Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Gimmieanswers Google search redirect

Started by Nordenman , Mar 26 2012 08:09 PM

Next

This topic is locked

40 replies to this topic

#1 Nordenman

Member

Members
30 posts

Posted 26 March 2012 - 08:09 PM

Picked up GimmieAnswers google search redirect the other day. I ran Ccleaner, antivirus, SuperAntiSpyware, MalwareBytes. The antispyware found a few things and deleted them then had me reboot. Nothing has been found since but I feel that I may still have something. Please review the attached logs and let me know if I'm safe. I have no confidence on using my computer. I have also tried to do a system restore. It doesn't work. No matter what date I select. Thanks in advance for your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 18:50:05 on 2012-03-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2270 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.drudgereport.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.6.2.10\ips\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [PopUpStopperFreeEdition] "c:\progra~1\panicw~1\pop-up~1\PSFree.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08b2 -f video -m logitech -d 10.5.1.2023
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Trusted Zone: csx.com
Trusted Zone: csx.com\webconnect
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1235939912531
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238118784658
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0FDA7BFB-5343-43E5-B9C4-394714F822C2} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2004-7-29 138780]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1306020.00a\symds.sys [2012-3-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1306020.00a\symefa.sys [2012-3-23 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.5.1.2\definitions\bashdefs\20120317.002\BHDrvx86.sys [2012-3-17 820856]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1306020.00a\ccsetx86.sys [2012-3-23 132744]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2004-7-29 46779]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1306020.00a\ironx86.sys [2012-3-23 149624]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 BCMNTIO;BCMNTIO;c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2009-5-19 3744]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2004-8-27 197992]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2004-8-27 181608]
R2 MAPMEM;MAPMEM;c:\progra~1\checkit\diagno~1\MAPMEM.sys [2009-5-19 3904]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-3-3 652360]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.6.2.10\ccsvchst.exe [2012-3-23 138232]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\norton~1\norton~1\NPROTECT.EXE [2004-8-30 95328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-22 2348352]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2009-5-19 819352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-6 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.5.1.2\definitions\ipsdefs\20120323.002\IDSXpx86.sys [2012-3-23 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-3-3 20464]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.5.1.2\definitions\virusdefs\20120326.002\NAVENG.SYS [2012-3-26 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.5.1.2\definitions\virusdefs\20120326.002\NAVEX15.SYS [2012-3-26 1576312]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2004-8-27 79208]
.
=============== Created Last 30 ================
.
2012-03-24 00:09:57 -------- d-----w- C:\VundoFix Backups
2012-03-23 16:38:01 905336 ----a-w- c:\windows\system32\drivers\nav\1306020.00a\symefa.sys
2012-03-23 16:38:01 574584 ----a-w- c:\windows\system32\drivers\nav\1306020.00a\srtsp.sys
2012-03-23 16:38:01 388216 ----a-w- c:\windows\system32\drivers\nav\1306020.00a\symtdi.sys
2012-03-23 16:38:01 345208 ----a-w- c:\windows\system32\drivers\nav\1306020.00a\symtdiv.sys
2012-03-23 16:38:01 340088 ----a-r- c:\windows\system32\drivers\nav\1306020.00a\symds.sys
2012-03-23 16:38:01 32888 ----a-w- c:\windows\system32\drivers\nav\1306020.00a\srtspx.sys
2012-03-23 16:38:01 318584 ----a-w- c:\windows\system32\drivers\nav\1306020.00a\symnets.sys
2012-03-23 16:38:01 149624 ----a-w- c:\windows\system32\drivers\nav\1306020.00a\ironx86.sys
2012-03-23 16:38:00 132744 ----a-w- c:\windows\system32\drivers\nav\1306020.00a\ccsetx86.sys
2012-03-23 16:37:52 -------- d-----w- c:\windows\system32\drivers\nav\1306020.00A
2012-03-23 13:34:15 326488 ----a-w- c:\documents and settings\owner\application data\microsoft\microsoft\vubjh.dll
2012-03-23 13:34:15 326488 ----a-w- c:\documents and settings\owner\application data\microsoft\microsoft\oexuquj.dll
.
==================== Find3M ====================
.
2012-03-23 16:29:07 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-23 16:29:07 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-23 00:38:30 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-02-23 00:38:30 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-02-23 00:38:27 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-02-17 16:15:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:10:00 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10:00 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10:00 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10:00 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10:00 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10:00 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10:00 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 04:10:00 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10:00 13415040 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-10 04:10:00 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 03:04:29 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04:21 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04:21 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04:20 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04:19 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.0.1. -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Application Accelerator driver
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk1\DR1[0x8AD50AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IAAStorageDevice-0[0x8A81C030]
kernel: MBR read successfully
_asm { NOP ; JMP 0x181; }
user != kernel MBR !!!
copy of MBR has been found in sector 8 !
sectors 312601855 (+0): user != kernel
.
============= FINISH: 18:50:59.09 ===============

Attached Files

attach.zip 4.62K 1 downloads
ark.txt 15.18K 0 downloads

Back to top

BC Ads
BleepingComputer.com

#2 gringo_pr

Bleepin Gringo

Malware Response Team
120,798 posts

Gender:Male
Location:Puerto rico

Posted 26 March 2012 - 11:22 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#3 Nordenman

Member

Members
30 posts

Posted 27 March 2012 - 06:00 PM

Thanks!! Ok I disabled AV and Spyware programs. Ran Combofix. Only thing odd was "Iexplorer.exe closed unexpectedly...." Other than that nothing odd.

Here is the combofix log

ComboFix 12-03-27.02 - Owner 03/27/2012 17:49:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2554 [GMT -5:00]
Running from: e:\computer programs\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Rift
c:\documents and settings\Administrator\Application Data\Rift\rift.cfg
c:\documents and settings\Administrator\Application Data\Rift\riftpatch.cfg
c:\documents and settings\All Users\Application Data\XMTunerfavorites.txt
c:\documents and settings\Owner\Application Data\Microsoft\Microsoft
c:\documents and settings\Owner\Application Data\Microsoft\Microsoft\oexuquj.dll
c:\documents and settings\Owner\Application Data\Microsoft\Microsoft\vubjh.dll
c:\documents and settings\Owner\Local Settings\Application Data\._Revolution_
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-24 00:09 . 2012-03-24 00:09 -------- d-----w- C:\VundoFix Backups
2012-03-23 16:37 . 2012-03-23 23:30 -------- d-----w- c:\windows\system32\drivers\NAV\1306020.00A
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 16:29 . 2009-05-19 23:06 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-23 16:29 . 2009-05-19 23:06 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-17 16:15 . 2011-05-27 13:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-10 04:10 . 2012-02-23 00:37 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-10 04:10 . 2012-02-23 00:37 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-10 04:10 . 2010-07-10 10:38 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-10 04:10 . 2010-07-10 10:38 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-10 04:10 . 2010-07-10 10:38 17534976 ----a-w- c:\windows\system32\nvcompiler.dll
2012-02-10 04:10 . 2009-03-01 20:33 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-10 04:10 . 2009-03-01 20:33 13415040 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-10 04:10 . 2009-02-09 19:18 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-10 04:10 . 2008-12-26 05:08 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-10 04:10 . 2008-12-26 05:08 2292224 ----a-w- c:\windows\system32\nvapi.dll
2012-02-10 04:10 . 2008-12-26 05:08 18620416 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-10 03:04 . 2011-01-08 01:56 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-10 03:04 . 2011-01-08 01:56 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-10 03:04 . 2011-01-08 01:56 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-10 03:04 . 2011-01-08 01:56 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-10 03:04 . 2011-01-08 01:56 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-03 09:22 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-17 14:30 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2009-03-01 20:23 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="c:\progra~1\PANICW~1\POP-UP~1\PSFree.exe" [2003-04-29 524288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 58728]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"NvMediaCenter"="NvMCTray.dll" [2012-02-10 108352]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-02-03 430080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccipStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 16:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 04:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 05:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 11:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 23:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]
2004-07-29 09:41 1122304 ----a-w- c:\program files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 20:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-03-06 21:19 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 16:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-03-23 21:45 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Widgets\\YahooWidgets.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\World of Warcraft\\Launcher.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\5AKXG99R.23W\\MZ106ALO.PWX\\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\\curseclient.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3443:TCP"= 3443:TCP:csx
.
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [7/29/2004 3:33 AM 138780]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1306020.00A\symds.sys [3/23/2012 11:38 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1306020.00A\symefa.sys [3/23/2012 11:38 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys [3/17/2012 2:15 AM 820856]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1306020.00A\ccsetx86.sys [3/23/2012 11:38 AM 132744]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [7/29/2004 4:13 AM 46779]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1306020.00A\ironx86.sys [3/23/2012 11:38 AM 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [5/19/2009 6:22 PM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [5/19/2009 6:22 PM 3904]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3/3/2009 7:42 PM 652360]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.6.2.10\ccsvchst.exe [3/23/2012 11:37 AM 138232]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [8/30/2004 11:52 PM 95328]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/22/2012 7:38 PM 2348352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/6/2012 7:02 PM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\IPSDefs\20120323.002\IDSXpx86.sys [3/23/2012 8:24 PM 356280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/3/2009 7:42 PM 20464]
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-12-26 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2004-11-04 05:19]
.
2012-02-01 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-10-27 18:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.drudgereport.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: csx.com
Trusted Zone: csx.com\webconnect
TCP: DhcpNameServer = 192.168.1.254
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-HijackThis - e:\computer programs\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-27 17:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Intel___ rev.0.1. -> Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
copy of MBR has been found in sector 8 !
sectors 312601855 (+0): user != kernel
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-03-27 17:58:36
ComboFix-quarantined-files.txt 2012-03-27 22:58
.
Pre-Run: 94,099,566,592 bytes free
Post-Run: 94,199,570,432 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8C9179556DB1C6CFB431CFA11B417C40

Back to top

#4 gringo_pr

Bleepin Gringo

Malware Response Team
120,798 posts

Gender:Male
Location:Puerto rico

Posted 27 March 2012 - 06:27 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

Double click the aswMBR.exe icon to run it
it will ask to download extra definitions - ALLOW IT
Click the Scan button to start the scan
On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#5 Nordenman

Member

Members
30 posts

Posted 27 March 2012 - 06:33 PM

I disabled my av again for these scans. I started it back up inbetween scans just in case.

Here is the TDSSKiller log. Running aswMBR now. Will post as soon as it's completed

18:30:18.0765 2920 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
18:30:19.0187 2920 ============================================================
18:30:19.0187 2920 Current date / time: 2012/03/27 18:30:19.0187
18:30:19.0187 2920 SystemInfo:
18:30:19.0187 2920
18:30:19.0187 2920 OS Version: 5.1.2600 ServicePack: 3.0
18:30:19.0187 2920 Product type: Workstation
18:30:19.0187 2920 ComputerName: STATION_2
18:30:19.0187 2920 UserName: Owner
18:30:19.0187 2920 Windows directory: C:\WINDOWS
18:30:19.0187 2920 System windows directory: C:\WINDOWS
18:30:19.0187 2920 Processor architecture: Intel x86
18:30:19.0187 2920 Number of processors: 2
18:30:19.0187 2920 Page size: 0x1000
18:30:19.0187 2920 Boot type: Normal boot
18:30:19.0187 2920 ============================================================
18:30:19.0921 2920 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:30:19.0937 2920 Drive \Device\Harddisk1\DR1 - Size: 0x2543DC0000 (149.06 Gb), SectorSize: 0x200, Cylinders: 0x4C02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:30:19.0937 2920 \Device\Harddisk0\DR0:
18:30:19.0937 2920 MBR used
18:30:19.0937 2920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E937C82
18:30:19.0937 2920 \Device\Harddisk1\DR1:
18:30:19.0953 2920 MBR used
18:30:19.0953 2920 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A18A82
18:30:20.0031 2920 Initialize success
18:30:20.0031 2920 ============================================================
18:30:30.0750 3924 ============================================================
18:30:30.0750 3924 Scan started
18:30:30.0750 3924 Mode: Manual;
18:30:30.0750 3924 ============================================================
18:30:30.0984 3924 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
18:30:30.0984 3924 !SASCORE - ok
18:30:31.0078 3924 Abiosdsk - ok
18:30:31.0078 3924 abp480n5 - ok
18:30:31.0140 3924 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:30:31.0140 3924 ACPI - ok
18:30:31.0187 3924 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:30:31.0187 3924 ACPIEC - ok
18:30:31.0187 3924 adpu160m - ok
18:30:31.0218 3924 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:30:31.0218 3924 aec - ok
18:30:31.0250 3924 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:30:31.0250 3924 AFD - ok
18:30:31.0265 3924 Aha154x - ok
18:30:31.0281 3924 aic78u2 - ok
18:30:31.0281 3924 aic78xx - ok
18:30:31.0328 3924 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
18:30:31.0328 3924 Alerter - ok
18:30:31.0359 3924 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
18:30:31.0359 3924 ALG - ok
18:30:31.0375 3924 AliIde - ok
18:30:31.0390 3924 amsint - ok
18:30:31.0484 3924 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:30:31.0484 3924 Apple Mobile Device - ok
18:30:31.0515 3924 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
18:30:31.0531 3924 AppMgmt - ok
18:30:31.0546 3924 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:30:31.0546 3924 Arp1394 - ok
18:30:31.0562 3924 asc - ok
18:30:31.0578 3924 asc3350p - ok
18:30:31.0593 3924 asc3550 - ok
18:30:31.0734 3924 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:30:31.0750 3924 aspnet_state - ok
18:30:31.0765 3924 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:30:31.0781 3924 AsyncMac - ok
18:30:31.0812 3924 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:30:31.0812 3924 atapi - ok
18:30:31.0812 3924 Atdisk - ok
18:30:31.0859 3924 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:30:31.0859 3924 Atmarpc - ok
18:30:31.0890 3924 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
18:30:31.0906 3924 AudioSrv - ok
18:30:31.0937 3924 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:30:31.0937 3924 audstub - ok
18:30:32.0046 3924 Automatic LiveUpdate Scheduler (7768ce75c5cbf0d8f441ce2bbd806b7f) C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
18:30:32.0046 3924 Automatic LiveUpdate Scheduler - ok
18:30:32.0062 3924 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
18:30:32.0078 3924 BANTExt - ok
18:30:32.0109 3924 BCMNTIO (90a87d49205b3893281203a477f66fe5) C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys
18:30:32.0109 3924 BCMNTIO - ok
18:30:32.0140 3924 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:30:32.0140 3924 Beep - ok
18:30:32.0421 3924 BHDrvx86 (eb7f1f1dfa95c25d762c22d3cf13d4e0) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
18:30:32.0437 3924 BHDrvx86 - ok
18:30:32.0546 3924 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
18:30:32.0562 3924 BITS - ok
18:30:32.0671 3924 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:30:32.0671 3924 Bonjour Service - ok
18:30:32.0750 3924 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
18:30:32.0750 3924 Browser - ok
18:30:32.0812 3924 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
18:30:32.0828 3924 CamDrL - ok
18:30:32.0937 3924 catchme - ok
18:30:32.0968 3924 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:30:32.0968 3924 cbidf2k - ok
18:30:32.0984 3924 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:30:32.0984 3924 CCDECODE - ok
18:30:33.0093 3924 ccEvtMgr (cf1a0433bb97c839484dd359691dd521) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
18:30:33.0093 3924 ccEvtMgr - ok
18:30:33.0125 3924 ccPwdSvc (f6394a17866c8e553874de5eff3f3679) C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
18:30:33.0125 3924 ccPwdSvc - ok
18:30:33.0156 3924 ccSetMgr (76c495a19f694e18bce9713b3587948e) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
18:30:33.0156 3924 ccSetMgr - ok
18:30:33.0296 3924 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1306020.00A\ccSetx86.sys
18:30:33.0296 3924 ccSet_NAV - ok
18:30:33.0312 3924 cd20xrnt - ok
18:30:33.0328 3924 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:30:33.0328 3924 Cdaudio - ok
18:30:33.0375 3924 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:30:33.0375 3924 Cdfs - ok
18:30:33.0421 3924 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
18:30:33.0421 3924 Cdr4_xp - ok
18:30:33.0437 3924 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
18:30:33.0437 3924 Cdralw2k - ok
18:30:33.0468 3924 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:30:33.0468 3924 Cdrom - ok
18:30:33.0468 3924 Changer - ok
18:30:33.0531 3924 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
18:30:33.0531 3924 CiSvc - ok
18:30:33.0546 3924 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
18:30:33.0546 3924 ClipSrv - ok
18:30:33.0687 3924 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:33.0734 3924 clr_optimization_v2.0.50727_32 - ok
18:30:33.0765 3924 CmdIde - ok
18:30:33.0796 3924 COMMONFX.DLL (1ef05b641e9a67ded74ac8ad40055dbf) C:\WINDOWS\system32\COMMONFX.DLL
18:30:33.0812 3924 COMMONFX.DLL - ok
18:30:33.0812 3924 COMSysApp - ok
18:30:33.0828 3924 Cpqarray - ok
18:30:33.0859 3924 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
18:30:33.0859 3924 CryptSvc - ok
18:30:33.0890 3924 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL
18:30:33.0890 3924 CT20XUT.DLL - ok
18:30:33.0921 3924 ctac32k (8ac5f77e30e37d2d11bd99eff0c53d8c) C:\WINDOWS\system32\drivers\ctac32k.sys
18:30:33.0937 3924 ctac32k - ok
18:30:33.0968 3924 ctaud2k (673241d314e932f4890509ae8ebf26db) C:\WINDOWS\system32\drivers\ctaud2k.sys
18:30:33.0968 3924 ctaud2k - ok
18:30:34.0000 3924 CTAUDFX.DLL (472b82d7e549e7fab428852e4d16f21d) C:\WINDOWS\system32\CTAUDFX.DLL
18:30:34.0015 3924 CTAUDFX.DLL - ok
18:30:34.0046 3924 ctdvda2k (ed316d4c3d39c5b6c23de067e275c183) C:\WINDOWS\system32\drivers\ctdvda2k.sys
18:30:34.0046 3924 ctdvda2k - ok
18:30:34.0062 3924 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL
18:30:34.0062 3924 CTEAPSFX.DLL - ok
18:30:34.0093 3924 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL
18:30:34.0093 3924 CTEDSPFX.DLL - ok
18:30:34.0125 3924 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL
18:30:34.0125 3924 CTEDSPIO.DLL - ok
18:30:34.0140 3924 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL
18:30:34.0156 3924 CTEDSPSY.DLL - ok
18:30:34.0171 3924 CTERFXFX.DLL (d3fbd9983325435b06795f29cb57ed3d) C:\WINDOWS\system32\CTERFXFX.DLL
18:30:34.0171 3924 CTERFXFX.DLL - ok
18:30:34.0203 3924 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL
18:30:34.0234 3924 CTEXFIFX.DLL - ok
18:30:34.0250 3924 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL
18:30:34.0250 3924 CTHWIUT.DLL - ok
18:30:34.0312 3924 ctprxy2k (34e7f8a499fd8361df14fedb724c0ad3) C:\WINDOWS\system32\drivers\ctprxy2k.sys
18:30:34.0312 3924 ctprxy2k - ok
18:30:34.0359 3924 CTSBLFX.DLL (679ae21eb7f48a08184813aebabdec7c) C:\WINDOWS\system32\CTSBLFX.DLL
18:30:34.0375 3924 CTSBLFX.DLL - ok
18:30:34.0390 3924 ctsfm2k (32098497cb4dfe9ea7660fa62dd91060) C:\WINDOWS\system32\drivers\ctsfm2k.sys
18:30:34.0406 3924 ctsfm2k - ok
18:30:34.0406 3924 dac2w2k - ok
18:30:34.0421 3924 dac960nt - ok
18:30:34.0468 3924 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
18:30:34.0484 3924 DcomLaunch - ok
18:30:34.0531 3924 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
18:30:34.0531 3924 Dhcp - ok
18:30:34.0578 3924 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:30:34.0578 3924 Disk - ok
18:30:34.0593 3924 dmadmin - ok
18:30:34.0625 3924 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:30:34.0640 3924 dmboot - ok
18:30:34.0671 3924 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:30:34.0671 3924 dmio - ok
18:30:34.0703 3924 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:30:34.0718 3924 dmload - ok
18:30:34.0750 3924 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
18:30:34.0750 3924 dmserver - ok
18:30:34.0765 3924 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:30:34.0765 3924 DMusic - ok
18:30:34.0812 3924 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
18:30:34.0812 3924 Dnscache - ok
18:30:34.0828 3924 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
18:30:34.0843 3924 Dot3svc - ok
18:30:34.0843 3924 dpti2o - ok
18:30:34.0875 3924 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:30:34.0875 3924 drmkaud - ok
18:30:34.0921 3924 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
18:30:34.0921 3924 EapHost - ok
18:30:35.0078 3924 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:30:35.0078 3924 eeCtrl - ok
18:30:35.0109 3924 emupia (2885f72d2daffd0329272f12e16d6579) C:\WINDOWS\system32\drivers\emupia2k.sys
18:30:35.0109 3924 emupia - ok
18:30:35.0140 3924 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:30:35.0140 3924 EraserUtilRebootDrv - ok
18:30:35.0203 3924 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
18:30:35.0203 3924 ERSvc - ok
18:30:35.0234 3924 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:30:35.0234 3924 Eventlog - ok
18:30:35.0265 3924 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
18:30:35.0281 3924 EventSystem - ok
18:30:35.0343 3924 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:30:35.0343 3924 Fastfat - ok
18:30:35.0390 3924 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:30:35.0390 3924 FastUserSwitchingCompatibility - ok
18:30:35.0406 3924 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
18:30:35.0406 3924 Fdc - ok
18:30:35.0421 3924 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:30:35.0437 3924 Fips - ok
18:30:35.0453 3924 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
18:30:35.0453 3924 Flpydisk - ok
18:30:35.0500 3924 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:30:35.0500 3924 FltMgr - ok
18:30:35.0593 3924 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:30:35.0593 3924 FontCache3.0.0.0 - ok
18:30:35.0656 3924 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:30:35.0656 3924 Fs_Rec - ok
18:30:35.0671 3924 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:30:35.0671 3924 Ftdisk - ok
18:30:35.0718 3924 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
18:30:35.0718 3924 gameenum - ok
18:30:35.0765 3924 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
18:30:35.0765 3924 GearAspiWDM - ok
18:30:35.0828 3924 GEARSecurity (b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\System32\GEARSec.exe
18:30:35.0828 3924 GEARSecurity - ok
18:30:35.0859 3924 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:30:35.0859 3924 Gpc - ok
18:30:35.0906 3924 ha10kx2k (da2c735b66d2e7b739f9a46146581a9d) C:\WINDOWS\system32\drivers\ha10kx2k.sys
18:30:35.0921 3924 ha10kx2k - ok
18:30:35.0953 3924 hap16v2k (5c7d6d68796e4621b4168c879908dae0) C:\WINDOWS\system32\drivers\hap16v2k.sys
18:30:35.0953 3924 hap16v2k - ok
18:30:35.0968 3924 hap17v2k (a595b88ad16d8b5693ddf08113caf30e) C:\WINDOWS\system32\drivers\hap17v2k.sys
18:30:35.0984 3924 hap17v2k - ok
18:30:36.0031 3924 HDAudBus (4f11912e3b579013be7b1628791ebbcd) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:30:36.0031 3924 HDAudBus - ok
18:30:36.0109 3924 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:30:36.0109 3924 helpsvc - ok
18:30:36.0156 3924 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
18:30:36.0156 3924 HidServ - ok
18:30:36.0187 3924 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:30:36.0203 3924 HidUsb - ok
18:30:36.0234 3924 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
18:30:36.0234 3924 hkmsvc - ok
18:30:36.0250 3924 hpn - ok
18:30:36.0296 3924 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:30:36.0296 3924 HTTP - ok
18:30:36.0328 3924 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
18:30:36.0343 3924 HTTPFilter - ok
18:30:36.0343 3924 i2omgmt - ok
18:30:36.0359 3924 i2omp - ok
18:30:36.0406 3924 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:30:36.0406 3924 i8042prt - ok
18:30:36.0453 3924 iaStor (c9f030a5e43aedfabe0a39df0a0dcbeb) C:\WINDOWS\system32\drivers\iaStor.sys
18:30:36.0453 3924 iaStor - ok
18:30:36.0593 3924 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:30:36.0593 3924 IDriverT - ok
18:30:36.0671 3924 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:30:36.0687 3924 idsvc - ok
18:30:36.0937 3924 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\IPSDefs\20120327.002\IDSxpx86.sys
18:30:36.0937 3924 IDSxpx86 - ok
18:30:37.0046 3924 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:30:37.0046 3924 Imapi - ok
18:30:37.0093 3924 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
18:30:37.0109 3924 ImapiService - ok
18:30:37.0109 3924 ini910u - ok
18:30:37.0265 3924 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:30:37.0359 3924 IntcAzAudAddService - ok
18:30:37.0390 3924 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
18:30:37.0390 3924 IntelIde - ok
18:30:37.0421 3924 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:30:37.0421 3924 intelppm - ok
18:30:37.0453 3924 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:30:37.0453 3924 Ip6Fw - ok
18:30:37.0484 3924 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:30:37.0484 3924 IpFilterDriver - ok
18:30:37.0500 3924 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:30:37.0500 3924 IpInIp - ok
18:30:37.0515 3924 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:30:37.0515 3924 IpNat - ok
18:30:37.0640 3924 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
18:30:37.0656 3924 iPod Service - ok
18:30:37.0703 3924 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:30:37.0703 3924 IPSec - ok
18:30:37.0718 3924 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:30:37.0718 3924 IRENUM - ok
18:30:37.0750 3924 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:30:37.0750 3924 isapnp - ok
18:30:37.0812 3924 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
18:30:37.0812 3924 JavaQuickStarterService - ok
18:30:37.0843 3924 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:30:37.0843 3924 Kbdclass - ok
18:30:37.0875 3924 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:30:37.0875 3924 kbdhid - ok
18:30:37.0906 3924 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:30:37.0906 3924 kmixer - ok
18:30:37.0937 3924 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:30:37.0953 3924 KSecDD - ok
18:30:37.0984 3924 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
18:30:38.0000 3924 lanmanserver - ok
18:30:38.0031 3924 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
18:30:38.0046 3924 lanmanworkstation - ok
18:30:38.0062 3924 lbrtfdc - ok
18:30:38.0234 3924 LiveUpdate (fb466faa799eace5075fc1de269f0066) C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
18:30:38.0281 3924 LiveUpdate - ok
18:30:38.0328 3924 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
18:30:38.0328 3924 LmHosts - ok
18:30:38.0406 3924 LVUSBSta (64bc29c3a0388bfc580bb8b1346f7659) C:\WINDOWS\system32\drivers\LVUSBSta.sys
18:30:38.0406 3924 LVUSBSta - ok
18:30:38.0484 3924 MAPMEM (61330a29bd4230505a7618bc41693cbb) C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys
18:30:38.0484 3924 MAPMEM - ok
18:30:38.0515 3924 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
18:30:38.0515 3924 MBAMProtector - ok
18:30:38.0593 3924 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:30:38.0593 3924 MBAMService - ok
18:30:38.0671 3924 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
18:30:38.0687 3924 McciCMService - ok
18:30:38.0734 3924 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
18:30:38.0734 3924 Messenger - ok
18:30:38.0796 3924 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:30:38.0796 3924 mnmdd - ok
18:30:38.0828 3924 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
18:30:38.0843 3924 mnmsrvc - ok
18:30:38.0859 3924 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:30:38.0859 3924 Modem - ok
18:30:38.0875 3924 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:30:38.0875 3924 Mouclass - ok
18:30:38.0890 3924 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:30:38.0890 3924 mouhid - ok
18:30:38.0921 3924 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:30:38.0921 3924 MountMgr - ok
18:30:38.0937 3924 mraid35x - ok
18:30:39.0031 3924 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
18:30:39.0031 3924 MREMP50 - ok
18:30:39.0046 3924 MREMPR5 - ok
18:30:39.0046 3924 MRENDIS5 - ok
18:30:39.0078 3924 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18:30:39.0078 3924 MRESP50 - ok
18:30:39.0109 3924 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:30:39.0125 3924 MRxDAV - ok
18:30:39.0140 3924 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:30:39.0156 3924 MRxSmb - ok
18:30:39.0187 3924 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
18:30:39.0187 3924 MSDTC - ok
18:30:39.0203 3924 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:30:39.0203 3924 Msfs - ok
18:30:39.0218 3924 MSIServer - ok
18:30:39.0234 3924 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:30:39.0234 3924 MSKSSRV - ok
18:30:39.0250 3924 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:30:39.0250 3924 MSPCLOCK - ok
18:30:39.0281 3924 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:30:39.0281 3924 MSPQM - ok
18:30:39.0312 3924 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:30:39.0312 3924 mssmbios - ok
18:30:39.0343 3924 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:30:39.0343 3924 MSTEE - ok
18:30:39.0375 3924 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:30:39.0375 3924 Mup - ok
18:30:39.0406 3924 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:30:39.0406 3924 NABTSFEC - ok
18:30:39.0453 3924 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
18:30:39.0453 3924 napagent - ok
18:30:39.0531 3924 NAV (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files\Norton AntiVirus\Engine\19.6.2.10\ccSvcHst.exe
18:30:39.0531 3924 NAV - ok
18:30:39.0640 3924 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\VirusDefs\20120327.008\NAVENG.SYS
18:30:39.0640 3924 NAVENG - ok
18:30:39.0687 3924 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\VirusDefs\20120327.008\NAVEX15.SYS
18:30:39.0734 3924 NAVEX15 - ok
18:30:39.0859 3924 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:30:39.0859 3924 NDIS - ok
18:30:39.0906 3924 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:30:39.0906 3924 NdisIP - ok
18:30:39.0937 3924 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:30:39.0937 3924 NdisTapi - ok
18:30:39.0953 3924 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:30:39.0953 3924 Ndisuio - ok
18:30:39.0984 3924 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:30:39.0984 3924 NdisWan - ok
18:30:40.0000 3924 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:30:40.0000 3924 NDProxy - ok
18:30:40.0015 3924 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:30:40.0015 3924 NetBIOS - ok
18:30:40.0046 3924 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:30:40.0046 3924 NetBT - ok
18:30:40.0078 3924 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:30:40.0093 3924 NetDDE - ok
18:30:40.0093 3924 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
18:30:40.0093 3924 NetDDEdsdm - ok
18:30:40.0125 3924 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:30:40.0125 3924 Netlogon - ok
18:30:40.0156 3924 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
18:30:40.0171 3924 Netman - ok
18:30:40.0296 3924 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:30:40.0296 3924 NetTcpPortSharing - ok
18:30:40.0359 3924 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:30:40.0359 3924 NIC1394 - ok
18:30:40.0406 3924 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
18:30:40.0421 3924 Nla - ok
18:30:40.0546 3924 Norton Ghost (854bd283fc520b7b154d1586676057cf) C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
18:30:40.0578 3924 Norton Ghost - ok
18:30:40.0609 3924 NPDriver (0aff8ad6bee50ff4505599aff92c8ad7) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
18:30:40.0609 3924 NPDriver - ok
18:30:40.0625 3924 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:30:40.0640 3924 Npfs - ok
18:30:40.0718 3924 NProtectService (81e45a1e03f1fccbdce761d0d8845b6a) C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
18:30:40.0718 3924 NProtectService - ok
18:30:40.0765 3924 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:30:40.0765 3924 Ntfs - ok
18:30:40.0812 3924 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:30:40.0812 3924 NtLmSsp - ok
18:30:40.0859 3924 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
18:30:40.0859 3924 NtmsSvc - ok
18:30:40.0890 3924 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:30:40.0890 3924 Null - ok
18:30:41.0234 3924 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:30:41.0484 3924 nv - ok
18:30:41.0546 3924 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) C:\WINDOWS\system32\nvsvc32.exe
18:30:41.0546 3924 NVSvc - ok
18:30:41.0703 3924 nvUpdatusService (4cde6d8e0a07dce9e568f58a5dc8086c) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:30:41.0765 3924 nvUpdatusService - ok
18:30:41.0828 3924 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:30:41.0828 3924 NwlnkFlt - ok
18:30:41.0859 3924 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:30:41.0859 3924 NwlnkFwd - ok
18:30:41.0968 3924 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:30:41.0968 3924 odserv - ok
18:30:42.0015 3924 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:30:42.0015 3924 ohci1394 - ok
18:30:42.0062 3924 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:30:42.0062 3924 ose - ok
18:30:42.0125 3924 ossrv (61c85afeaa6ef0c1b32d43f84f7bfbcf) C:\WINDOWS\system32\drivers\ctoss2k.sys
18:30:42.0125 3924 ossrv - ok
18:30:42.0171 3924 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:30:42.0171 3924 Parport - ok
18:30:42.0187 3924 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:30:42.0187 3924 PartMgr - ok
18:30:42.0203 3924 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:30:42.0203 3924 ParVdm - ok
18:30:42.0234 3924 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:30:42.0234 3924 PCI - ok
18:30:42.0265 3924 PCIDump - ok
18:30:42.0312 3924 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:30:42.0312 3924 PCIIde - ok
18:30:42.0359 3924 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:30:42.0359 3924 Pcmcia - ok
18:30:42.0375 3924 PDCOMP - ok
18:30:42.0390 3924 PDFRAME - ok
18:30:42.0390 3924 PDRELI - ok
18:30:42.0406 3924 PDRFRAME - ok
18:30:42.0421 3924 perc2 - ok
18:30:42.0437 3924 perc2hib - ok
18:30:42.0468 3924 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:30:42.0484 3924 PlugPlay - ok
18:30:42.0500 3924 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:30:42.0500 3924 PolicyAgent - ok
18:30:42.0531 3924 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:30:42.0531 3924 PptpMiniport - ok
18:30:42.0562 3924 PQIMount (19b9004d21704dee27d19b03b3ab15c0) C:\WINDOWS\system32\drivers\PQIMount.sys
18:30:42.0562 3924 PQIMount - ok
18:30:42.0593 3924 PQV2i (abf46ec4e7708889ff13cae8c136a1a4) C:\WINDOWS\system32\drivers\PQV2i.sys
18:30:42.0593 3924 PQV2i - ok
18:30:42.0593 3924 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:30:42.0609 3924 ProtectedStorage - ok
18:30:42.0625 3924 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:30:42.0625 3924 PSched - ok
18:30:42.0656 3924 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:30:42.0656 3924 Ptilink - ok
18:30:42.0671 3924 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:30:42.0671 3924 PxHelp20 - ok
18:30:42.0687 3924 ql1080 - ok
18:30:42.0703 3924 Ql10wnt - ok
18:30:42.0718 3924 ql12160 - ok
18:30:42.0718 3924 ql1240 - ok
18:30:42.0734 3924 ql1280 - ok
18:30:42.0750 3924 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:30:42.0750 3924 RasAcd - ok
18:30:42.0781 3924 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
18:30:42.0796 3924 RasAuto - ok
18:30:42.0828 3924 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:30:42.0828 3924 Rasl2tp - ok
18:30:42.0859 3924 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
18:30:42.0859 3924 RasMan - ok
18:30:42.0875 3924 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:30:42.0875 3924 RasPppoe - ok
18:30:42.0906 3924 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:30:42.0906 3924 Raspti - ok
18:30:42.0937 3924 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:30:42.0937 3924 Rdbss - ok
18:30:42.0984 3924 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:30:42.0984 3924 RDPCDD - ok
18:30:43.0031 3924 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:30:43.0031 3924 rdpdr - ok
18:30:43.0078 3924 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
18:30:43.0078 3924 RDPWD - ok
18:30:43.0093 3924 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
18:30:43.0109 3924 RDSessMgr - ok
18:30:43.0125 3924 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:30:43.0125 3924 redbook - ok
18:30:43.0156 3924 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
18:30:43.0156 3924 RemoteAccess - ok
18:30:43.0203 3924 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
18:30:43.0203 3924 RemoteRegistry - ok
18:30:43.0250 3924 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
18:30:43.0250 3924 RimUsb - ok
18:30:43.0265 3924 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
18:30:43.0281 3924 RimVSerPort - ok
18:30:43.0296 3924 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
18:30:43.0296 3924 ROOTMODEM - ok
18:30:43.0406 3924 Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
18:30:43.0406 3924 Roxio UPnP Renderer 9 - ok
18:30:43.0437 3924 Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
18:30:43.0437 3924 Roxio Upnp Server 9 - ok
18:30:43.0531 3924 RoxLiveShare9 (272572b93ede9d44e8330a03d1b83092) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
18:30:43.0546 3924 RoxLiveShare9 - ok
18:30:43.0609 3924 RoxMediaDB9 (6ba45db2953d0fc7c8107b2e3024cb89) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:30:43.0625 3924 RoxMediaDB9 - ok
18:30:43.0656 3924 RoxWatch9 (c48eabb051422eb38adc9eabd47640b9) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:30:43.0671 3924 RoxWatch9 - ok
18:30:43.0765 3924 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
18:30:43.0765 3924 RpcLocator - ok
18:30:43.0828 3924 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
18:30:43.0828 3924 RpcSs - ok
18:30:43.0875 3924 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
18:30:43.0875 3924 RSVP - ok
18:30:43.0937 3924 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
18:30:43.0953 3924 RTL8023xp - ok
18:30:43.0968 3924 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
18:30:43.0968 3924 SamSs - ok
18:30:44.0015 3924 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:30:44.0015 3924 SASDIFSV - ok
18:30:44.0046 3924 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:30:44.0046 3924 SASKUTIL - ok
18:30:44.0093 3924 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
18:30:44.0093 3924 SCardSvr - ok
18:30:44.0125 3924 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
18:30:44.0140 3924 Schedule - ok
18:30:44.0203 3924 SDdriver (074da08e844ded21731c38e8395ebd3b) C:\WINDOWS\system32\Drivers\sddriver.sys
18:30:44.0203 3924 SDdriver - ok
18:30:44.0234 3924 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:30:44.0234 3924 Secdrv - ok
18:30:44.0265 3924 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
18:30:44.0265 3924 seclogon - ok
18:30:44.0296 3924 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
18:30:44.0296 3924 SENS - ok
18:30:44.0328 3924 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:30:44.0328 3924 serenum - ok
18:30:44.0359 3924 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:30:44.0359 3924 Serial - ok
18:30:44.0375 3924 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:30:44.0390 3924 Sfloppy - ok
18:30:44.0421 3924 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
18:30:44.0421 3924 SharedAccess - ok
18:30:44.0468 3924 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:30:44.0468 3924 ShellHWDetection - ok
18:30:44.0484 3924 Simbad - ok
18:30:44.0515 3924 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:30:44.0515 3924 SLIP - ok
18:30:44.0546 3924 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
18:30:44.0546 3924 SONYPVU1 - ok
18:30:44.0562 3924 Sparrow - ok
18:30:44.0718 3924 Speed Disk service (f15d5050c234d07e85d224c346476b89) C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
18:30:44.0734 3924 Speed Disk service - ok
18:30:44.0765 3924 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:30:44.0765 3924 splitter - ok
18:30:44.0796 3924 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
18:30:44.0812 3924 Spooler - ok
18:30:44.0843 3924 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:30:44.0843 3924 sr - ok
18:30:44.0859 3924 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
18:30:44.0859 3924 srservice - ok
18:30:44.0968 3924 SRTSP (c16d048faf2978d2121f9f40594a6bdc) C:\WINDOWS\System32\Drivers\NAV\1306020.00A\SRTSP.SYS
18:30:44.0984 3924 SRTSP - ok
18:30:45.0015 3924 SRTSPX (f0d02c2e25970c9c72a5cd278c17cdb6) C:\WINDOWS\system32\drivers\NAV\1306020.00A\SRTSPX.SYS
18:30:45.0015 3924 SRTSPX - ok
18:30:45.0046 3924 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:30:45.0062 3924 Srv - ok
18:30:45.0093 3924 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
18:30:45.0109 3924 SSDPSRV - ok
18:30:45.0140 3924 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
18:30:45.0156 3924 stisvc - ok
18:30:45.0203 3924 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:30:45.0203 3924 streamip - ok
18:30:45.0234 3924 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:30:45.0234 3924 swenum - ok
18:30:45.0265 3924 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:30:45.0265 3924 swmidi - ok
18:30:45.0265 3924 SwPrv - ok
18:30:45.0421 3924 Symantec Core LC (f11341cd0d1dc5eff5feffcc7424984e) C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
18:30:45.0437 3924 Symantec Core LC - ok
18:30:45.0453 3924 symc810 - ok
18:30:45.0468 3924 symc8xx - ok
18:30:45.0531 3924 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1306020.00A\SYMDS.SYS
18:30:45.0531 3924 SymDS - ok
18:30:45.0578 3924 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1306020.00A\SYMEFA.SYS
18:30:45.0593 3924 SymEFA - ok
18:30:45.0625 3924 SymEvent (74e2521e96176a4449570e50be91954d) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
18:30:45.0625 3924 SymEvent - ok
18:30:45.0640 3924 SYMFW - ok
18:30:45.0656 3924 SYMIDS - ok
18:30:45.0671 3924 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1306020.00A\Ironx86.SYS
18:30:45.0687 3924 SymIRON - ok
18:30:45.0718 3924 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\system32\drivers\symlcbrd.sys
18:30:45.0718 3924 symlcbrd - ok
18:30:45.0718 3924 SYMNDIS - ok
18:30:45.0796 3924 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1306020.00A\SYMTDI.SYS
18:30:45.0796 3924 SYMTDI - ok
18:30:45.0812 3924 sym_hi - ok
18:30:45.0812 3924 sym_u3 - ok
18:30:45.0843 3924 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:30:45.0859 3924 sysaudio - ok
18:30:45.0890 3924 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
18:30:45.0890 3924 SysmonLog - ok
18:30:45.0921 3924 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
18:30:45.0921 3924 TapiSrv - ok
18:30:45.0968 3924 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:30:45.0968 3924 Tcpip - ok
18:30:46.0000 3924 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:30:46.0000 3924 TDPIPE - ok
18:30:46.0015 3924 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:30:46.0015 3924 TDTCP - ok
18:30:46.0046 3924 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:30:46.0046 3924 TermDD - ok
18:30:46.0078 3924 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
18:30:46.0078 3924 TermService - ok
18:30:46.0125 3924 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
18:30:46.0125 3924 Themes - ok
18:30:46.0171 3924 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
18:30:46.0171 3924 TlntSvr - ok
18:30:46.0203 3924 TosIde - ok
18:30:46.0218 3924 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
18:30:46.0218 3924 TrkWks - ok
18:30:46.0234 3924 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:30:46.0234 3924 Udfs - ok
18:30:46.0250 3924 ultra - ok
18:30:46.0296 3924 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:30:46.0296 3924 Update - ok
18:30:46.0343 3924 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
18:30:46.0343 3924 upnphost - ok
18:30:46.0375 3924 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
18:30:46.0375 3924 UPS - ok
18:30:46.0406 3924 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
18:30:46.0421 3924 USBAAPL - ok
18:30:46.0453 3924 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
18:30:46.0453 3924 usbaudio - ok
18:30:46.0500 3924 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:30:46.0500 3924 usbccgp - ok
18:30:46.0515 3924 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:30:46.0515 3924 usbehci - ok
18:30:46.0531 3924 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:30:46.0546 3924 usbhub - ok
18:30:46.0562 3924 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:30:46.0562 3924 USBSTOR - ok
18:30:46.0578 3924 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:30:46.0578 3924 usbuhci - ok
18:30:46.0609 3924 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:30:46.0609 3924 VgaSave - ok
18:30:46.0609 3924 ViaIde - ok
18:30:46.0625 3924 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:30:46.0625 3924 VolSnap - ok
18:30:46.0671 3924 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
18:30:46.0671 3924 VSS - ok
18:30:46.0703 3924 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
18:30:46.0718 3924 W32Time - ok
18:30:46.0734 3924 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:30:46.0750 3924 Wanarp - ok
18:30:46.0750 3924 WDICA - ok
18:30:46.0781 3924 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:30:46.0796 3924 wdmaud - ok
18:30:46.0812 3924 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
18:30:46.0812 3924 WebClient - ok
18:30:46.0875 3924 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
18:30:46.0875 3924 winmgmt - ok
18:30:46.0921 3924 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
18:30:46.0921 3924 WmdmPmSN - ok
18:30:46.0968 3924 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
18:30:46.0984 3924 Wmi - ok
18:30:47.0000 3924 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:30:47.0015 3924 WmiApSrv - ok
18:30:47.0109 3924 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
18:30:47.0125 3924 WMPNetworkSvc - ok
18:30:47.0187 3924 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:30:47.0187 3924 WpdUsb - ok
18:30:47.0218 3924 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
18:30:47.0218 3924 WS2IFSL - ok
18:30:47.0265 3924 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
18:30:47.0281 3924 wscsvc - ok
18:30:47.0281 3924 WSearch - ok
18:30:47.0312 3924 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:30:47.0312 3924 WSTCODEC - ok
18:30:47.0359 3924 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
18:30:47.0359 3924 wuauserv - ok
18:30:47.0375 3924 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:30:47.0375 3924 WudfPf - ok
18:30:47.0406 3924 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:30:47.0406 3924 WudfRd - ok
18:30:47.0437 3924 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
18:30:47.0437 3924 WudfSvc - ok
18:30:47.0484 3924 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
18:30:47.0500 3924 WZCSVC - ok
18:30:47.0546 3924 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
18:30:47.0546 3924 xmlprov - ok
18:30:47.0578 3924 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0
18:30:50.0140 3924 \Device\Harddisk0\DR0 - ok
18:30:50.0140 3924 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:30:50.0343 3924 \Device\Harddisk1\DR1 - ok
18:30:50.0343 3924 Boot (0x1200) (4bdaf50ab8f4e70eaabbc3d2ba388573) \Device\Harddisk0\DR0\Partition0
18:30:50.0343 3924 \Device\Harddisk0\DR0\Partition0 - ok
18:30:50.0343 3924 Boot (0x1200) (e031272165dfd707525da05752e31d18) \Device\Harddisk1\DR1\Partition0
18:30:50.0343 3924 \Device\Harddisk1\DR1\Partition0 - ok
18:30:50.0343 3924 ============================================================
18:30:50.0343 3924 Scan finished
18:30:50.0343 3924 ============================================================
18:30:50.0359 3756 Detected object count: 0
18:30:50.0359 3756 Actual detected object count: 0

Back to top

#6 gringo_pr

Bleepin Gringo

Malware Response Team
120,798 posts

Gender:Male
Location:Puerto rico

Posted 27 March 2012 - 06:37 PM

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#7 Nordenman

Member

Members
30 posts

Posted 27 March 2012 - 06:41 PM

Ok. Scanned without any problems. Here is teh AswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 18:32:29
-----------------------------
18:32:29.359 OS Version: Windows 5.1.2600 Service Pack 3
18:32:29.359 Number of processors: 2 586 0x304
18:32:29.359 ComputerName: STATION_2 UserName: Owner
18:32:30.234 Initialize success
18:33:53.453 AVAST engine defs: 12032702
18:34:07.250 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
18:34:07.250 Disk 0 Vendor: ST3400620A 3.AAD Size: 381554MB BusType: 3
18:34:07.250 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-0
18:34:07.250 Disk 1 Vendor: Intel___ 0.1. Size: 152637MB BusType: 3
18:34:07.265 Disk 1 MBR read successfully
18:34:07.265 Disk 1 MBR scan
18:34:07.312 Disk 1 Windows XP default MBR code
18:34:07.312 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152625 MB offset 63
18:34:07.312 Disk 1 scanning sectors +312576705
18:34:07.359 Disk 1 scanning C:\WINDOWS\system32\drivers
18:34:18.734 Service scanning
18:34:37.640 Modules scanning
18:34:59.343 Disk 1 trace - called modules:
18:34:59.343
18:34:59.875 AVAST engine scan C:\WINDOWS
18:35:05.562 AVAST engine scan C:\WINDOWS\system32
18:37:34.828 AVAST engine scan C:\WINDOWS\system32\drivers
18:37:51.890 AVAST engine scan C:\Documents and Settings\Owner
18:39:09.234 File: C:\Documents and Settings\Owner\Local Settings\temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
18:39:09.484 File: C:\Documents and Settings\Owner\Local Settings\temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
18:39:24.781 AVAST engine scan C:\Documents and Settings\All Users
18:40:31.468 Scan finished successfully
18:40:57.531 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:40:57.531 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Back to top

#8 gringo_pr

Bleepin Gringo

Malware Response Team
120,798 posts

Gender:Male
Location:Puerto rico

Posted 27 March 2012 - 06:57 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
File::
C:\Documents and Settings\Owner\Local Settings\temp\_av4_\data\aswar0.dll
C:\Documents and Settings\Owner\Local Settings\temp\_av4_\data\updldr0.bin

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following

report from Combofix
let me know of any problems you may have had
How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#9 Nordenman

Member

Members
30 posts

Posted 27 March 2012 - 07:17 PM

Copied script and drag and drop on top of combofix. this time I forgot to disable the AV so it said to disable it and press ok. I did that. It has been running for the last 16 min and it might be frozen. The mouse can move around the screen but I am unable to do anything else. I have NOT clicked on the combofix screen. Please advise.

Only other intersting thing was it did the iexplorer.exe closed unexpectedly again.

Back to top

#10 gringo_pr

Bleepin Gringo

Malware Response Team
120,798 posts

Gender:Male
Location:Puerto rico

Posted 27 March 2012 - 07:19 PM

let it run for 15 more min and then come back and let me know

gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#11 Nordenman

Member

Members
30 posts

Posted 27 March 2012 - 07:21 PM

ok I will give you an update in 15 :thumbup2:

Back to top

#12 gringo_pr

Bleepin Gringo

Malware Response Team
120,798 posts

Gender:Male
Location:Puerto rico

Posted 27 March 2012 - 07:28 PM

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.

Back to top

#13 Nordenman

Member

Members
30 posts

Posted 27 March 2012 - 07:36 PM

ok no change. last time it showed stages and level of completion. this time it didnt get past the "however, scan times for badly infected machines...." it's frozen. My clock in the taskbar is stuck at 6 min past the hour.

Back to top

#14 Nordenman

Member

Members
30 posts

Posted 27 March 2012 - 07:53 PM

Still no change. Ctrl alt delete does nothing. It's locked up. Will have to do a hard boot. I will wait on your instructions before I do anything.

Back to top

#15 gringo_pr

Bleepin Gringo

Malware Response Team
120,798 posts

Gender:Male
Location:Puerto rico

Posted 27 March 2012 - 08:17 PM

Hello

ok do the restart.

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened and the that I need posted back here
- Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
Please post the contents of OTL.txt in your next reply.

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --><-- Don't worry every little bit helps.