Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intrusion and Unauthorized Access


  • This topic is locked This topic is locked
20 replies to this topic

#1 JapanRikster

JapanRikster

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 26 July 2011 - 02:39 AM

Web Attack BlackHole Toolkit Website 5
Attacking computer 91.223.89.64
Attacker URL citipip.osa.pl/index.php?tp=54e473d8225a738f
Attack came from DEVICE\HARDDISKVOLUME2\PROGRAM FILES\GOOGLE\CHROME\APPLICATION\CHROME.EXE

I get notified of this attack when I visit this site http://www.jsonline.com/sports/packers/

How do I remove the above?


Unauthorized Access Actor D:\PROGRAM FILES\SENTRYBAY\UPDATE\SENTRYBAYUPDATE.EXE

How do I remove this as well?

Both of the above were identified by Norton.

Thanks

Ricky

Edited by JapanRikster, 26 July 2011 - 02:46 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 31 July 2011 - 06:29 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JapanRikster

JapanRikster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 01 August 2011 - 01:17 AM

]I ran the programs and here are the attached results:

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 01 August 2011 - 01:23 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JapanRikster

JapanRikster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 01 August 2011 - 01:26 AM

Will do as you ask right now. I haven't really been having problems with the computer, just these 2 annoyances in my initial email that seem to keep popping up. Norton said nothing to worry about but ????

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 01 August 2011 - 01:37 AM

could be so I want to make sure all is clean


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 JapanRikster

JapanRikster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 01 August 2011 - 02:18 AM

Here's the result of comboxfix

I wish there was a way to prevent hackers from trying to hack your computer either via intrusion or unauthorized access. I have their IPS addresses. Forftunately, Norton has blocked all attempts from being successful.

ComboFix 11-07-31.04 - Ricky 08/01/2011 16:03:06.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2030.1266 [GMT 9:00]
Running from: d:\users\Ricky\Desktop\ComboFix.exe
AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
d:\users\Ricky\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-01 to 2011-08-01 )))))))))))))))))))))))))))))))
.
.
2011-08-01 07:09 . 2011-08-01 07:09 -------- d-----w- d:\users\Default\AppData\Local\temp
2011-08-01 06:43 . 2011-08-01 07:09 -------- d-----w- d:\users\Ricky\AppData\Local\temp
2011-07-28 23:07 . 2011-07-28 23:07 -------- d-----r- d:\program files\Skype
2011-07-21 15:14 . 2011-07-21 15:14 -------- d-----w- d:\program files\iTunes
2011-07-21 15:12 . 2011-07-21 15:12 -------- d-----w- d:\program files\Bonjour
2011-07-20 07:17 . 2011-07-20 07:17 -------- d-----w- d:\programdata\Sony Corporation
2011-07-20 07:17 . 2011-07-20 07:17 -------- d-----w- d:\users\Ricky\AppData\Roaming\Sony Corporation
2011-07-20 07:16 . 2011-07-20 07:16 -------- d-----w- d:\program files\Common Files\Sony Shared
2011-07-12 02:20 . 2011-07-12 02:20 83816 ----a-w- d:\windows\system32\dns-sd.exe
2011-07-12 02:20 . 2011-07-12 02:20 73064 ----a-w- d:\windows\system32\dnssd.dll
2011-07-12 02:20 . 2011-07-12 02:20 50536 ----a-w- d:\windows\system32\jdns_sd.dll
2011-07-12 02:20 . 2011-07-12 02:20 178536 ----a-w- d:\windows\system32\dnssdX.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 23:12 . 2011-05-13 23:11 404640 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-21 09:56 . 2011-06-26 02:58 17712 ----a-w- d:\windows\system32\nitrolocalui2.dll
2011-06-21 09:56 . 2011-06-26 02:58 26416 ----a-w- d:\windows\system32\nitrolocalmon2.dll
2011-06-08 22:44 . 2010-09-09 17:04 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-05-24 10:44 . 2011-06-28 23:44 293376 ----a-w- d:\windows\system32\umpnpmgr.dll
2011-05-10 15:49 . 2011-05-10 15:49 0 ---ha-w- d:\users\Ricky\AppData\Local\BIT1B75.tmp
2011-05-09 22:34 . 2010-12-01 00:05 126584 ----a-w- d:\windows\system32\drivers\SYMEVENT.SYS
2011-05-04 04:34 . 2011-06-28 23:44 1549312 ----a-w- d:\windows\system32\tquery.dll
2011-05-04 04:32 . 2011-06-28 23:44 666624 ----a-w- d:\windows\system32\mssvp.dll
2011-05-04 04:32 . 2011-06-28 23:44 1401344 ----a-w- d:\windows\system32\mssrch.dll
2011-05-04 04:32 . 2011-06-28 23:44 337408 ----a-w- d:\windows\system32\mssph.dll
2011-05-04 04:32 . 2011-06-28 23:44 197120 ----a-w- d:\windows\system32\mssphtb.dll
2011-05-04 04:32 . 2011-06-28 23:44 59392 ----a-w- d:\windows\system32\msscntrs.dll
2011-05-04 04:28 . 2011-06-28 23:44 427520 ----a-w- d:\windows\system32\SearchIndexer.exe
2011-05-04 04:28 . 2011-06-28 23:44 164352 ----a-w- d:\windows\system32\SearchProtocolHost.exe
2011-05-04 04:28 . 2011-06-28 23:44 86528 ----a-w- d:\windows\system32\SearchFilterHost.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3955aa73-8c60-4a9b-acdb-0c2edb1b6748}]
2011-04-20 10:25 128896 ----a-w- d:\program files\TrustedID\TrustedID Secure Browse\epbho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="d:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"itype"="d:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1298320]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKLM\~\startupfolder\D:^Users^Ricky^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logicool . Product Registration.lnk]
backup=d:\windows\pss\Logicool . Product Registration.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax_RESTART
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
d:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Data Protection Suite]
2011-04-20 10:24 606080 ----a-w- d:\program files\TrustedID\TrustedID Secure Browse\dps.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 09:29 421736 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logicool Vid]
d:\program files\Logicool\Vid HD\Vid.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogicoolQCamRibbon]
2009-10-14 04:36 2791256 ----a-w- d:\program files\Logicool\Logicool WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 08:38 421888 ----a-w- d:\program files\QuickTime\QTTask.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Logitech Vid"="d:\program files\Logitech\Logitech Vid\vid.exe" -bootmode
"Google Update"="d:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"Skype"="d:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LogitechQuickCamRibbon"="d:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\ipoint.exe"
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime
"itype"="d:\program files\Microsoft IntelliType Pro\itype.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
R0 is3srv;is3srv;d:\windows\system32\drivers\is3srv.sys [x]
R0 mv61xx;mv61xx;d:\windows\system32\DRIVERS\mv61xx.sys [x]
R0 szkg5;szkg5;d:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;d:\windows\system32\drivers\szkgfs.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 cpuz134;cpuz134;d:\windows\system32\drivers\cpuz134_x32.sys [x]
R2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 136176]
R2 sbupdate;TrustedID Update Service;d:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-28 138080]
R3 cpudrv;cpudrv;d:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 EUDSKACS;EUDSKACS;d:\windows\system32\drivers\eudskacs.sys [2009-12-02 15240]
R3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 136176]
R3 skbdrv;Encassa CoDefender;d:\windows\system32\DRIVERS\skbdrv.sys [2009-06-24 52528]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [2010-09-09 1343400]
R4 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [2010-11-29 721904]
S0 EUBAKUP;EUBAKUP;d:\windows\system32\drivers\eubakup.sys [2009-12-02 27016]
S0 EUFS;EUFS;d:\windows\system32\drivers\eufs.sys [2009-12-02 21896]
S0 SmartDefragDriver;SmartDefragDriver;d:\windows\System32\Drivers\SmartDefragDriver.sys [2011-02-23 16184]
S0 SymDS;Symantec Data Store;d:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;d:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [2011-07-23 815736]
S1 IDSVix86;IDSVix86;d:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSvix86.sys [2011-07-08 367736]
S1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SymNetS;Symantec Network Security WFP Driver;d:\windows\System32\Drivers\NAV\1206000.01D\SYMNETS.SYS [2011-03-22 296568]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [2011-04-19 176128]
S2 EntryProtect;EntryProtect;d:\program files\TrustedID\TrustedID Secure Browse\epservice.exe [2011-04-20 172416]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;d:\windows\system32\IProsetMonitor.exe [2010-09-21 110752]
S2 lxbc_device;lxbc_device;d:\windows\system32\lxbccoms.exe [2007-03-15 537520]
S2 NAV;Norton AntiVirus;d:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;d:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-06-21 196912]
S2 TeamViewer6;TeamViewer 6;d:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [2011-04-19 7772160]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [2011-04-19 243712]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 dc3d;MS Hardware Device Detection Driver (USB);d:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 45464]
S3 epfilter;epfilter;d:\windows\system32\drivers\epfilter.sys [2011-04-28 16488]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;d:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 105592]
S3 EuDisk;EASEUS Disk Enumerator;d:\windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
S3 PGR1394b;HS 3d Sensor IEEE 1394 Bus host controllers;d:\windows\system32\DRIVERS\HS3dSensor1394.sys [2008-02-19 72704]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - epinject
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-01 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 10:08]
.
2011-08-01 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-02-06 10:08]
.
2011-08-01 d:\windows\Tasks\SentryBayUpdateTaskMachineCore.job
- d:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-28 00:01]
.
2011-08-01 d:\windows\Tasks\SentryBayUpdateTaskMachineUA.job
- d:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-28 00:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.intel.com/p/en_US/support?iid=hdr+support
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.11.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-TrustedID Secure Browse - d:\program files\TrustedID Secure Browse\sss.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]
"ImagePath"="\"d:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"d:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="REMOVED"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2604)
d:\program files\TrustedID\TrustedID Secure Browse\epclient.dll
.
Completion time: 2011-08-01 16:12:10
ComboFix-quarantined-files.txt 2011-08-01 07:12
.
Pre-Run: 39,319,347,200 bytes free
Post-Run: 39,264,468,992 bytes free
.
- - End Of File - - 74FC5E96D474F7D3CE31EB86736C0137

Attached Files


Edited by gringo_pr, 01 August 2011 - 02:19 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 01 August 2011 - 02:24 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JapanRikster

JapanRikster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 01 August 2011 - 02:28 AM

2011/08/01 16:26:51.0319 3460 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11
2011/08/01 16:26:52.0069 3460 ================================================================================
2011/08/01 16:26:52.0069 3460 SystemInfo:
2011/08/01 16:26:52.0069 3460
2011/08/01 16:26:52.0069 3460 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/01 16:26:52.0069 3460 Product type: Workstation
2011/08/01 16:26:52.0069 3460 ComputerName: RICKY-PC
2011/08/01 16:26:52.0069 3460 UserName: Ricky
2011/08/01 16:26:52.0069 3460 Windows directory: D:\Windows
2011/08/01 16:26:52.0069 3460 System windows directory: D:\Windows
2011/08/01 16:26:52.0069 3460 Processor architecture: Intel x86
2011/08/01 16:26:52.0069 3460 Number of processors: 2
2011/08/01 16:26:52.0069 3460 Page size: 0x1000
2011/08/01 16:26:52.0069 3460 Boot type: Normal boot
2011/08/01 16:26:52.0069 3460 ================================================================================
2011/08/01 16:26:53.0147 3460 Initialize success
2011/08/01 16:26:59.0178 3000 ================================================================================
2011/08/01 16:26:59.0178 3000 Scan started
2011/08/01 16:26:59.0178 3000 Mode: Manual;
2011/08/01 16:26:59.0178 3000 ================================================================================
2011/08/01 16:26:59.0772 3000 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) D:\Windows\system32\drivers\1394ohci.sys
2011/08/01 16:26:59.0819 3000 ACPI (cea80c80bed809aa0da6febc04733349) D:\Windows\system32\drivers\ACPI.sys
2011/08/01 16:26:59.0850 3000 AcpiPmi (1efbc664abff416d1d07db115dcb264f) D:\Windows\system32\drivers\acpipmi.sys
2011/08/01 16:26:59.0944 3000 adp94xx (21e785ebd7dc90a06391141aac7892fb) D:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/01 16:27:00.0006 3000 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) D:\Windows\system32\DRIVERS\adpahci.sys
2011/08/01 16:27:00.0022 3000 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) D:\Windows\system32\DRIVERS\adpu320.sys
2011/08/01 16:27:00.0116 3000 AFD (9ebbba55060f786f0fcaa3893bfa2806) D:\Windows\system32\drivers\afd.sys
2011/08/01 16:27:00.0178 3000 agp440 (507812c3054c21cef746b6ee3d04dd6e) D:\Windows\system32\drivers\agp440.sys
2011/08/01 16:27:00.0209 3000 aic78xx (8b30250d573a8f6b4bd23195160d8707) D:\Windows\system32\DRIVERS\djsvs.sys
2011/08/01 16:27:00.0303 3000 aliide (0d40bcf52ea90fc7df2aeab6503dea44) D:\Windows\system32\drivers\aliide.sys
2011/08/01 16:27:00.0366 3000 amdagp (3c6600a0696e90a463771c7422e23ab5) D:\Windows\system32\drivers\amdagp.sys
2011/08/01 16:27:00.0397 3000 amdide (cd5914170297126b6266860198d1d4f0) D:\Windows\system32\drivers\amdide.sys
2011/08/01 16:27:00.0428 3000 AmdK8 (00dda200d71bac534bf56a9db5dfd666) D:\Windows\system32\DRIVERS\amdk8.sys
2011/08/01 16:27:00.0725 3000 amdkmdag (f89643a2ca001b1162061e306f8bf267) D:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/01 16:27:01.0038 3000 amdkmdap (fb68e1b9cec598f0f69503f3aebb45dd) D:\Windows\system32\DRIVERS\atikmpag.sys
2011/08/01 16:27:01.0069 3000 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) D:\Windows\system32\DRIVERS\amdppm.sys
2011/08/01 16:27:01.0147 3000 amdsata (d320bf87125326f996d4904fe24300fc) D:\Windows\system32\drivers\amdsata.sys
2011/08/01 16:27:01.0194 3000 amdsbs (ea43af0c423ff267355f74e7a53bdaba) D:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/01 16:27:01.0225 3000 amdxata (46387fb17b086d16dea267d5be23a2f2) D:\Windows\system32\drivers\amdxata.sys
2011/08/01 16:27:01.0256 3000 AppID (aea177f783e20150ace5383ee368da19) D:\Windows\system32\drivers\appid.sys
2011/08/01 16:27:01.0381 3000 arc (2932004f49677bd84dbc72edb754ffb3) D:\Windows\system32\DRIVERS\arc.sys
2011/08/01 16:27:01.0413 3000 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) D:\Windows\system32\DRIVERS\arcsas.sys
2011/08/01 16:27:01.0444 3000 AsyncMac (add2ade1c2b285ab8378d2daaf991481) D:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/01 16:27:01.0538 3000 atapi (338c86357871c167a96ab976519bf59e) D:\Windows\system32\drivers\atapi.sys
2011/08/01 16:27:01.0569 3000 AtiHDAudioService (95b1e9804ca10d096c0383f7c6684950) D:\Windows\system32\drivers\AtihdW73.sys
2011/08/01 16:27:01.0803 3000 atikmdag (f89643a2ca001b1162061e306f8bf267) D:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/01 16:27:01.0959 3000 b06bdrv (1a231abec60fd316ec54c66715543cec) D:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/01 16:27:02.0006 3000 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) D:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/01 16:27:02.0038 3000 Beep (505506526a9d467307b3c393dedaf858) D:\Windows\system32\drivers\Beep.sys
2011/08/01 16:27:02.0147 3000 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110723.001\BHDrvx86.sys
2011/08/01 16:27:02.0256 3000 blbdrive (2287078ed48fcfc477b05b20cf38f36f) D:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/01 16:27:02.0303 3000 bowser (8f2da3028d5fcbd1a060a3de64cd6506) D:\Windows\system32\DRIVERS\bowser.sys
2011/08/01 16:27:02.0319 3000 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) D:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/01 16:27:02.0397 3000 BrFiltUp (56801ad62213a41f6497f96dee83755a) D:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/01 16:27:02.0459 3000 Brserid (845b8ce732e67f3b4133164868c666ea) D:\Windows\System32\Drivers\Brserid.sys
2011/08/01 16:27:02.0491 3000 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) D:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/01 16:27:02.0506 3000 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) D:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/01 16:27:02.0538 3000 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) D:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/01 16:27:02.0600 3000 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) D:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/01 16:27:02.0741 3000 cdfs (77ea11b065e0a8ab902d78145ca51e10) D:\Windows\system32\DRIVERS\cdfs.sys
2011/08/01 16:27:02.0819 3000 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) D:\Windows\system32\drivers\cdrom.sys
2011/08/01 16:27:02.0850 3000 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) D:\Windows\system32\DRIVERS\circlass.sys
2011/08/01 16:27:02.0897 3000 CLFS (635181e0e9bbf16871bf5380d71db02d) D:\Windows\system32\CLFS.sys
2011/08/01 16:27:02.0959 3000 CmBatt (dea805815e587dad1dd2c502220b5616) D:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/01 16:27:02.0991 3000 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) D:\Windows\system32\drivers\cmdide.sys
2011/08/01 16:27:03.0069 3000 CNG (1b675691ed940766149c93e8f4488d68) D:\Windows\system32\Drivers\cng.sys
2011/08/01 16:27:03.0100 3000 Compbatt (a6023d3823c37043986713f118a89bee) D:\Windows\system32\DRIVERS\compbatt.sys
2011/08/01 16:27:03.0163 3000 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) D:\Windows\system32\drivers\CompositeBus.sys
2011/08/01 16:27:03.0225 3000 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) D:\Program Files\SystemRequirementsLab\cpudrv.sys
2011/08/01 16:27:03.0319 3000 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) D:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/01 16:27:03.0381 3000 dc3d (734bbe7c66e6fd6047a1bd29b9343b30) D:\Windows\system32\DRIVERS\dc3d.sys
2011/08/01 16:27:03.0444 3000 DefragFS (4bb22f61e7257ed353a39130b3ed2461) D:\Windows\system32\drivers\DefragFS.sys
2011/08/01 16:27:03.0506 3000 DfsC (f024449c97ec1e464aaffda18593db88) D:\Windows\system32\Drivers\dfsc.sys
2011/08/01 16:27:03.0553 3000 discache (1a050b0274bfb3890703d490f330c0da) D:\Windows\system32\drivers\discache.sys
2011/08/01 16:27:03.0584 3000 Disk (565003f326f99802e68ca78f2a68e9ff) D:\Windows\system32\DRIVERS\disk.sys
2011/08/01 16:27:03.0647 3000 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) D:\Windows\system32\drivers\drmkaud.sys
2011/08/01 16:27:03.0694 3000 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) D:\Windows\System32\drivers\dxgkrnl.sys
2011/08/01 16:27:03.0772 3000 e1express (339cbffbbc29580dbc3b235f2fb74f74) D:\Windows\system32\DRIVERS\e1e6232.sys
2011/08/01 16:27:03.0913 3000 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) D:\Windows\system32\DRIVERS\evbdx.sys
2011/08/01 16:27:04.0022 3000 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/08/01 16:27:04.0163 3000 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) D:\Windows\system32\DRIVERS\elxstor.sys
2011/08/01 16:27:04.0209 3000 epfilter (890d652ac3cec96d27672d6bc643cdae) D:\Windows\system32\drivers\epfilter.sys
2011/08/01 16:27:04.0288 3000 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/01 16:27:04.0397 3000 ErrDev (8fc3208352dd3912c94367a206ab3f11) D:\Windows\system32\drivers\errdev.sys
2011/08/01 16:27:04.0459 3000 EUBAKUP (f79bcfe089804b6c2994f80bc343373a) D:\Windows\system32\drivers\eubakup.sys
2011/08/01 16:27:04.0538 3000 EuDisk (c4bc617b3608624cdb7cdd1606691066) D:\Windows\system32\DRIVERS\EuDisk.sys
2011/08/01 16:27:04.0553 3000 EUDSKACS (1436f419be2486cb5f004b2ad3abc6e7) D:\Windows\system32\drivers\eudskacs.sys
2011/08/01 16:27:04.0584 3000 EUFS (fcfe5df3dbd650d6dd0d1e1aa6832e2d) D:\Windows\system32\drivers\eufs.sys
2011/08/01 16:27:04.0647 3000 exfat (2dc9108d74081149cc8b651d3a26207f) D:\Windows\system32\drivers\exfat.sys
2011/08/01 16:27:04.0694 3000 fastfat (7e0ab74553476622fb6ae36f73d97d35) D:\Windows\system32\drivers\fastfat.sys
2011/08/01 16:27:04.0772 3000 fdc (e817a017f82df2a1f8cfdbda29388b29) D:\Windows\system32\DRIVERS\fdc.sys
2011/08/01 16:27:04.0803 3000 FileInfo (6cf00369c97f3cf563be99be983d13d8) D:\Windows\system32\drivers\fileinfo.sys
2011/08/01 16:27:04.0834 3000 Filetrace (42c51dc94c91da21cb9196eb64c45db9) D:\Windows\system32\drivers\filetrace.sys
2011/08/01 16:27:04.0881 3000 flpydisk (87907aa70cb3c56600f1c2fb8841579b) D:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/01 16:27:04.0913 3000 FltMgr (7520ec808e0c35e0ee6f841294316653) D:\Windows\system32\drivers\fltmgr.sys
2011/08/01 16:27:04.0991 3000 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) D:\Windows\system32\drivers\FsDepends.sys
2011/08/01 16:27:05.0022 3000 Fs_Rec (a574b4360e438977038aae4bf60d79a2) D:\Windows\system32\drivers\Fs_Rec.sys
2011/08/01 16:27:05.0053 3000 fvevol (8a73e79089b282100b9393b644cb853b) D:\Windows\system32\DRIVERS\fvevol.sys
2011/08/01 16:27:05.0100 3000 gagp30kx (65ee0c7a58b65e74ae05637418153938) D:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/01 16:27:05.0209 3000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) D:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/01 16:27:05.0272 3000 hcw85cir (c44e3c2bab6837db337ddee7544736db) D:\Windows\system32\drivers\hcw85cir.sys
2011/08/01 16:27:05.0303 3000 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) D:\Windows\system32\drivers\HdAudio.sys
2011/08/01 16:27:05.0381 3000 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) D:\Windows\system32\drivers\HDAudBus.sys
2011/08/01 16:27:05.0413 3000 HECI (9c1a84cb7d209cbecb1909de4875e9d6) D:\Windows\system32\DRIVERS\HECI.sys
2011/08/01 16:27:05.0459 3000 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) D:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/01 16:27:05.0475 3000 HidBth (89448f40e6df260c206a193a4683ba78) D:\Windows\system32\DRIVERS\hidbth.sys
2011/08/01 16:27:05.0506 3000 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) D:\Windows\system32\DRIVERS\hidir.sys
2011/08/01 16:27:05.0756 3000 HidUsb (10c19f8290891af023eaec0832e1eb4d) D:\Windows\system32\DRIVERS\hidusb.sys
2011/08/01 16:27:05.0803 3000 HpSAMD (295fdc419039090eb8b49ffdbb374549) D:\Windows\system32\drivers\HpSAMD.sys
2011/08/01 16:27:05.0850 3000 HTTP (871917b07a141bff43d76d8844d48106) D:\Windows\system32\drivers\HTTP.sys
2011/08/01 16:27:05.0944 3000 hwpolicy (0c4e035c7f105f1299258c90886c64c5) D:\Windows\system32\drivers\hwpolicy.sys
2011/08/01 16:27:05.0975 3000 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) D:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/01 16:27:06.0038 3000 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) D:\Windows\system32\drivers\iaStorV.sys
2011/08/01 16:27:06.0131 3000 IDSVix86 (c15fcea5c150314489698b2571a5190d) D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110729.030\IDSvix86.sys
2011/08/01 16:27:06.0241 3000 iirsp (4173ff5708f3236cf25195fecd742915) D:\Windows\system32\DRIVERS\iirsp.sys
2011/08/01 16:27:06.0288 3000 intelide (a0f12f2c9ba6c72f3987ce780e77c130) D:\Windows\system32\drivers\intelide.sys
2011/08/01 16:27:06.0303 3000 intelppm (3b514d27bfc4accb4037bc6685f766e0) D:\Windows\system32\DRIVERS\intelppm.sys
2011/08/01 16:27:06.0350 3000 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) D:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/01 16:27:06.0381 3000 IPMIDRV (4bd7134618c1d2a27466a099062547bf) D:\Windows\system32\drivers\IPMIDrv.sys
2011/08/01 16:27:06.0475 3000 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) D:\Windows\system32\drivers\ipnat.sys
2011/08/01 16:27:06.0506 3000 IRENUM (42996cff20a3084a56017b7902307e9f) D:\Windows\system32\drivers\irenum.sys
2011/08/01 16:27:06.0553 3000 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) D:\Windows\system32\drivers\isapnp.sys
2011/08/01 16:27:06.0631 3000 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) D:\Windows\system32\drivers\msiscsi.sys
2011/08/01 16:27:06.0663 3000 kbdclass (adef52ca1aeae82b50df86b56413107e) D:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/01 16:27:06.0694 3000 kbdhid (9e3ced91863e6ee98c24794d05e27a71) D:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/01 16:27:06.0741 3000 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) D:\Windows\system32\Drivers\ksecdd.sys
2011/08/01 16:27:06.0772 3000 KSecPkg (26c046977e85b95036453d7b88ba1820) D:\Windows\system32\Drivers\ksecpkg.sys
2011/08/01 16:27:06.0881 3000 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) D:\Windows\system32\DRIVERS\lltdio.sys
2011/08/01 16:27:06.0944 3000 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) D:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/01 16:27:06.0991 3000 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) D:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/01 16:27:07.0053 3000 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) D:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/01 16:27:07.0100 3000 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) D:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/01 16:27:07.0131 3000 luafv (6703e366cc18d3b6e534f5cf7df39cee) D:\Windows\system32\drivers\luafv.sys
2011/08/01 16:27:07.0178 3000 LVRS (b895839b8743e400d7c7dae156f74e7e) D:\Windows\system32\DRIVERS\lvrs.sys
2011/08/01 16:27:07.0256 3000 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) D:\Windows\system32\drivers\LVUSBSta.sys
2011/08/01 16:27:07.0319 3000 megasas (0fff5b045293002ab38eb1fd1fc2fb74) D:\Windows\system32\DRIVERS\megasas.sys
2011/08/01 16:27:07.0350 3000 MegaSR (dcbab2920c75f390caf1d29f675d03d6) D:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/01 16:27:07.0381 3000 Modem (f001861e5700ee84e2d4e52c712f4964) D:\Windows\system32\drivers\modem.sys
2011/08/01 16:27:07.0413 3000 monitor (79d10964de86b292320e9dfe02282a23) D:\Windows\system32\DRIVERS\monitor.sys
2011/08/01 16:27:07.0475 3000 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) D:\Windows\system32\DRIVERS\mouclass.sys
2011/08/01 16:27:07.0538 3000 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) D:\Windows\system32\DRIVERS\mouhid.sys
2011/08/01 16:27:07.0569 3000 mountmgr (fc8771f45ecccfd89684e38842539b9b) D:\Windows\system32\drivers\mountmgr.sys
2011/08/01 16:27:07.0616 3000 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) D:\Windows\system32\drivers\mpio.sys
2011/08/01 16:27:07.0678 3000 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) D:\Windows\system32\drivers\mpsdrv.sys
2011/08/01 16:27:07.0741 3000 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) D:\Windows\system32\drivers\mrxdav.sys
2011/08/01 16:27:07.0772 3000 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) D:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/01 16:27:07.0788 3000 mrxsmb10 (a70c828a93cce4c11617f6249f4d87fc) D:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/01 16:27:07.0881 3000 mrxsmb20 (b81f204d146000be76651a50670a5e9e) D:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/01 16:27:07.0944 3000 msahci (012c5f4e9349e711e11e0f19a8589f0a) D:\Windows\system32\drivers\msahci.sys
2011/08/01 16:27:07.0991 3000 msdsm (55055f8ad8be27a64c831322a780a228) D:\Windows\system32\drivers\msdsm.sys
2011/08/01 16:27:08.0038 3000 Msfs (daefb28e3af5a76abcc2c3078c07327f) D:\Windows\system32\drivers\Msfs.sys
2011/08/01 16:27:08.0100 3000 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) D:\Windows\System32\drivers\mshidkmdf.sys
2011/08/01 16:27:08.0116 3000 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) D:\Windows\system32\drivers\msisadrv.sys
2011/08/01 16:27:08.0163 3000 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) D:\Windows\system32\drivers\MSKSSRV.sys
2011/08/01 16:27:08.0209 3000 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) D:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/01 16:27:08.0225 3000 MSPQM (f456e973590d663b1073e9c463b40932) D:\Windows\system32\drivers\MSPQM.sys
2011/08/01 16:27:08.0288 3000 MsRPC (0e008fc4819d238c51d7c93e7b41e560) D:\Windows\system32\drivers\MsRPC.sys
2011/08/01 16:27:08.0366 3000 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) D:\Windows\system32\drivers\mssmbios.sys
2011/08/01 16:27:08.0428 3000 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) D:\Windows\system32\drivers\MSTEE.sys
2011/08/01 16:27:08.0459 3000 MTConfig (33599130f44e1f34631cea241de8ac84) D:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/01 16:27:08.0475 3000 Mup (159fad02f64e6381758c990f753bcc80) D:\Windows\system32\Drivers\mup.sys
2011/08/01 16:27:08.0569 3000 NativeWifiP (26384429fcd85d83746f63e798ab1480) D:\Windows\system32\DRIVERS\nwifi.sys
2011/08/01 16:27:08.0678 3000 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110731.003\NAVENG.SYS
2011/08/01 16:27:08.0741 3000 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20110731.003\NAVEX15.SYS
2011/08/01 16:27:08.0866 3000 NDIS (e7c54812a2aaf43316eb6930c1ffa108) D:\Windows\system32\drivers\ndis.sys
2011/08/01 16:27:08.0897 3000 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) D:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/01 16:27:08.0928 3000 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) D:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/01 16:27:09.0022 3000 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) D:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/01 16:27:09.0053 3000 NdisWan (38fbe267e7e6983311179230facb1017) D:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/01 16:27:09.0084 3000 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) D:\Windows\system32\drivers\NDProxy.sys
2011/08/01 16:27:09.0116 3000 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) D:\Windows\system32\DRIVERS\netbios.sys
2011/08/01 16:27:09.0209 3000 NetBT (280122ddcf04b378edd1ad54d71c1e54) D:\Windows\system32\DRIVERS\netbt.sys
2011/08/01 16:27:09.0272 3000 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) D:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/01 16:27:09.0334 3000 Npfs (1db262a9f8c087e8153d89bef3d2235f) D:\Windows\system32\drivers\Npfs.sys
2011/08/01 16:27:09.0428 3000 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) D:\Windows\system32\drivers\nsiproxy.sys
2011/08/01 16:27:09.0491 3000 Ntfs (81189c3d7763838e55c397759d49007a) D:\Windows\system32\drivers\Ntfs.sys
2011/08/01 16:27:09.0538 3000 NuidFltr (9620a1d8160a550f064bbaf48d0f97cc) D:\Windows\system32\DRIVERS\NuidFltr.sys
2011/08/01 16:27:09.0631 3000 Null (f9756a98d69098dca8945d62858a812c) D:\Windows\system32\drivers\Null.sys
2011/08/01 16:27:09.0678 3000 nvraid (b3e25ee28883877076e0e1ff877d02e0) D:\Windows\system32\drivers\nvraid.sys
2011/08/01 16:27:09.0694 3000 nvstor (4380e59a170d88c4f1022eff6719a8a4) D:\Windows\system32\drivers\nvstor.sys
2011/08/01 16:27:09.0725 3000 nv_agp (5a0983915f02bae73267cc2a041f717d) D:\Windows\system32\drivers\nv_agp.sys
2011/08/01 16:27:09.0772 3000 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) D:\Windows\system32\drivers\ohci1394.sys
2011/08/01 16:27:09.0866 3000 osaio (d7d120fd31bb8b4ec6a4f628517edc33) D:\Windows\system32\drivers\osaio.sys
2011/08/01 16:27:09.0928 3000 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) D:\Windows\system32\DRIVERS\parport.sys
2011/08/01 16:27:09.0991 3000 partmgr (bf8f6af06da75b336f07e23aef97d93b) D:\Windows\system32\drivers\partmgr.sys
2011/08/01 16:27:10.0022 3000 Parvdm (eb0a59f29c19b86479d36b35983daadc) D:\Windows\system32\DRIVERS\parvdm.sys
2011/08/01 16:27:10.0069 3000 pci (673e55c3498eb970088e812ea820aa8f) D:\Windows\system32\drivers\pci.sys
2011/08/01 16:27:10.0084 3000 pciide (afe86f419014db4e5593f69ffe26ce0a) D:\Windows\system32\drivers\pciide.sys
2011/08/01 16:27:10.0116 3000 pcmcia (f396431b31693e71e8a80687ef523506) D:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/01 16:27:10.0178 3000 pcw (250f6b43d2b613172035c6747aeeb19f) D:\Windows\system32\drivers\pcw.sys
2011/08/01 16:27:10.0241 3000 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) D:\Windows\system32\drivers\peauth.sys
2011/08/01 16:27:10.0288 3000 pepifilter (a05f0d7419cf4680eedd5736e6549e7b) D:\Windows\system32\DRIVERS\lv302af.sys
2011/08/01 16:27:10.0350 3000 PGR1394b (6fc9cda0b608dfda41e42d2e9c7d7874) D:\Windows\system32\DRIVERS\HS3dSensor1394.sys
2011/08/01 16:27:10.0459 3000 PID_PEPI (bd8c6c254835ea14ec0242f76009cbc4) D:\Windows\system32\DRIVERS\LV302V32.SYS
2011/08/01 16:27:10.0584 3000 Point32 (7d7a9c17d5455203dea11e5ef886cc59) D:\Windows\system32\DRIVERS\point32.sys
2011/08/01 16:27:10.0647 3000 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) D:\Windows\system32\DRIVERS\raspptp.sys
2011/08/01 16:27:10.0678 3000 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) D:\Windows\system32\DRIVERS\processr.sys
2011/08/01 16:27:10.0709 3000 Psched (6270ccae2a86de6d146529fe55b3246a) D:\Windows\system32\DRIVERS\pacer.sys
2011/08/01 16:27:10.0803 3000 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) D:\Windows\system32\DRIVERS\ql2300.sys
2011/08/01 16:27:10.0928 3000 ql40xx (b4dd51dd25182244b86737dc51af2270) D:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/01 16:27:10.0959 3000 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) D:\Windows\system32\drivers\qwavedrv.sys
2011/08/01 16:27:10.0991 3000 RasAcd (30a81b53c766d0133bb86d234e5556ab) D:\Windows\system32\DRIVERS\rasacd.sys
2011/08/01 16:27:11.0053 3000 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) D:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/01 16:27:11.0100 3000 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) D:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/01 16:27:11.0131 3000 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) D:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/01 16:27:11.0163 3000 RasSstp (44101f495a83ea6401d886e7fd70096b) D:\Windows\system32\DRIVERS\rassstp.sys
2011/08/01 16:27:11.0209 3000 rdbss (d528bc58a489409ba40334ebf96a311b) D:\Windows\system32\DRIVERS\rdbss.sys
2011/08/01 16:27:11.0241 3000 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) D:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/01 16:27:11.0319 3000 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) D:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/01 16:27:11.0350 3000 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) D:\Windows\system32\drivers\rdpencdd.sys
2011/08/01 16:27:11.0381 3000 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) D:\Windows\system32\drivers\rdprefmp.sys
2011/08/01 16:27:11.0428 3000 RDPWD (288b06960d78428ff89e811632684e20) D:\Windows\system32\drivers\RDPWD.sys
2011/08/01 16:27:11.0459 3000 rdyboost (518395321dc96fe2c9f0e96ac743b656) D:\Windows\system32\drivers\rdyboost.sys
2011/08/01 16:27:11.0600 3000 rspndr (032b0d36ad92b582d869879f5af5b928) D:\Windows\system32\DRIVERS\rspndr.sys
2011/08/01 16:27:11.0647 3000 sbp2port (05d860da1040f111503ac416ccef2bca) D:\Windows\system32\drivers\sbp2port.sys
2011/08/01 16:27:11.0694 3000 scfilter (0693b5ec673e34dc147e195779a4dcf6) D:\Windows\system32\DRIVERS\scfilter.sys
2011/08/01 16:27:11.0788 3000 secdrv (90a3935d05b494a5a39d37e71f09a677) D:\Windows\system32\drivers\secdrv.sys
2011/08/01 16:27:11.0850 3000 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) D:\Windows\system32\DRIVERS\serenum.sys
2011/08/01 16:27:11.0866 3000 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) D:\Windows\system32\DRIVERS\serial.sys
2011/08/01 16:27:11.0913 3000 sermouse (79bffb520327ff916a582dfea17aa813) D:\Windows\system32\DRIVERS\sermouse.sys
2011/08/01 16:27:11.0975 3000 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) D:\Windows\system32\drivers\sffdisk.sys
2011/08/01 16:27:12.0038 3000 sffp_mmc (932a68ee27833cfd57c1639d375f2731) D:\Windows\system32\drivers\sffp_mmc.sys
2011/08/01 16:27:12.0084 3000 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) D:\Windows\system32\drivers\sffp_sd.sys
2011/08/01 16:27:12.0116 3000 sfloppy (db96666cc8312ebc45032f30b007a547) D:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/01 16:27:12.0209 3000 sisagp (2565cac0dc9fe0371bdce60832582b2e) D:\Windows\system32\drivers\sisagp.sys
2011/08/01 16:27:12.0272 3000 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) D:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/01 16:27:12.0319 3000 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) D:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/01 16:27:12.0350 3000 skbdrv (e1e2af1a12bfb0bf4e7f78616ba17560) D:\Windows\system32\DRIVERS\skbdrv.sys
2011/08/01 16:27:12.0475 3000 SmartDefragDriver (4aa2772a355226e9ac96d01ba431d253) D:\Windows\system32\Drivers\SmartDefragDriver.sys
2011/08/01 16:27:12.0506 3000 Smb (3e21c083b8a01cb70ba1f09303010fce) D:\Windows\system32\DRIVERS\smb.sys
2011/08/01 16:27:12.0538 3000 spldr (95cf1ae7527fb70f7816563cbc09d942) D:\Windows\system32\drivers\spldr.sys
2011/08/01 16:27:12.0616 3000 sptd (1a606a8d611816adc47d2b25dbedcb1f) D:\Windows\System32\Drivers\sptd.sys
2011/08/01 16:27:12.0756 3000 SRTSP (83726cf02eced69138948083e06b6eac) D:\Windows\System32\Drivers\NAV\1206000.01D\SRTSP.SYS
2011/08/01 16:27:12.0788 3000 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) D:\Windows\system32\drivers\NAV\1206000.01D\SRTSPX.SYS
2011/08/01 16:27:12.0834 3000 srv (e4c2764065d66ea1d2d3ebc28fe99c46) D:\Windows\system32\DRIVERS\srv.sys
2011/08/01 16:27:12.0928 3000 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) D:\Windows\system32\DRIVERS\srv2.sys
2011/08/01 16:27:12.0959 3000 srvnet (be6bd660caa6f291ae06a718a4fa8abc) D:\Windows\system32\DRIVERS\srvnet.sys
2011/08/01 16:27:13.0006 3000 stexstor (db32d325c192b801df274bfd12a7e72b) D:\Windows\system32\DRIVERS\stexstor.sys
2011/08/01 16:27:13.0053 3000 STHDA (591e0da800f1a5833a0ff6c865c395ea) D:\Windows\system32\DRIVERS\stwrt.sys
2011/08/01 16:27:13.0147 3000 swenum (e58c78a848add9610a4db6d214af5224) D:\Windows\system32\drivers\swenum.sys
2011/08/01 16:27:13.0225 3000 SymDS (9bbeb8c6258e72d62e7560e6667aad39) D:\Windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS
2011/08/01 16:27:13.0272 3000 SymEFA (d5c02629c02a820a7e71bca3d44294a3) D:\Windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS
2011/08/01 16:27:13.0381 3000 SymEvent (ab33c3b196197ca467cbdda717860dba) D:\Windows\system32\Drivers\SYMEVENT.SYS
2011/08/01 16:27:13.0444 3000 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) D:\Windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS
2011/08/01 16:27:13.0459 3000 SymNetS (cc71cf163de8b62ccd077e20e909c960) D:\Windows\System32\Drivers\NAV\1206000.01D\SYMNETS.SYS
2011/08/01 16:27:13.0647 3000 Tcpip (24326784df8f3d5f5bbb9f878ce33c14) D:\Windows\system32\drivers\tcpip.sys
2011/08/01 16:27:13.0694 3000 TCPIP6 (24326784df8f3d5f5bbb9f878ce33c14) D:\Windows\system32\DRIVERS\tcpip.sys
2011/08/01 16:27:13.0756 3000 tcpipreg (cca24162e055c3714ce5a88b100c64ed) D:\Windows\system32\drivers\tcpipreg.sys
2011/08/01 16:27:13.0834 3000 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) D:\Windows\system32\drivers\tdpipe.sys
2011/08/01 16:27:13.0850 3000 TDTCP (2c10395baa4847f83042813c515cc289) D:\Windows\system32\drivers\tdtcp.sys
2011/08/01 16:27:13.0897 3000 tdx (b459575348c20e8121d6039da063c704) D:\Windows\system32\DRIVERS\tdx.sys
2011/08/01 16:27:13.0944 3000 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) D:\Windows\system32\drivers\termdd.sys
2011/08/01 16:27:14.0069 3000 tssecsrv (254bb140eee3c59d6114c1a86b636877) D:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/01 16:27:14.0100 3000 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) D:\Windows\system32\drivers\tsusbflt.sys
2011/08/01 16:27:14.0116 3000 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) D:\Windows\system32\DRIVERS\tunnel.sys
2011/08/01 16:27:14.0163 3000 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) D:\Windows\system32\DRIVERS\uagp35.sys
2011/08/01 16:27:14.0209 3000 udfs (ee43346c7e4b5e63e54f927babbb32ff) D:\Windows\system32\DRIVERS\udfs.sys
2011/08/01 16:27:14.0319 3000 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) D:\Windows\system32\drivers\uliagpkx.sys
2011/08/01 16:27:14.0350 3000 umbus (d295bed4b898f0fd999fcfa9b32b071b) D:\Windows\system32\drivers\umbus.sys
2011/08/01 16:27:14.0381 3000 UmPass (7550ad0c6998ba1cb4843e920ee0feac) D:\Windows\system32\DRIVERS\umpass.sys
2011/08/01 16:27:14.0413 3000 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) D:\Windows\system32\drivers\usbaudio.sys
2011/08/01 16:27:14.0459 3000 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) D:\Windows\system32\drivers\usbccgp.sys
2011/08/01 16:27:14.0553 3000 usbcir (04ec7cec62ec3b6d9354eee93327fc82) D:\Windows\system32\drivers\usbcir.sys
2011/08/01 16:27:14.0584 3000 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) D:\Windows\system32\drivers\usbehci.sys
2011/08/01 16:27:14.0631 3000 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) D:\Windows\system32\DRIVERS\usbhub.sys
2011/08/01 16:27:14.0678 3000 usbohci (e185d44fac515a18d9deddc23c2cdf44) D:\Windows\system32\drivers\usbohci.sys
2011/08/01 16:27:14.0756 3000 usbprint (797d862fe0875e75c7cc4c1ad7b30252) D:\Windows\system32\DRIVERS\usbprint.sys
2011/08/01 16:27:14.0788 3000 USBSTOR (f991ab9cc6b908db552166768176896a) D:\Windows\system32\drivers\USBSTOR.SYS
2011/08/01 16:27:14.0819 3000 usbuhci (68df884cf41cdada664beb01daf67e3d) D:\Windows\system32\drivers\usbuhci.sys
2011/08/01 16:27:14.0866 3000 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) D:\Windows\system32\drivers\vdrvroot.sys
2011/08/01 16:27:14.0944 3000 vga (17c408214ea61696cec9c66e388b14f3) D:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/01 16:27:15.0006 3000 VgaSave (8e38096ad5c8570a6f1570a61e251561) D:\Windows\System32\drivers\vga.sys
2011/08/01 16:27:15.0038 3000 vhdmp (5461686cca2fda57b024547733ab42e3) D:\Windows\system32\drivers\vhdmp.sys
2011/08/01 16:27:15.0069 3000 viaagp (c829317a37b4bea8f39735d4b076e923) D:\Windows\system32\drivers\viaagp.sys
2011/08/01 16:27:15.0131 3000 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) D:\Windows\system32\DRIVERS\viac7.sys
2011/08/01 16:27:15.0163 3000 viaide (e43574f6a56a0ee11809b48c09e4fd3c) D:\Windows\system32\drivers\viaide.sys
2011/08/01 16:27:15.0209 3000 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) D:\Windows\system32\drivers\volmgr.sys
2011/08/01 16:27:15.0256 3000 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) D:\Windows\system32\drivers\volmgrx.sys
2011/08/01 16:27:15.0303 3000 volsnap (f497f67932c6fa693d7de2780631cfe7) D:\Windows\system32\drivers\volsnap.sys
2011/08/01 16:27:15.0366 3000 vsmraid (9dfa0cc2f8855a04816729651175b631) D:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/01 16:27:15.0444 3000 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) D:\Windows\System32\drivers\vwifibus.sys
2011/08/01 16:27:15.0491 3000 WacomPen (de3721e89c653aa281428c8a69745d90) D:\Windows\system32\DRIVERS\wacompen.sys
2011/08/01 16:27:15.0522 3000 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) D:\Windows\system32\DRIVERS\wanarp.sys
2011/08/01 16:27:15.0538 3000 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) D:\Windows\system32\DRIVERS\wanarp.sys
2011/08/01 16:27:15.0631 3000 Wd (1112a9badacb47b7c0bb0392e3158dff) D:\Windows\system32\DRIVERS\wd.sys
2011/08/01 16:27:15.0709 3000 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) D:\Windows\system32\drivers\Wdf01000.sys
2011/08/01 16:27:15.0772 3000 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) D:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/01 16:27:15.0803 3000 WIMMount (5cf95b35e59e2a38023836fff31be64c) D:\Windows\system32\drivers\wimmount.sys
2011/08/01 16:27:15.0913 3000 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) D:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/01 16:27:15.0991 3000 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) D:\Windows\system32\drivers\wmiacpi.sys
2011/08/01 16:27:16.0053 3000 ws2ifsl (6db3276587b853bf886b69528fdb048c) D:\Windows\system32\drivers\ws2ifsl.sys
2011/08/01 16:27:16.0116 3000 WudfPf (e714a1c0354636837e20ccbf00888ee7) D:\Windows\system32\drivers\WudfPf.sys
2011/08/01 16:27:16.0178 3000 WUDFRd (1023ee888c9b47178c5293ed5336ab69) D:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/01 16:27:16.0241 3000 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/01 16:27:16.0319 3000 Boot (0x1200) (938eb44e9231e549068b059c40b23c78) \Device\Harddisk0\DR0\Partition0
2011/08/01 16:27:16.0397 3000 Boot (0x1200) (a0f48c4b1d25f97ce1a7feb4f83ee087) \Device\Harddisk0\DR0\Partition1
2011/08/01 16:27:16.0413 3000 ================================================================================
2011/08/01 16:27:16.0413 3000 Scan finished
2011/08/01 16:27:16.0413 3000 ================================================================================
2011/08/01 16:27:16.0428 0388 Detected object count: 0
2011/08/01 16:27:16.0428 0388 Actual detected object count: 0

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 01 August 2011 - 02:34 AM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JapanRikster

JapanRikster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 01 August 2011 - 02:37 AM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Ricky-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : m-net.ne.jp

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : m-net.ne.jp
Description . . . . . . . . . . . : Intel® 82566DC Gigabit Network Connection
Physical Address. . . . . . . . . : 00-19-D1-09-F8-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2953:1d59:d196:224%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.11.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, August 01, 2011 3:59:14 PM
Lease Expires . . . . . . . . . . : Wednesday, August 03, 2011 4:10:12 PM
Default Gateway . . . . . . . . . : 192.168.11.1
DHCP Server . . . . . . . . . . . : 192.168.11.1
DHCPv6 IAID . . . . . . . . . . . : 234887633
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-1B-8A-2F-00-19-D1-09-F8-F1
DNS Servers . . . . . . . . . . . : 192.168.11.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.m-net.ne.jp:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : m-net.ne.jp
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:20f8:3183:3f57:f4fd(Preferred)
Link-local IPv6 Address . . . . . : fe80::20f8:3183:3f57:f4fd%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: buffalo.setup
Address: 192.168.11.1

Name: google.com
Addresses: 64.233.183.103
64.233.183.104
64.233.183.105
64.233.183.106
64.233.183.147
64.233.183.99

Server: buffalo.setup
Address: 192.168.11.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging google.com [64.233.183.99] with 32 bytes of data:
Reply from 64.233.183.99: bytes=32 time=61ms TTL=53
Reply from 64.233.183.99: bytes=32 time=50ms TTL=53

Ping statistics for 64.233.183.99:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 61ms, Average = 55ms

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=147ms TTL=52
Reply from 72.30.2.43: bytes=32 time=146ms TTL=52

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 146ms, Maximum = 147ms, Average = 146ms
===========================================================================
Interface List
10...00 19 d1 09 f8 f1 ......Intel® 82566DC Gigabit Network Connection
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.11.1 192.168.11.2 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.11.0 255.255.255.0 On-link 192.168.11.2 276
192.168.11.2 255.255.255.255 On-link 192.168.11.2 276
192.168.11.255 255.255.255.255 On-link 192.168.11.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.11.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.11.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 58 ::/0 On-link
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:20f8:3183:3f57:f4fd/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::20f8:3183:3f57:f4fd/128
On-link
10 276 fe80::2953:1d59:d196:224/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 01 August 2011 - 02:38 AM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JapanRikster

JapanRikster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 01 August 2011 - 02:43 AM

I'm going to need to hold off for now because I am retired from the U.S. military and live in Japan. The router, security settings, ISP, DNS servers are all from a Japanese company. IF I do anything to screw up where my wife can't use her laptop, all hell will break loose. I don't understand Japanese.

Thanks for all your help. Since Norton says it's not a problem and we haven't found anything as of yet and my wife isn't having problems with her laptop, perhaps we should now leaves things as they are.

Any comments?

Can I reset my Norton settings now? And how do I enable CD emulation drivers again?

Ricky

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:02 PM

Posted 01 August 2011 - 02:46 AM

Yea if things are quite then we will leave it along and if things do start up again I would start by looking at that first


so go to the next stage


Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JapanRikster

JapanRikster
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 01 August 2011 - 03:02 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:59:58 PM, on 8/1/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Windows\system32\Dwm.exe
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Windows\explorer.exe
D:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Windows\system32\rundll32.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Google\Chrome\Application\chrome.exe
D:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.intel.com/p/en_US/support?iid=hdr+support
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: EntryProtect - {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - D:\Program Files\TrustedID\TrustedID Secure Browse\epbho.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PhishLock - {ff507020-a257-4527-a222-b6f5732e55ee} - D:\Program Files\TrustedID\TrustedID Secure Browse\plbho.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [itype] "d:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "d:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: AMD External Events Utility - AMD - D:\Windows\system32\atiesrxx.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EntryProtect - SentryBay - D:\Program Files\TrustedID\TrustedID Secure Browse\epservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® PROSet Monitoring Service - Intel Corporation - D:\Windows\system32\IProsetMonitor.exe
O23 - Service: lxbc_device - - D:\Windows\system32\lxbccoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - D:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - D:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: TrustedID Update Service (sbupdate) - SentryBay - D:\Program Files\SentryBay\Update\SentryBayUpdate.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - D:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_ef7356bc77a65e9e\STacSV.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

--
End of file - 6212 bytes

no problems so far




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users