Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware, trojan, spyware


  • This topic is locked This topic is locked
35 replies to this topic

#1 barracudacool

barracudacool

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 01 October 2011 - 03:04 PM

I have tried to run several spyware/virus removals on this. AVG, Adaware, and Spyware Doctor. I think the problem came in through a polluted powerpoint. I ran the log (see below), and tried to download and extract the GMER but got a weird message from Norton blocking it as a Trojan.Gen 2

Here is my DDS log. Thanks. I am pulling my hair out

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by melissa at 15:28:01 on 2011-10-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.1985 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [Google Update] "c:\users\melissa\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe" -startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iRiver Updater] \Updater.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzQ3NzMzOTM2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=d7225fe4ddb447d196106d791d360980-fd6ae8ba980542d8bd2c9f0a576038383eae956c
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {77D7D41D-B005-44D9-AF2A-DE1C02DF34D7} - hxxps://prod.isis.jhu.edu/controls/MaskedNumEdit.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9AD00D2D-8430-411A-9151-51B8268CDF48} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\kruz9lww.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8482bf35-5524-4448-bff1-65c4db984905%7D&mid=d7225fe4ddb447d196106d791d360980-fd6ae8ba980542d8bd2c9f0a576038383eae956c&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-09-30%2019%3A27%3A56&sap=ku&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\melissa\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\kruz9lww.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 32464]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-29 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-6-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-6-23 744568]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-9-29 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-9-29 59664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-27 816760]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20110930.030\IDSvix86.sys [2011-9-30 368248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-29 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-6-23 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0501000.01d\symnets.sys [2011-6-23 296568]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-30 176128]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-6-23 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-8-24 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-8-24 126392]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-9-29 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-9-29 1141712]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-6-24 2071064]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-30 6468096]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-30 228352]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-8-29 224424]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-10-1 105592]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-29 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-9-29 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-1 5265248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-8-30 11232]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-25 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-10-01 16:12:49 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-01 02:36:45 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-30 23:48:51 -------- d-----w- c:\users\melissa\appdata\roaming\AVG2012
2011-09-30 23:46:18 -------- d-----w- c:\users\melissa\appdata\roaming\Sammsoft
2011-09-30 23:35:50 -------- d-sh--w- C:\found.000
2011-09-30 22:56:28 -------- d-----w- c:\programdata\AVG2012
2011-09-30 22:27:10 -------- d-----w- c:\program files\ARO 2011
2011-09-30 22:18:25 -------- d-----w- c:\program files\AVG
2011-09-30 21:45:24 -------- d--h--w- c:\programdata\Common Files
2011-09-30 21:42:55 -------- d-----w- c:\programdata\MFAData
2011-09-30 16:07:15 -------- d-----w- c:\users\melissa\appdata\roaming\AVG
2011-09-29 12:54:51 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-09-29 12:54:51 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-09-29 12:54:51 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-09-29 12:50:35 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-29 12:50:35 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-09-29 12:49:48 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-29 12:49:48 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-29 12:49:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-29 12:49:42 -------- d-----w- c:\users\melissa\appdata\roaming\PC Tools
2011-09-29 12:49:42 -------- d-----w- c:\programdata\PC Tools
2011-09-29 12:49:42 -------- d-----w- c:\program files\Spyware Doctor
2011-09-29 12:49:42 -------- d-----w- c:\program files\common files\PC Tools
2011-09-29 12:47:28 -------- d-----w- c:\users\melissa\appdata\roaming\GetRightToGo
2011-09-16 22:04:36 -------- d-----w- c:\programdata\Amazon
2011-09-16 22:04:19 -------- d-----w- c:\program files\Amazon
2011-09-16 22:03:47 -------- d-----w- c:\windows\Downloaded Installations
2011-09-05 17:04:56 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-10-01 19:05:02 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-08-30 00:21:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 05:14:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 05:14:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 05:14:12 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 05:14:12 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-11 05:13:42 32464 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 15:30:11.42 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 06 October 2011 - 03:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421434 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 barracudacool

barracudacool
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 07 October 2011 - 12:30 AM

Updated DDS file

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by melissa at 1:20:30 on 2011-10-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2437 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Program Files\Microsoft Silverlight\4.0.60531.0\agcp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [Google Update] "c:\users\melissa\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe" -startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iRiver Updater] \Updater.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzQ3NzMzOTM2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=d7225fe4ddb447d196106d791d360980-fd6ae8ba980542d8bd2c9f0a576038383eae956c
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {77D7D41D-B005-44D9-AF2A-DE1C02DF34D7} - hxxps://prod.isis.jhu.edu/controls/MaskedNumEdit.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9AD00D2D-8430-411A-9151-51B8268CDF48} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\kruz9lww.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8482bf35-5524-4448-bff1-65c4db984905%7D&mid=d7225fe4ddb447d196106d791d360980-fd6ae8ba980542d8bd2c9f0a576038383eae956c&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-09-30%2019%3A27%3A56&sap=ku&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\users\melissa\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\kruz9lww.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-29 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-6-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-6-23 744568]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-9-29 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-9-29 59664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-27 816760]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111005.031\IDSvix86.sys [2011-10-6 368248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-29 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-6-23 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0501000.01d\symnets.sys [2011-6-23 296568]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-30 176128]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-6-23 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-8-24 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-8-24 126392]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-9-29 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-9-29 1141712]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-6-24 2071064]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-30 6468096]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-30 228352]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-8-29 224424]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-29 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-9-29 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-8-30 11232]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-25 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-10-04 07:01:57 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{401cbb13-2732-416c-8cd0-da7278271d03}\mpengine.dll
2011-10-04 01:18:44 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-10-04 01:18:44 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-10-04 01:18:43 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-02 15:28:02 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-10-02 15:27:57 -------- d-----w- C:\a6f48ff4a78f80715a95bf4bd21661
2011-10-02 15:11:10 -------- d-sh--w- C:\found.001
2011-10-01 16:12:49 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-01 02:36:45 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-30 23:48:51 -------- d-----w- c:\users\melissa\appdata\roaming\AVG2012
2011-09-30 23:46:18 -------- d-----w- c:\users\melissa\appdata\roaming\Sammsoft
2011-09-30 23:35:50 -------- d-sh--w- C:\found.000
2011-09-30 22:56:28 -------- d-----w- c:\programdata\AVG2012
2011-09-30 22:27:10 -------- d-----w- c:\program files\ARO 2011
2011-09-30 22:18:25 -------- d-----w- c:\program files\AVG
2011-09-30 21:45:24 -------- d--h--w- c:\programdata\Common Files
2011-09-30 21:42:55 -------- d-----w- c:\programdata\MFAData
2011-09-30 16:07:15 -------- d-----w- c:\users\melissa\appdata\roaming\AVG
2011-09-29 12:54:51 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-09-29 12:54:51 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-09-29 12:54:51 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-09-29 12:50:35 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-29 12:50:35 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-09-29 12:49:48 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-29 12:49:48 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-29 12:49:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-29 12:49:42 -------- d-----w- c:\users\melissa\appdata\roaming\PC Tools
2011-09-29 12:49:42 -------- d-----w- c:\programdata\PC Tools
2011-09-29 12:49:42 -------- d-----w- c:\program files\Spyware Doctor
2011-09-29 12:49:42 -------- d-----w- c:\program files\common files\PC Tools
2011-09-29 12:47:28 -------- d-----w- c:\users\melissa\appdata\roaming\GetRightToGo
2011-09-16 22:04:36 -------- d-----w- c:\programdata\Amazon
2011-09-16 22:04:19 -------- d-----w- c:\program files\Amazon
2011-09-16 22:03:47 -------- d-----w- c:\windows\Downloaded Installations
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
==================== Find3M ====================
.
2011-10-05 12:00:25 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-08-30 00:21:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 05:14:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 05:14:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 05:14:12 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 05:14:12 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 1:26:13.33 ===============

#4 barracudacool

barracudacool
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 07 October 2011 - 01:04 AM

Updated DDS file

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by melissa at 1:20:30 on 2011-10-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3582.2437 [GMT -4:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SlimDrivers\SlimDrivers.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\Program Files\Microsoft Silverlight\4.0.60531.0\agcp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [Google Update] "c:\users\melissa\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [picon] "c:\program files\common files\intel\privacy icon\PIconStartup.exe" -startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iRiver Updater] \Updater.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk"&"inst=NzctNzQ3NzMzOTM2LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1809"&"mid=d7225fe4ddb447d196106d791d360980-fd6ae8ba980542d8bd2c9f0a576038383eae956c
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {77D7D41D-B005-44D9-AF2A-DE1C02DF34D7} - hxxps://prod.isis.jhu.edu/controls/MaskedNumEdit.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9AD00D2D-8430-411A-9151-51B8268CDF48} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\kruz9lww.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8482bf35-5524-4448-bff1-65c4db984905%7D&mid=d7225fe4ddb447d196106d791d360980-fd6ae8ba980542d8bd2c9f0a576038383eae956c&ds=AVG&v=8.0.0.34.1&lang=en&pr=fr&d=2011-09-30%2019%3A27%3A56&sap=ku&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\users\melissa\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\kruz9lww.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-29 207280]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\SymDS.sys [2011-6-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\SymEFA.sys [2011-6-23 744568]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-9-29 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-9-29 59664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\bashdefs\20110920.001\BHDrvx86.sys [2011-9-27 816760]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\definitions\ipsdefs\20111005.031\IDSvix86.sys [2011-10-6 368248]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-29 233136]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\Ironx86.sys [2011-6-23 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0501000.01d\symnets.sys [2011-6-23 296568]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-8-30 176128]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 382752]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccSvcHst.exe [2011-6-23 130008]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.12.27\SymcPCCULaunchSvc.exe [2011-8-24 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.12.27\ccSvcHst.exe [2011-8-24 126392]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-9-29 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-9-29 1141712]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2011-6-24 2071064]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-8-30 6468096]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-8-30 228352]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2011-8-29 224424]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-29 70408]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-9-29 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2011-8-30 11232]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-6-25 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2011-10-04 07:01:57 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{401cbb13-2732-416c-8cd0-da7278271d03}\mpengine.dll
2011-10-04 01:18:44 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-10-04 01:18:44 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-10-04 01:18:43 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-10-02 15:28:02 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-10-02 15:27:57 -------- d-----w- C:\a6f48ff4a78f80715a95bf4bd21661
2011-10-02 15:11:10 -------- d-sh--w- C:\found.001
2011-10-01 16:12:49 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-01 02:36:45 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-09-30 23:48:51 -------- d-----w- c:\users\melissa\appdata\roaming\AVG2012
2011-09-30 23:46:18 -------- d-----w- c:\users\melissa\appdata\roaming\Sammsoft
2011-09-30 23:35:50 -------- d-sh--w- C:\found.000
2011-09-30 22:56:28 -------- d-----w- c:\programdata\AVG2012
2011-09-30 22:27:10 -------- d-----w- c:\program files\ARO 2011
2011-09-30 22:18:25 -------- d-----w- c:\program files\AVG
2011-09-30 21:45:24 -------- d--h--w- c:\programdata\Common Files
2011-09-30 21:42:55 -------- d-----w- c:\programdata\MFAData
2011-09-30 16:07:15 -------- d-----w- c:\users\melissa\appdata\roaming\AVG
2011-09-29 12:54:51 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2011-09-29 12:54:51 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2011-09-29 12:54:51 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2011-09-29 12:50:35 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-09-29 12:50:35 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-09-29 12:49:48 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-09-29 12:49:48 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-09-29 12:49:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-09-29 12:49:42 -------- d-----w- c:\users\melissa\appdata\roaming\PC Tools
2011-09-29 12:49:42 -------- d-----w- c:\programdata\PC Tools
2011-09-29 12:49:42 -------- d-----w- c:\program files\Spyware Doctor
2011-09-29 12:49:42 -------- d-----w- c:\program files\common files\PC Tools
2011-09-29 12:47:28 -------- d-----w- c:\users\melissa\appdata\roaming\GetRightToGo
2011-09-16 22:04:36 -------- d-----w- c:\programdata\Amazon
2011-09-16 22:04:19 -------- d-----w- c:\program files\Amazon
2011-09-16 22:03:47 -------- d-----w- c:\windows\Downloaded Installations
2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
==================== Find3M ====================
.
2011-10-05 12:00:25 11232 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2011-08-30 00:21:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-11 05:14:38 295248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-11 05:14:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-11 05:14:14 24272 ----a-w- c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-11 05:14:12 23120 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-11 05:14:12 134736 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-11 05:13:46 229840 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 1:26:13.33 ===============

#5 barracudacool

barracudacool
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 07 October 2011 - 01:50 AM

The Gmer run keeps freezing up. It just never finishes.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:14 AM

Posted 07 October 2011 - 01:18 PM

Hello barracudacoo,

Apologies for the delay. I will be assisting you.

Please tell me in detail what is the issue you are facing with.

#7 barracudacool

barracudacool
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 07 October 2011 - 02:06 PM

I was downloading a powerpoint from a colleague. The USB port started making a strange noise. Then the computer just started slowing down and freezing. It seems a bit better now but is still very slow and freezes up. I'm also having trouble with firefox opening pages although not any trouble so far with IE. spyware doctor keeps blocking "adware-huntbar," and other virus and indicates that I am infected with "adware-huntbar," "adware-tubby_toolbar," and Application whitesmoke."

Thank you for your help.

Melissa aka barracudacool

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:14 AM

Posted 07 October 2011 - 02:29 PM

Thanks for the feedback.

Please run DDS and post the Attach.txt without zipping it.

#9 barracudacool

barracudacool
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 07 October 2011 - 06:15 PM

Okay here it is again. attached.

I also tried to rerun GMER. It just keeps freezing up.

Attached Files


Edited by barracudacool, 07 October 2011 - 06:45 PM.


#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:14 AM

Posted 07 October 2011 - 06:26 PM

Okay Ive already done this twice but here it is again. attached.

LOL, it should be invisible to me, in which post you did this?

#11 barracudacool

barracudacool
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 07 October 2011 - 06:55 PM

Actually this one. See first entry above requeseting help. then the help bot sent me a message saying do it again if you still need help. so I did. So this last one was the third one. Did I post the right thing???

thanks so much for your help.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:14 AM

Posted 07 October 2011 - 07:06 PM

The tool creates two logs, DDS.txt and Attach.txt. At the start you posted DDS.txt, then after HelpBot you posted the fresh DDS.txt twice. The third post was the first time you posted Attach.txt

Please read the instructions carefully and do the steps in the order they are written.

  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove AVG 2012 and Spyware Doctor 7.0.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download TDSSKiller.zip and and extract it.
    • Run TDSSKiller.exe.
    • Click Start scan.
    • When it is finished the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
    • Let reboot if needed and tell me if the tool needed a reboot.
    • Click on Report and post the contents of the text file that will open.

      Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#13 barracudacool

barracudacool
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 08 October 2011 - 07:44 AM

oops my bad. I'll be more careful to post the right things. Sorry this took so long. I kept freezing up. Here is the malwarebytes scan.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7538

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

8/22/2011 4:28:49 PM
mbam-log-2011-08-22 (16-28-49).txt

Scan type: Quick scan
Objects scanned: 151320
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:14 AM

Posted 08 October 2011 - 07:47 AM

Database version: 7538

Looks MBAM is not fully updated. Please first update it then run another scan.

#15 barracudacool

barracudacool
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:14 AM

Posted 08 October 2011 - 07:53 AM

And here is the Kapersky TDSSKiller scan. Neither found anything.

08:46:49.0152 4432 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
08:46:50.0206 4432 ============================================================
08:46:50.0206 4432 Current date / time: 2011/10/08 08:46:50.0206
08:46:50.0206 4432 SystemInfo:
08:46:50.0206 4432
08:46:50.0206 4432 OS Version: 6.1.7601 ServicePack: 1.0
08:46:50.0206 4432 Product type: Workstation
08:46:50.0206 4432 ComputerName: MELISSA-PC
08:46:50.0207 4432 UserName: melissa
08:46:50.0207 4432 Windows directory: C:\Windows
08:46:50.0207 4432 System windows directory: C:\Windows
08:46:50.0207 4432 Processor architecture: Intel x86
08:46:50.0207 4432 Number of processors: 2
08:46:50.0207 4432 Page size: 0x1000
08:46:50.0207 4432 Boot type: Normal boot
08:46:50.0207 4432 ============================================================
08:46:51.0404 4432 Initialize success
08:46:57.0112 2856 ============================================================
08:46:57.0112 2856 Scan started
08:46:57.0112 2856 Mode: Manual;
08:46:57.0112 2856 ============================================================
08:46:58.0533 2856 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
08:46:58.0541 2856 1394ohci - ok
08:46:58.0756 2856 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
08:46:58.0757 2856 ACPI - ok
08:46:58.0933 2856 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
08:46:58.0951 2856 AcpiPmi - ok
08:46:59.0391 2856 ADIHdAudAddService (9e5ae3da1956a7825cc5869be3350a96) C:\Windows\system32\drivers\ADIHdAud.sys
08:46:59.0394 2856 ADIHdAudAddService - ok
08:46:59.0953 2856 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
08:46:59.0995 2856 adp94xx - ok
08:47:00.0347 2856 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
08:47:00.0374 2856 adpahci - ok
08:47:00.0579 2856 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
08:47:00.0599 2856 adpu320 - ok
08:47:01.0069 2856 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
08:47:01.0071 2856 AFD - ok
08:47:01.0376 2856 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
08:47:01.0378 2856 agp440 - ok
08:47:01.0556 2856 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
08:47:01.0574 2856 aic78xx - ok
08:47:01.0825 2856 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
08:47:01.0849 2856 aliide - ok
08:47:02.0175 2856 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
08:47:02.0199 2856 amdagp - ok
08:47:02.0413 2856 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
08:47:02.0438 2856 amdide - ok
08:47:02.0603 2856 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
08:47:02.0604 2856 AmdK8 - ok
08:47:04.0630 2856 amdkmdag (82563243a0c2b6864e24846820b57d52) C:\Windows\system32\DRIVERS\atikmdag.sys
08:47:04.0656 2856 amdkmdag - ok
08:47:05.0011 2856 amdkmdap (4a9f47a08d29510afa24638540071a60) C:\Windows\system32\DRIVERS\atikmpag.sys
08:47:05.0013 2856 amdkmdap - ok
08:47:05.0273 2856 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
08:47:05.0296 2856 AmdPPM - ok
08:47:05.0642 2856 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
08:47:05.0664 2856 amdsata - ok
08:47:05.0925 2856 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
08:47:05.0967 2856 amdsbs - ok
08:47:06.0234 2856 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
08:47:06.0258 2856 amdxata - ok
08:47:06.0498 2856 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
08:47:06.0516 2856 AppID - ok
08:47:06.0868 2856 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
08:47:06.0886 2856 arc - ok
08:47:07.0130 2856 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
08:47:07.0149 2856 arcsas - ok
08:47:07.0428 2856 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
08:47:07.0447 2856 AsyncMac - ok
08:47:07.0701 2856 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
08:47:07.0718 2856 atapi - ok
08:47:08.0880 2856 atikmdag (82563243a0c2b6864e24846820b57d52) C:\Windows\system32\DRIVERS\atikmdag.sys
08:47:08.0906 2856 atikmdag - ok
08:47:09.0453 2856 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
08:47:09.0503 2856 b06bdrv - ok
08:47:09.0856 2856 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
08:47:09.0877 2856 b57nd60x - ok
08:47:10.0199 2856 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
08:47:10.0221 2856 Beep - ok
08:47:11.0036 2856 BHDrvx86 (09b8897ac84c49beabea75cf9fe1ab45) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110920.001\BHDrvx86.sys
08:47:11.0039 2856 BHDrvx86 - ok
08:47:11.0474 2856 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
08:47:11.0491 2856 blbdrive - ok
08:47:11.0717 2856 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
08:47:11.0719 2856 bowser - ok
08:47:11.0857 2856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
08:47:11.0874 2856 BrFiltLo - ok
08:47:12.0122 2856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
08:47:12.0147 2856 BrFiltUp - ok
08:47:12.0496 2856 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
08:47:12.0518 2856 Brserid - ok
08:47:12.0885 2856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
08:47:12.0905 2856 BrSerWdm - ok
08:47:13.0156 2856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:47:13.0176 2856 BrUsbMdm - ok
08:47:13.0419 2856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
08:47:13.0440 2856 BrUsbSer - ok
08:47:13.0688 2856 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
08:47:13.0713 2856 BTHMODEM - ok
08:47:13.0966 2856 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
08:47:13.0991 2856 BVRPMPR5 - ok
08:47:14.0164 2856 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
08:47:14.0185 2856 cdfs - ok
08:47:14.0581 2856 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
08:47:14.0582 2856 cdrom - ok
08:47:14.0659 2856 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
08:47:14.0678 2856 circlass - ok
08:47:14.0976 2856 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
08:47:14.0978 2856 CLFS - ok
08:47:15.0176 2856 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
08:47:15.0194 2856 CmBatt - ok
08:47:15.0417 2856 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
08:47:15.0441 2856 cmdide - ok
08:47:15.0767 2856 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
08:47:15.0814 2856 CNG - ok
08:47:16.0057 2856 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
08:47:16.0082 2856 Compbatt - ok
08:47:16.0422 2856 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:47:16.0439 2856 CompositeBus - ok
08:47:16.0613 2856 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
08:47:16.0630 2856 crcdisk - ok
08:47:16.0963 2856 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
08:47:16.0986 2856 DfsC - ok
08:47:17.0242 2856 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
08:47:17.0267 2856 discache - ok
08:47:17.0587 2856 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
08:47:17.0608 2856 Disk - ok
08:47:17.0927 2856 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
08:47:17.0951 2856 drmkaud - ok
08:47:18.0385 2856 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
08:47:18.0388 2856 DXGKrnl - ok
08:47:18.0681 2856 e1kexpress (19e30c3c80d8ce29944b3f30ff9c8b76) C:\Windows\system32\DRIVERS\e1k6232.sys
08:47:18.0704 2856 e1kexpress - ok
08:47:19.0863 2856 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
08:47:19.0942 2856 ebdrv - ok
08:47:20.0318 2856 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:47:20.0357 2856 eeCtrl - ok
08:47:20.0838 2856 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
08:47:20.0870 2856 elxstor - ok
08:47:21.0331 2856 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:47:21.0332 2856 EraserUtilRebootDrv - ok
08:47:21.0750 2856 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
08:47:21.0773 2856 ErrDev - ok
08:47:21.0885 2856 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
08:47:21.0902 2856 exfat - ok
08:47:22.0171 2856 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
08:47:22.0195 2856 fastfat - ok
08:47:22.0508 2856 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
08:47:22.0526 2856 fdc - ok
08:47:22.0617 2856 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
08:47:22.0619 2856 FileInfo - ok
08:47:22.0671 2856 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
08:47:22.0673 2856 Filetrace - ok
08:47:22.0731 2856 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
08:47:22.0754 2856 flpydisk - ok
08:47:22.0869 2856 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
08:47:22.0894 2856 FltMgr - ok
08:47:22.0937 2856 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
08:47:22.0958 2856 FsDepends - ok
08:47:22.0996 2856 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
08:47:23.0021 2856 Fs_Rec - ok
08:47:23.0205 2856 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
08:47:23.0247 2856 fvevol - ok
08:47:23.0351 2856 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
08:47:23.0375 2856 gagp30kx - ok
08:47:23.0477 2856 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:47:23.0501 2856 GEARAspiWDM - ok
08:47:23.0573 2856 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
08:47:23.0629 2856 hcw85cir - ok
08:47:23.0679 2856 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
08:47:23.0680 2856 HdAudAddService - ok
08:47:23.0773 2856 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:47:23.0796 2856 HDAudBus - ok
08:47:23.0914 2856 HECI (88a67c34e37186665e916fd347b50d19) C:\Windows\system32\DRIVERS\HECI.sys
08:47:23.0935 2856 HECI - ok
08:47:23.0977 2856 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
08:47:23.0999 2856 HidBatt - ok
08:47:24.0040 2856 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
08:47:24.0062 2856 HidBth - ok
08:47:24.0122 2856 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
08:47:24.0140 2856 HidIr - ok
08:47:24.0342 2856 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
08:47:24.0343 2856 HidUsb - ok
08:47:24.0466 2856 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
08:47:24.0487 2856 HpSAMD - ok
08:47:24.0694 2856 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
08:47:24.0696 2856 HTTP - ok
08:47:24.0750 2856 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
08:47:24.0769 2856 hwpolicy - ok
08:47:24.0924 2856 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
08:47:24.0948 2856 i8042prt - ok
08:47:25.0146 2856 iaStor (01446278d4563b3013c92830ae6cbb26) C:\Windows\system32\DRIVERS\iaStor.sys
08:47:25.0148 2856 iaStor - ok
08:47:25.0356 2856 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
08:47:25.0358 2856 iaStorV - ok
08:47:25.0989 2856 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111007.030\IDSvix86.sys
08:47:25.0991 2856 IDSVix86 - ok
08:47:26.0499 2856 IFP700 (7d19431e613a70262e5586fa76bb29f0) C:\Windows\system32\drivers\ifp700.sys
08:47:26.0519 2856 IFP700 - ok
08:47:26.0817 2856 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
08:47:26.0842 2856 iirsp - ok
08:47:27.0086 2856 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
08:47:27.0107 2856 intelide - ok
08:47:27.0388 2856 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
08:47:27.0405 2856 intelppm - ok
08:47:27.0618 2856 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:47:27.0620 2856 IpFilterDriver - ok
08:47:27.0732 2856 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
08:47:27.0752 2856 IPMIDRV - ok
08:47:27.0997 2856 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
08:47:28.0016 2856 IPNAT - ok
08:47:28.0296 2856 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
08:47:28.0315 2856 IRENUM - ok
08:47:28.0625 2856 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
08:47:28.0648 2856 isapnp - ok
08:47:28.0902 2856 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
08:47:28.0943 2856 iScsiPrt - ok
08:47:29.0271 2856 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
08:47:29.0295 2856 kbdclass - ok
08:47:29.0639 2856 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
08:47:29.0640 2856 kbdhid - ok
08:47:29.0730 2856 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
08:47:29.0748 2856 KSecDD - ok
08:47:29.0993 2856 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
08:47:29.0996 2856 KSecPkg - ok
08:47:30.0050 2856 Lavasoft Kernexplorer - ok
08:47:30.0159 2856 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
08:47:30.0160 2856 lltdio - ok
08:47:30.0328 2856 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
08:47:30.0353 2856 LSI_FC - ok
08:47:30.0644 2856 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
08:47:30.0646 2856 LSI_SAS - ok
08:47:30.0796 2856 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
08:47:30.0818 2856 LSI_SAS2 - ok
08:47:31.0066 2856 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
08:47:31.0090 2856 LSI_SCSI - ok
08:47:31.0429 2856 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
08:47:31.0448 2856 luafv - ok
08:47:31.0556 2856 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
08:47:31.0579 2856 megasas - ok
08:47:31.0689 2856 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
08:47:31.0730 2856 MegaSR - ok
08:47:31.0831 2856 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
08:47:31.0849 2856 Modem - ok
08:47:31.0927 2856 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
08:47:31.0927 2856 monitor - ok
08:47:32.0061 2856 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
08:47:32.0082 2856 mouclass - ok
08:47:32.0182 2856 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
08:47:32.0212 2856 mouhid - ok
08:47:32.0270 2856 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
08:47:32.0291 2856 mountmgr - ok
08:47:32.0334 2856 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
08:47:32.0355 2856 mpio - ok
08:47:32.0518 2856 MpKsl5af12555 - ok
08:47:32.0640 2856 MpKsl8a534c45 - ok
08:47:32.0718 2856 MpKsla2c03bb3 - ok
08:47:32.0769 2856 MpKslb291d7a4 - ok
08:47:32.0963 2856 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
08:47:32.0988 2856 mpsdrv - ok
08:47:33.0150 2856 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
08:47:33.0247 2856 MRxDAV - ok
08:47:33.0414 2856 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:47:33.0432 2856 mrxsmb - ok
08:47:33.0524 2856 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:47:33.0571 2856 mrxsmb10 - ok
08:47:33.0740 2856 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:47:33.0769 2856 mrxsmb20 - ok
08:47:33.0881 2856 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
08:47:33.0896 2856 msahci - ok
08:47:33.0954 2856 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
08:47:33.0978 2856 msdsm - ok
08:47:34.0235 2856 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
08:47:34.0258 2856 Msfs - ok
08:47:34.0330 2856 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
08:47:34.0331 2856 mshidkmdf - ok
08:47:34.0368 2856 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
08:47:34.0369 2856 msisadrv - ok
08:47:34.0448 2856 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
08:47:34.0465 2856 MSKSSRV - ok
08:47:34.0610 2856 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
08:47:34.0628 2856 MSPCLOCK - ok
08:47:34.0716 2856 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
08:47:34.0717 2856 MSPQM - ok
08:47:34.0767 2856 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
08:47:34.0820 2856 MsRPC - ok
08:47:34.0920 2856 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
08:47:34.0921 2856 mssmbios - ok
08:47:34.0953 2856 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
08:47:34.0958 2856 MSTEE - ok
08:47:35.0017 2856 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
08:47:35.0034 2856 MTConfig - ok
08:47:35.0061 2856 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
08:47:35.0063 2856 Mup - ok
08:47:35.0159 2856 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
08:47:35.0163 2856 NativeWifiP - ok
08:47:35.0508 2856 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111007.019\NAVENG.SYS
08:47:35.0508 2856 NAVENG - ok
08:47:35.0735 2856 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111007.019\NAVEX15.SYS
08:47:35.0741 2856 NAVEX15 - ok
08:47:36.0003 2856 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
08:47:36.0046 2856 NDIS - ok
08:47:36.0210 2856 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
08:47:36.0230 2856 NdisCap - ok
08:47:36.0270 2856 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
08:47:36.0288 2856 NdisTapi - ok
08:47:36.0348 2856 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
08:47:36.0366 2856 Ndisuio - ok
08:47:36.0398 2856 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
08:47:36.0409 2856 NdisWan - ok
08:47:36.0525 2856 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
08:47:36.0532 2856 NDProxy - ok
08:47:36.0780 2856 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
08:47:36.0806 2856 NetBIOS - ok
08:47:37.0097 2856 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
08:47:37.0138 2856 NetBT - ok
08:47:37.0553 2856 netrcacm (b128ccc0e4586628d5d6f6a8f1d0778d) C:\Windows\system32\DRIVERS\netrcacm.sys
08:47:37.0555 2856 netrcacm - ok
08:47:37.0783 2856 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
08:47:37.0806 2856 nfrd960 - ok
08:47:38.0124 2856 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
08:47:38.0143 2856 Npfs - ok
08:47:38.0389 2856 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
08:47:38.0408 2856 nsiproxy - ok
08:47:38.0590 2856 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
08:47:38.0715 2856 Ntfs - ok
08:47:38.0834 2856 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
08:47:38.0854 2856 Null - ok
08:47:39.0159 2856 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
08:47:39.0182 2856 nvraid - ok
08:47:39.0463 2856 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
08:47:39.0513 2856 nvstor - ok
08:47:39.0787 2856 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
08:47:39.0811 2856 nv_agp - ok
08:47:40.0062 2856 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
08:47:40.0083 2856 ohci1394 - ok
08:47:40.0472 2856 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
08:47:40.0492 2856 Parport - ok
08:47:40.0614 2856 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
08:47:40.0615 2856 partmgr - ok
08:47:40.0839 2856 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
08:47:40.0861 2856 Parvdm - ok
08:47:41.0225 2856 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys
08:47:41.0242 2856 PBADRV - ok
08:47:41.0606 2856 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
08:47:41.0608 2856 pci - ok
08:47:41.0714 2856 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
08:47:41.0715 2856 pciide - ok
08:47:41.0945 2856 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
08:47:41.0970 2856 pcmcia - ok
08:47:42.0150 2856 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
08:47:42.0171 2856 pcw - ok
08:47:42.0405 2856 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
08:47:42.0416 2856 PEAUTH - ok
08:47:42.0866 2856 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
08:47:42.0868 2856 PptpMiniport - ok
08:47:43.0152 2856 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
08:47:43.0175 2856 Processor - ok
08:47:43.0663 2856 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
08:47:43.0665 2856 Psched - ok
08:47:43.0858 2856 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
08:47:43.0917 2856 ql2300 - ok
08:47:44.0235 2856 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
08:47:44.0257 2856 ql40xx - ok
08:47:44.0488 2856 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
08:47:44.0505 2856 QWAVEdrv - ok
08:47:44.0636 2856 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
08:47:44.0637 2856 RasAcd - ok
08:47:44.0717 2856 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:47:44.0737 2856 RasAgileVpn - ok
08:47:44.0809 2856 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:47:44.0828 2856 Rasl2tp - ok
08:47:44.0947 2856 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
08:47:44.0970 2856 RasPppoe - ok
08:47:45.0041 2856 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
08:47:45.0063 2856 RasSstp - ok
08:47:45.0146 2856 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
08:47:45.0171 2856 rdbss - ok
08:47:45.0210 2856 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
08:47:45.0228 2856 rdpbus - ok
08:47:45.0268 2856 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:47:45.0291 2856 RDPCDD - ok
08:47:45.0401 2856 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
08:47:45.0425 2856 RDPENCDD - ok
08:47:45.0494 2856 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
08:47:45.0516 2856 RDPREFMP - ok
08:47:45.0659 2856 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
08:47:45.0683 2856 RDPWD - ok
08:47:45.0818 2856 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
08:47:45.0843 2856 rdyboost - ok
08:47:45.0994 2856 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
08:47:46.0009 2856 rspndr - ok
08:47:46.0063 2856 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
08:47:46.0088 2856 sbp2port - ok
08:47:46.0129 2856 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
08:47:46.0152 2856 scfilter - ok
08:47:46.0236 2856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
08:47:46.0259 2856 secdrv - ok
08:47:46.0406 2856 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
08:47:46.0407 2856 Serenum - ok
08:47:46.0492 2856 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
08:47:46.0493 2856 Serial - ok
08:47:46.0591 2856 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
08:47:46.0592 2856 sermouse - ok
08:47:46.0652 2856 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
08:47:46.0676 2856 sffdisk - ok
08:47:46.0711 2856 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
08:47:46.0730 2856 sffp_mmc - ok
08:47:46.0764 2856 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
08:47:46.0785 2856 sffp_sd - ok
08:47:46.0822 2856 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
08:47:46.0843 2856 sfloppy - ok
08:47:46.0926 2856 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
08:47:46.0943 2856 sisagp - ok
08:47:47.0022 2856 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
08:47:47.0042 2856 SiSRaid2 - ok
08:47:47.0078 2856 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
08:47:47.0103 2856 SiSRaid4 - ok
08:47:47.0174 2856 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
08:47:47.0193 2856 Smb - ok
08:47:47.0311 2856 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
08:47:47.0335 2856 spldr - ok
08:47:47.0578 2856 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\N360\0501000.01D\SRTSP.SYS
08:47:47.0581 2856 SRTSP - ok
08:47:47.0719 2856 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
08:47:47.0720 2856 SRTSPX - ok
08:47:47.0885 2856 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
08:47:47.0887 2856 srv - ok
08:47:48.0039 2856 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
08:47:48.0041 2856 srv2 - ok
08:47:48.0129 2856 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
08:47:48.0153 2856 srvnet - ok
08:47:48.0259 2856 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
08:47:48.0276 2856 stexstor - ok
08:47:48.0476 2856 SWDUMon (1fd8760cfcb68178f147ea97f0a8ac45) C:\Windows\system32\DRIVERS\SWDUMon.sys
08:47:48.0495 2856 SWDUMon - ok
08:47:48.0536 2856 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
08:47:48.0591 2856 swenum - ok
08:47:48.0785 2856 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
08:47:48.0787 2856 SymDS - ok
08:47:49.0135 2856 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
08:47:49.0139 2856 SymEFA - ok
08:47:49.0341 2856 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
08:47:49.0355 2856 SymEvent - ok
08:47:49.0664 2856 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
08:47:49.0665 2856 SymIRON - ok
08:47:49.0810 2856 SymNetS (cc71cf163de8b62ccd077e20e909c960) C:\Windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS
08:47:49.0811 2856 SymNetS - ok
08:47:50.0063 2856 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
08:47:50.0068 2856 Tcpip - ok
08:47:50.0161 2856 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
08:47:50.0166 2856 TCPIP6 - ok
08:47:50.0228 2856 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
08:47:50.0247 2856 tcpipreg - ok
08:47:50.0335 2856 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
08:47:50.0336 2856 TDPIPE - ok
08:47:50.0389 2856 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
08:47:50.0390 2856 TDTCP - ok
08:47:50.0439 2856 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
08:47:50.0463 2856 tdx - ok
08:47:50.0535 2856 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
08:47:50.0563 2856 TermDD - ok
08:47:50.0591 2856 TfFsMon - ok
08:47:50.0607 2856 TfNetMon - ok
08:47:50.0615 2856 TfSysMon - ok
08:47:50.0803 2856 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:47:50.0828 2856 tssecsrv - ok
08:47:50.0863 2856 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
08:47:50.0884 2856 TsUsbFlt - ok
08:47:50.0918 2856 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
08:47:50.0939 2856 TsUsbGD - ok
08:47:51.0026 2856 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
08:47:51.0048 2856 tunnel - ok
08:47:51.0084 2856 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
08:47:51.0105 2856 uagp35 - ok
08:47:51.0188 2856 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
08:47:51.0214 2856 udfs - ok
08:47:51.0323 2856 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
08:47:51.0348 2856 uliagpkx - ok
08:47:51.0434 2856 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
08:47:51.0456 2856 umbus - ok
08:47:51.0489 2856 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
08:47:51.0512 2856 UmPass - ok
08:47:51.0622 2856 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
08:47:51.0647 2856 usbccgp - ok
08:47:51.0707 2856 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
08:47:51.0733 2856 usbcir - ok
08:47:51.0808 2856 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
08:47:51.0831 2856 usbehci - ok
08:47:51.0916 2856 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
08:47:51.0917 2856 usbhub - ok
08:47:52.0042 2856 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
08:47:52.0061 2856 usbohci - ok
08:47:52.0126 2856 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
08:47:52.0150 2856 usbprint - ok
08:47:52.0236 2856 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:47:52.0237 2856 USBSTOR - ok
08:47:52.0295 2856 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
08:47:52.0296 2856 usbuhci - ok
08:47:52.0387 2856 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
08:47:52.0409 2856 vdrvroot - ok
08:47:52.0520 2856 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
08:47:52.0540 2856 vga - ok
08:47:52.0602 2856 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
08:47:52.0624 2856 VgaSave - ok
08:47:52.0700 2856 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
08:47:52.0741 2856 vhdmp - ok
08:47:52.0841 2856 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
08:47:52.0862 2856 viaagp - ok
08:47:52.0904 2856 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
08:47:52.0926 2856 ViaC7 - ok
08:47:52.0992 2856 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
08:47:53.0016 2856 viaide - ok
08:47:53.0058 2856 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
08:47:53.0080 2856 volmgr - ok
08:47:53.0194 2856 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
08:47:53.0234 2856 volmgrx - ok
08:47:53.0363 2856 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
08:47:53.0402 2856 volsnap - ok
08:47:53.0521 2856 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
08:47:53.0539 2856 vsmraid - ok
08:47:53.0593 2856 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
08:47:53.0616 2856 vwifibus - ok
08:47:53.0685 2856 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
08:47:53.0707 2856 WacomPen - ok
08:47:53.0775 2856 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:53.0797 2856 WANARP - ok
08:47:53.0800 2856 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
08:47:53.0801 2856 Wanarpv6 - ok
08:47:53.0922 2856 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
08:47:53.0943 2856 Wd - ok
08:47:54.0008 2856 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
08:47:54.0031 2856 WDC_SAM - ok
08:47:54.0198 2856 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
08:47:54.0245 2856 Wdf01000 - ok
08:47:54.0372 2856 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
08:47:54.0390 2856 WfpLwf - ok
08:47:54.0431 2856 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
08:47:54.0454 2856 WIMMount - ok
08:47:54.0594 2856 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
08:47:54.0595 2856 WinUsb - ok
08:47:54.0651 2856 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
08:47:54.0652 2856 WmiAcpi - ok
08:47:54.0778 2856 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
08:47:54.0798 2856 ws2ifsl - ok
08:47:54.0841 2856 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
08:47:54.0865 2856 WudfPf - ok
08:47:55.0002 2856 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:47:55.0005 2856 WUDFRd - ok
08:47:55.0064 2856 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:47:55.0078 2856 \Device\Harddisk0\DR0 - ok
08:47:55.0081 2856 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk1\DR1
08:47:55.0102 2856 \Device\Harddisk1\DR1 - ok
08:47:55.0104 2856 Boot (0x1200) (49071b5cf98aef939c3f402707b1db5c) \Device\Harddisk0\DR0\Partition0
08:47:55.0105 2856 \Device\Harddisk0\DR0\Partition0 - ok
08:47:55.0106 2856 Boot (0x1200) (c4aac8e9d8a6d49c0548164e38a4f90a) \Device\Harddisk1\DR1\Partition0
08:47:55.0107 2856 \Device\Harddisk1\DR1\Partition0 - ok
08:47:55.0107 2856 ============================================================
08:47:55.0107 2856 Scan finished
08:47:55.0107 2856 ============================================================
08:47:55.0112 4444 Detected object count: 0
08:47:55.0112 4444 Actual detected object count: 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users