouble with it for that ?
constantin
Regular Member
 
Posts: 18
Joined: January 22nd, 2013, 4:48 am

Re: How to deal with malware infected files

Unread postby nunped » February 13th, 2013, 11:37 am

Hi constantin,

Yes, our last logs and AVG show no evidence of infection, so you should be clean.

If you want, you can follow the advices I gave you before.

Stay stafe!
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 15 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware