Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Center won't start


  • This topic is locked This topic is locked
12 replies to this topic

#1 Pieter Pos

Pieter Pos

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 January 2012 - 02:40 PM

Note: OP has made mulitiple posts re same situation in various forums, all merged here, PM sent requesting no new topics be initiated ~ Hamluis.

I am getting a continual start-up problem.

Windows Security Center will not start, regardless of whether I'm in my regular account, or admin. I have tried fixing it based off some info I "researched" on-line, but it claims that my user account isn't the same as others using the same process....

All of the others I have looked at in Services all say "Network Service", just like I tried setting the WSC to.

Please point me in a direction to fix this "BLEEPING POS COMPUTER".



I have the same problem. Moreover, NAV displays an error coded 5013.3, which may be related. On 12/31/2011 one of my children noted the Win 7 2012 Malware. There the Trojan ZewroAccess.B was identified and I have run all the NAV recommended actions but it keeps comping back. At this point I have run the NAV programs again but don't want to restart as the same problems will popup again. Do I restore to a previous restorepoint prior to 12/31?

Thanks

Edited by hamluis, 02 January 2012 - 08:03 PM.
Split from different topic, PM sent new OP.


BC AdBot (Login to Remove)

 


#2 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 January 2012 - 02:55 PM

Windows Security Center won't start. Moreover, NAV displays an error coded 5013.3, which may be related. On 12/31/2011 one of my children noted the Win 7 2012 Malware. There the Trojan ZewroAccess.B was identified and I have run all the NAV recommended actions but it keeps comping back. At this point I have run the NAV programs again but don't want to restart as the same problems will popup again. Do I restore to a previous restorepoint prior to 12/31?

Thanks

Below the results of security check run while in Safe Mode with Networking

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

``````````End of Log````````````

#3 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:44 PM

Posted 02 January 2012 - 04:05 PM

Java™ 6 Update 26
Out of date Java installed!

I can confirm that this is out of date.
Current Java was Version 7 Update 1 last time I checked.

If you are concerned about Win 7 2012 Malware, please post in the Am I Infected area of the forum.
This is the best option to fully have your system checked -

Thank You -
EDIT -
If you do a System Restore you may re-infect the computer -
Please follow the above advice -

Edited by noknojon, 02 January 2012 - 04:08 PM.


#4 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 January 2012 - 04:16 PM

Windows Security Center won't start. Moreover, NAV displays an error coded 5013.3, which may be related. On 12/31/2011 one of my children noted the Win 7 2012 Malware. There the Trojan ZewroAccess.B was identified and I have run all the NAV recommended actions but it keeps comping back. At this point I have run the NAV programs again but don't want to restart as the same problems will popup again. Do I restore to a previous restorepoint prior to 12/31?

Thanks

Below the results of security check run while in Safe Mode with Networking

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

#5 Andrew E

Andrew E

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 January 2012 - 04:43 PM

I joined this site 5 minutes ago. I came across because my Son's laptop became infected with Win 7 2012 Malware. I found the information to remove it on this site.

#6 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 January 2012 - 05:01 PM

Thanks Andrew, I think I am beyond that solution now. Ran MBAM, Rootkit tool, NAV, NAV ZeroAccess.B removal tool and it keeps coming back. Security Center remains disabled, Firefox keeps redirecting, and Norton continues to show an error.

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 AM

Posted 02 January 2012 - 07:11 PM

Hello and welcome. I moved this from WIN7 to the Am I Infected forum.


Please follow our Removal Guide here Remove Win 7 Antispyware .
After reading how the malware is misleading you ...
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Also the other tool log.. A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 02 January 2012 - 08:09 PM

Followed the instructions:

Windows security center still disabled.

Secunia downloaded and installed and failed to run.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 912010102

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

1/2/2012 6:56:42 PM
mbam-log-2012-01-02 (18-56-42).txt

Scan type: Quick scan
Objects scanned: 176555
Time elapsed: 1 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




TDSS Log

19:01:24.0295 2908 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
19:01:24.0659 2908 ============================================================
19:01:24.0659 2908 Current date / time: 2012/01/02 19:01:24.0659
19:01:24.0659 2908 SystemInfo:
19:01:24.0659 2908
19:01:24.0659 2908 OS Version: 6.1.7601 ServicePack: 1.0
19:01:24.0659 2908 Product type: Workstation
19:01:24.0659 2908 ComputerName: DAD-PC
19:01:24.0659 2908 UserName: Dad
19:01:24.0659 2908 Windows directory: C:\Windows
19:01:24.0659 2908 System windows directory: C:\Windows
19:01:24.0659 2908 Running under WOW64
19:01:24.0659 2908 Processor architecture: Intel x64
19:01:24.0659 2908 Number of processors: 4
19:01:24.0659 2908 Page size: 0x1000
19:01:24.0659 2908 Boot type: Safe boot with network
19:01:24.0659 2908 ============================================================
19:01:43.0864 2908 Initialize success
19:01:48.0574 1556 ============================================================
19:01:48.0574 1556 Scan started
19:01:48.0574 1556 Mode: Manual;
19:01:48.0574 1556 ============================================================
19:01:49.0507 1556 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:01:49.0509 1556 1394ohci - ok
19:01:49.0559 1556 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:01:49.0562 1556 ACPI - ok
19:01:49.0596 1556 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:01:49.0596 1556 AcpiPmi - ok
19:01:49.0673 1556 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:01:49.0678 1556 adp94xx - ok
19:01:49.0716 1556 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:01:49.0719 1556 adpahci - ok
19:01:49.0737 1556 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:01:49.0739 1556 adpu320 - ok
19:01:49.0801 1556 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:01:49.0806 1556 AFD - ok
19:01:49.0843 1556 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:01:49.0844 1556 agp440 - ok
19:01:49.0863 1556 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:01:49.0863 1556 aliide - ok
19:01:49.0876 1556 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:01:49.0877 1556 amdide - ok
19:01:49.0900 1556 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:01:49.0901 1556 AmdK8 - ok
19:01:49.0914 1556 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:01:49.0915 1556 AmdPPM - ok
19:01:49.0947 1556 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:01:49.0948 1556 amdsata - ok
19:01:49.0960 1556 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:01:49.0962 1556 amdsbs - ok
19:01:49.0978 1556 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:01:49.0979 1556 amdxata - ok
19:01:50.0012 1556 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:01:50.0013 1556 AppID - ok
19:01:50.0061 1556 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:01:50.0062 1556 arc - ok
19:01:50.0085 1556 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:01:50.0086 1556 arcsas - ok
19:01:50.0100 1556 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:01:50.0100 1556 AsyncMac - ok
19:01:50.0112 1556 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:01:50.0112 1556 atapi - ok
19:01:50.0168 1556 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
19:01:50.0181 1556 athr - ok
19:01:50.0216 1556 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:01:50.0220 1556 b06bdrv - ok
19:01:50.0242 1556 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:01:50.0245 1556 b57nd60a - ok
19:01:50.0293 1556 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:01:50.0294 1556 Beep - ok
19:01:50.0544 1556 BHDrvx64 (82c695630676079f7ad68c85a5e662e5) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx64.sys
19:01:50.0549 1556 BHDrvx64 - ok
19:01:50.0564 1556 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:01:50.0565 1556 blbdrive - ok
19:01:50.0628 1556 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:01:50.0629 1556 bowser - ok
19:01:50.0649 1556 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:01:50.0649 1556 BrFiltLo - ok
19:01:50.0667 1556 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:01:50.0668 1556 BrFiltUp - ok
19:01:50.0688 1556 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:01:50.0691 1556 Brserid - ok
19:01:50.0718 1556 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:01:50.0718 1556 BrSerWdm - ok
19:01:50.0733 1556 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:01:50.0733 1556 BrUsbMdm - ok
19:01:50.0748 1556 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:01:50.0749 1556 BrUsbSer - ok
19:01:50.0765 1556 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:01:50.0766 1556 BTHMODEM - ok
19:01:50.0781 1556 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:01:50.0782 1556 cdfs - ok
19:01:50.0817 1556 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:01:50.0820 1556 cdrom - ok
19:01:50.0840 1556 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:01:50.0841 1556 circlass - ok
19:01:50.0876 1556 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:01:50.0879 1556 CLFS - ok
19:01:50.0931 1556 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:01:50.0932 1556 CmBatt - ok
19:01:50.0963 1556 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:01:50.0964 1556 cmdide - ok
19:01:51.0001 1556 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
19:01:51.0006 1556 CNG - ok
19:01:51.0024 1556 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:01:51.0024 1556 Compbatt - ok
19:01:51.0059 1556 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:01:51.0059 1556 CompositeBus - ok
19:01:51.0080 1556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:01:51.0081 1556 crcdisk - ok
19:01:51.0130 1556 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:01:51.0131 1556 DfsC - ok
19:01:51.0148 1556 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:01:51.0149 1556 discache - ok
19:01:51.0165 1556 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:01:51.0166 1556 Disk - ok
19:01:51.0227 1556 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
19:01:51.0228 1556 Dot4 - ok
19:01:51.0270 1556 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
19:01:51.0271 1556 Dot4Print - ok
19:01:51.0287 1556 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
19:01:51.0288 1556 dot4usb - ok
19:01:51.0317 1556 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:01:51.0318 1556 drmkaud - ok
19:01:51.0369 1556 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:01:51.0378 1556 DXGKrnl - ok
19:01:51.0443 1556 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:01:51.0494 1556 ebdrv - ok
19:01:51.0587 1556 eeCtrl (5ccf1be80930aeb1cdebf561666325e8) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
19:01:51.0589 1556 eeCtrl - ok
19:01:51.0619 1556 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:01:51.0624 1556 elxstor - ok
19:01:51.0660 1556 EraserUtilRebootDrv (7a898e4a744621711be7e7b796c69876) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:01:51.0661 1556 EraserUtilRebootDrv - ok
19:01:51.0692 1556 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:01:51.0692 1556 ErrDev - ok
19:01:51.0736 1556 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:01:51.0738 1556 exfat - ok
19:01:51.0754 1556 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:01:51.0756 1556 fastfat - ok
19:01:51.0802 1556 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:01:51.0803 1556 fdc - ok
19:01:51.0827 1556 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:01:51.0828 1556 FileInfo - ok
19:01:51.0840 1556 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:01:51.0841 1556 Filetrace - ok
19:01:51.0883 1556 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:01:51.0884 1556 flpydisk - ok
19:01:51.0921 1556 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:01:51.0924 1556 FltMgr - ok
19:01:51.0944 1556 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:01:51.0945 1556 FsDepends - ok
19:01:51.0962 1556 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:01:51.0963 1556 Fs_Rec - ok
19:01:51.0993 1556 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:01:51.0995 1556 fvevol - ok
19:01:52.0019 1556 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:01:52.0020 1556 gagp30kx - ok
19:01:52.0068 1556 GEARAspiWDM (af4dee5531395dee72b35b36c9671fd0) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:01:52.0069 1556 GEARAspiWDM - ok
19:01:52.0093 1556 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:01:52.0093 1556 hcw85cir - ok
19:01:52.0157 1556 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:01:52.0158 1556 HDAudBus - ok
19:01:52.0186 1556 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:01:52.0187 1556 HECIx64 - ok
19:01:52.0210 1556 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:01:52.0211 1556 HidBatt - ok
19:01:52.0226 1556 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:01:52.0227 1556 HidBth - ok
19:01:52.0239 1556 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:01:52.0240 1556 HidIr - ok
19:01:52.0277 1556 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:01:52.0278 1556 HidUsb - ok
19:01:52.0302 1556 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:01:52.0303 1556 HpSAMD - ok
19:01:52.0346 1556 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:01:52.0353 1556 HTTP - ok
19:01:52.0388 1556 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:01:52.0389 1556 hwpolicy - ok
19:01:52.0402 1556 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:01:52.0403 1556 i8042prt - ok
19:01:52.0470 1556 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:01:52.0475 1556 iaStorV - ok
19:01:52.0726 1556 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSvia64.sys
19:01:52.0728 1556 IDSVia64 - ok
19:01:52.0892 1556 igfx (404548917acaaa314165c2882b045c94) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:01:53.0003 1556 igfx - ok
19:01:53.0015 1556 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:01:53.0016 1556 iirsp - ok
19:01:53.0078 1556 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\Windows\system32\drivers\RTKVHD64.sys
19:01:53.0110 1556 IntcAzAudAddService - ok
19:01:53.0128 1556 IntcDAud (49072edbc5c2f964917d1b585c90ed0a) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:01:53.0130 1556 IntcDAud - ok
19:01:53.0150 1556 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:01:53.0151 1556 intelide - ok
19:01:53.0167 1556 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:01:53.0168 1556 intelppm - ok
19:01:53.0227 1556 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:01:53.0228 1556 IpFilterDriver - ok
19:01:53.0271 1556 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:01:53.0272 1556 IPMIDRV - ok
19:01:53.0285 1556 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:01:53.0287 1556 IPNAT - ok
19:01:53.0303 1556 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:01:53.0304 1556 IRENUM - ok
19:01:53.0328 1556 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:01:53.0329 1556 isapnp - ok
19:01:53.0370 1556 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:01:53.0373 1556 iScsiPrt - ok
19:01:53.0419 1556 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:01:53.0422 1556 k57nd60a - ok
19:01:53.0436 1556 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:01:53.0436 1556 kbdclass - ok
19:01:53.0473 1556 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
19:01:53.0474 1556 kbdhid - ok
19:01:53.0485 1556 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
19:01:53.0486 1556 KSecDD - ok
19:01:53.0534 1556 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
19:01:53.0536 1556 KSecPkg - ok
19:01:53.0554 1556 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:01:53.0555 1556 ksthunk - ok
19:01:53.0578 1556 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:01:53.0579 1556 lltdio - ok
19:01:53.0602 1556 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:01:53.0603 1556 LSI_FC - ok
19:01:53.0621 1556 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:01:53.0622 1556 LSI_SAS - ok
19:01:53.0645 1556 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:01:53.0646 1556 LSI_SAS2 - ok
19:01:53.0662 1556 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:01:53.0664 1556 LSI_SCSI - ok
19:01:53.0683 1556 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:01:53.0684 1556 luafv - ok
19:01:53.0740 1556 lvpepf64 (07389f6925e490d2db7882110e99921c) C:\Windows\system32\DRIVERS\lv302a64.sys
19:01:53.0741 1556 lvpepf64 - ok
19:01:53.0796 1556 LVRS64 (7f0ba3a6e8996f15693c6b7d81da049e) C:\Windows\system32\DRIVERS\lvrs64.sys
19:01:53.0804 1556 LVRS64 - ok
19:01:53.0871 1556 LVUSBS64 (5c3ff68267a5d242ee79ee01b993d6ce) C:\Windows\system32\drivers\LVUSBS64.sys
19:01:53.0872 1556 LVUSBS64 - ok
19:01:53.0886 1556 MCSTRM - ok
19:01:53.0904 1556 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:01:53.0905 1556 megasas - ok
19:01:53.0919 1556 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:01:53.0923 1556 MegaSR - ok
19:01:53.0950 1556 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:01:53.0950 1556 Modem - ok
19:01:53.0969 1556 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:01:53.0969 1556 monitor - ok
19:01:54.0036 1556 motmodem (14eb6898923b5816e574f88835f4f454) C:\Windows\system32\DRIVERS\motmodem.sys
19:01:54.0037 1556 motmodem - ok
19:01:54.0068 1556 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
19:01:54.0069 1556 mouclass - ok
19:01:54.0080 1556 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:01:54.0081 1556 mouhid - ok
19:01:54.0117 1556 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:01:54.0119 1556 mountmgr - ok
19:01:54.0158 1556 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:01:54.0160 1556 mpio - ok
19:01:54.0177 1556 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:01:54.0179 1556 mpsdrv - ok
19:01:54.0210 1556 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:01:54.0212 1556 MRxDAV - ok
19:01:54.0268 1556 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:01:54.0270 1556 mrxsmb - ok
19:01:54.0303 1556 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:01:54.0306 1556 mrxsmb10 - ok
19:01:54.0329 1556 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:01:54.0331 1556 mrxsmb20 - ok
19:01:54.0342 1556 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:01:54.0343 1556 msahci - ok
19:01:54.0354 1556 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:01:54.0355 1556 msdsm - ok
19:01:54.0400 1556 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:01:54.0401 1556 Msfs - ok
19:01:54.0411 1556 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:01:54.0411 1556 mshidkmdf - ok
19:01:54.0422 1556 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:01:54.0423 1556 msisadrv - ok
19:01:54.0444 1556 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:01:54.0444 1556 MSKSSRV - ok
19:01:54.0467 1556 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:01:54.0468 1556 MSPCLOCK - ok
19:01:54.0481 1556 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:01:54.0482 1556 MSPQM - ok
19:01:54.0515 1556 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:01:54.0519 1556 MsRPC - ok
19:01:54.0558 1556 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:01:54.0558 1556 mssmbios - ok
19:01:54.0578 1556 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:01:54.0579 1556 MSTEE - ok
19:01:54.0591 1556 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:01:54.0592 1556 MTConfig - ok
19:01:54.0599 1556 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:01:54.0600 1556 Mup - ok
19:01:54.0657 1556 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:01:54.0661 1556 NativeWifiP - ok
19:01:54.0776 1556 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120101.006\ENG64.SYS
19:01:54.0777 1556 NAVENG - ok
19:01:54.0820 1556 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120101.006\EX64.SYS
19:01:54.0828 1556 NAVEX15 - ok
19:01:54.0876 1556 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:01:54.0885 1556 NDIS - ok
19:01:54.0903 1556 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:01:54.0904 1556 NdisCap - ok
19:01:54.0919 1556 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:01:54.0920 1556 NdisTapi - ok
19:01:54.0953 1556 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:01:54.0954 1556 Ndisuio - ok
19:01:54.0993 1556 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:01:54.0995 1556 NdisWan - ok
19:01:55.0036 1556 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:01:55.0037 1556 NDProxy - ok
19:01:55.0085 1556 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:01:55.0086 1556 NetBIOS - ok
19:01:55.0120 1556 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:01:55.0123 1556 NetBT - ok
19:01:55.0151 1556 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:01:55.0152 1556 nfrd960 - ok
19:01:55.0172 1556 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:01:55.0173 1556 Npfs - ok
19:01:55.0197 1556 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:01:55.0198 1556 nsiproxy - ok
19:01:55.0253 1556 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:01:55.0272 1556 Ntfs - ok
19:01:55.0285 1556 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:01:55.0286 1556 Null - ok
19:01:55.0319 1556 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
19:01:55.0320 1556 NVHDA - ok
19:01:55.0502 1556 nvlddmkm (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:01:55.0654 1556 nvlddmkm - ok
19:01:55.0694 1556 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:01:55.0696 1556 nvraid - ok
19:01:55.0729 1556 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:01:55.0731 1556 nvstor - ok
19:01:55.0766 1556 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:01:55.0767 1556 nv_agp - ok
19:01:55.0794 1556 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:01:55.0795 1556 ohci1394 - ok
19:01:55.0846 1556 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:01:55.0847 1556 Parport - ok
19:01:55.0892 1556 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:01:55.0893 1556 partmgr - ok
19:01:56.0004 1556 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
19:01:56.0004 1556 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
19:01:56.0039 1556 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:01:56.0041 1556 pci - ok
19:01:56.0050 1556 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:01:56.0051 1556 pciide - ok
19:01:56.0074 1556 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:01:56.0076 1556 pcmcia - ok
19:01:56.0107 1556 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
19:01:56.0108 1556 pcouffin - ok
19:01:56.0122 1556 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:01:56.0123 1556 pcw - ok
19:01:56.0145 1556 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:01:56.0151 1556 PEAUTH - ok
19:01:56.0239 1556 PID_PEPI (087a343dfc337f37723dd7912de6b6cd) C:\Windows\system32\DRIVERS\LV302V64.SYS
19:01:56.0281 1556 PID_PEPI - ok
19:01:56.0356 1556 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:01:56.0357 1556 PptpMiniport - ok
19:01:56.0373 1556 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:01:56.0374 1556 Processor - ok
19:01:56.0415 1556 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:01:56.0417 1556 Psched - ok
19:01:56.0449 1556 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:01:56.0450 1556 PxHlpa64 - ok
19:01:56.0482 1556 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:01:56.0496 1556 ql2300 - ok
19:01:56.0518 1556 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:01:56.0520 1556 ql40xx - ok
19:01:56.0535 1556 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:01:56.0536 1556 QWAVEdrv - ok
19:01:56.0547 1556 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:01:56.0548 1556 RasAcd - ok
19:01:56.0584 1556 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:01:56.0585 1556 RasAgileVpn - ok
19:01:56.0623 1556 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:01:56.0625 1556 Rasl2tp - ok
19:01:56.0647 1556 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:01:56.0648 1556 RasPppoe - ok
19:01:56.0671 1556 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:01:56.0672 1556 RasSstp - ok
19:01:56.0704 1556 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:01:56.0708 1556 rdbss - ok
19:01:56.0717 1556 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:01:56.0718 1556 rdpbus - ok
19:01:56.0728 1556 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:01:56.0729 1556 RDPCDD - ok
19:01:56.0737 1556 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:01:56.0737 1556 RDPENCDD - ok
19:01:56.0758 1556 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:01:56.0758 1556 RDPREFMP - ok
19:01:56.0798 1556 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:01:56.0800 1556 RDPWD - ok
19:01:56.0837 1556 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:01:56.0839 1556 rdyboost - ok
19:01:56.0857 1556 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:01:56.0859 1556 rspndr - ok
19:01:56.0943 1556 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:01:56.0944 1556 SASDIFSV - ok
19:01:56.0966 1556 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:01:56.0966 1556 SASKUTIL - ok
19:01:57.0005 1556 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:01:57.0006 1556 sbp2port - ok
19:01:57.0051 1556 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:01:57.0052 1556 scfilter - ok
19:01:57.0080 1556 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:01:57.0081 1556 secdrv - ok
19:01:57.0108 1556 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:01:57.0109 1556 Serenum - ok
19:01:57.0136 1556 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:01:57.0137 1556 Serial - ok
19:01:57.0178 1556 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:01:57.0179 1556 sermouse - ok
19:01:57.0233 1556 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:01:57.0234 1556 sffdisk - ok
19:01:57.0252 1556 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:01:57.0253 1556 sffp_mmc - ok
19:01:57.0265 1556 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:01:57.0266 1556 sffp_sd - ok
19:01:57.0283 1556 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:01:57.0284 1556 sfloppy - ok
19:01:57.0306 1556 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:01:57.0307 1556 SiSRaid2 - ok
19:01:57.0322 1556 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:01:57.0323 1556 SiSRaid4 - ok
19:01:57.0335 1556 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:01:57.0336 1556 Smb - ok
19:01:57.0386 1556 SMR210 (03573da7c4abcf5591ad4d8c96736b00) C:\Windows\system32\drivers\SMR210.SYS
19:01:57.0387 1556 SMR210 - ok
19:01:57.0407 1556 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:01:57.0407 1556 spldr - ok
19:01:57.0503 1556 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\N360x64\0501000.01D\SRTSP64.SYS
19:01:57.0510 1556 SRTSP - ok
19:01:57.0522 1556 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\N360x64\0501000.01D\SRTSPX64.SYS
19:01:57.0523 1556 SRTSPX - ok
19:01:57.0581 1556 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:01:57.0585 1556 srv - ok
19:01:57.0632 1556 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:01:57.0636 1556 srv2 - ok
19:01:57.0645 1556 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:01:57.0647 1556 srvnet - ok
19:01:57.0698 1556 ssecbus (78a4d20187b5c241c70aa8e9573b3a6c) C:\Windows\system32\DRIVERS\ssecbus.sys
19:01:57.0700 1556 ssecbus - ok
19:01:57.0736 1556 ssecmdfl (6f65ffe86d515014e29fff44dbbfa49a) C:\Windows\system32\DRIVERS\ssecmdfl.sys
19:01:57.0737 1556 ssecmdfl - ok
19:01:57.0761 1556 ssecmdm (f4db6272044f0023c5ba1e17dcc4bd5a) C:\Windows\system32\DRIVERS\ssecmdm.sys
19:01:57.0762 1556 ssecmdm - ok
19:01:57.0777 1556 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:01:57.0778 1556 stexstor - ok
19:01:57.0832 1556 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:01:57.0833 1556 StillCam - ok
19:01:57.0867 1556 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:01:57.0867 1556 swenum - ok
19:01:57.0895 1556 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS
19:01:57.0900 1556 SymDS - ok
19:01:57.0926 1556 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS
19:01:57.0934 1556 SymEFA - ok
19:01:57.0980 1556 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
19:01:57.0982 1556 SymEvent - ok
19:01:58.0019 1556 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS
19:01:58.0021 1556 SymIRON - ok
19:01:58.0058 1556 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS
19:01:58.0061 1556 SymNetS - ok
19:01:58.0138 1556 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:01:58.0160 1556 Tcpip - ok
19:01:58.0183 1556 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:01:58.0191 1556 TCPIP6 - ok
19:01:58.0217 1556 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:01:58.0218 1556 tcpipreg - ok
19:01:58.0241 1556 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:01:58.0242 1556 TDPIPE - ok
19:01:58.0259 1556 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:01:58.0260 1556 TDTCP - ok
19:01:58.0292 1556 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:01:58.0294 1556 tdx - ok
19:01:58.0324 1556 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:01:58.0325 1556 TermDD - ok
19:01:58.0377 1556 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
19:01:58.0378 1556 TFsExDisk - ok
19:01:58.0408 1556 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:01:58.0409 1556 tssecsrv - ok
19:01:58.0447 1556 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:01:58.0448 1556 TsUsbFlt - ok
19:01:58.0485 1556 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:01:58.0487 1556 tunnel - ok
19:01:58.0510 1556 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:01:58.0511 1556 uagp35 - ok
19:01:58.0547 1556 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:01:58.0550 1556 udfs - ok
19:01:58.0579 1556 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:01:58.0580 1556 uliagpkx - ok
19:01:58.0616 1556 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
19:01:58.0617 1556 umbus - ok
19:01:58.0640 1556 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:01:58.0640 1556 UmPass - ok
19:01:58.0702 1556 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
19:01:58.0703 1556 USBAAPL64 - ok
19:01:58.0733 1556 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:01:58.0734 1556 usbaudio - ok
19:01:58.0753 1556 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:01:58.0755 1556 usbccgp - ok
19:01:58.0789 1556 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:01:58.0791 1556 usbcir - ok
19:01:58.0809 1556 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
19:01:58.0810 1556 usbehci - ok
19:01:58.0831 1556 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:01:58.0834 1556 usbhub - ok
19:01:58.0848 1556 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
19:01:58.0848 1556 usbohci - ok
19:01:58.0857 1556 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:01:58.0857 1556 usbprint - ok
19:01:58.0922 1556 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:01:58.0923 1556 usbscan - ok
19:01:58.0943 1556 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:01:58.0943 1556 USBSTOR - ok
19:01:58.0959 1556 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:01:58.0960 1556 usbuhci - ok
19:01:58.0979 1556 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:01:58.0980 1556 vdrvroot - ok
19:01:59.0000 1556 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:01:59.0000 1556 vga - ok
19:01:59.0018 1556 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:01:59.0019 1556 VgaSave - ok
19:01:59.0032 1556 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:01:59.0035 1556 vhdmp - ok
19:01:59.0052 1556 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:01:59.0052 1556 viaide - ok
19:01:59.0075 1556 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:01:59.0076 1556 volmgr - ok
19:01:59.0112 1556 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:01:59.0116 1556 volmgrx - ok
19:01:59.0132 1556 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:01:59.0136 1556 volsnap - ok
19:01:59.0156 1556 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:01:59.0158 1556 vsmraid - ok
19:01:59.0177 1556 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:01:59.0178 1556 vwifibus - ok
19:01:59.0192 1556 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:01:59.0193 1556 vwififlt - ok
19:01:59.0236 1556 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:01:59.0236 1556 vwifimp - ok
19:01:59.0268 1556 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:01:59.0268 1556 WacomPen - ok
19:01:59.0282 1556 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:01:59.0283 1556 WANARP - ok
19:01:59.0288 1556 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:01:59.0288 1556 Wanarpv6 - ok
19:01:59.0349 1556 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:01:59.0349 1556 Wd - ok
19:01:59.0376 1556 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:01:59.0382 1556 Wdf01000 - ok
19:01:59.0424 1556 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:01:59.0425 1556 WfpLwf - ok
19:01:59.0488 1556 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
19:01:59.0490 1556 WimFltr - ok
19:01:59.0512 1556 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:01:59.0513 1556 WIMMount - ok
19:01:59.0570 1556 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:01:59.0571 1556 WinUsb - ok
19:01:59.0587 1556 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:01:59.0588 1556 WmiAcpi - ok
19:01:59.0614 1556 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:01:59.0615 1556 ws2ifsl - ok
19:01:59.0647 1556 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys
19:01:59.0648 1556 WsAudio_DeviceS(1) - ok
19:01:59.0663 1556 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys
19:01:59.0663 1556 WsAudio_DeviceS(2) - ok
19:01:59.0677 1556 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys
19:01:59.0678 1556 WsAudio_DeviceS(3) - ok
19:01:59.0692 1556 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys
19:01:59.0693 1556 WsAudio_DeviceS(4) - ok
19:01:59.0709 1556 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys
19:01:59.0710 1556 WsAudio_DeviceS(5) - ok
19:01:59.0761 1556 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:01:59.0762 1556 WSDPrintDevice - ok
19:01:59.0799 1556 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:01:59.0800 1556 WudfPf - ok
19:01:59.0829 1556 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:01:59.0831 1556 WUDFRd - ok
19:01:59.0848 1556 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
19:01:59.0891 1556 \Device\Harddisk0\DR0 - ok
19:01:59.0895 1556 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
19:01:59.0900 1556 \Device\Harddisk5\DR5 - ok
19:01:59.0911 1556 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk6\DR6
19:01:59.0948 1556 \Device\Harddisk6\DR6 - ok
19:01:59.0957 1556 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk7\DR7
19:01:59.0962 1556 \Device\Harddisk7\DR7 - ok
19:01:59.0965 1556 Boot (0x1200) (2bd812be402c08e0d8789da6cb0d25e2) \Device\Harddisk0\DR0\Partition0
19:01:59.0966 1556 \Device\Harddisk0\DR0\Partition0 - ok
19:01:59.0975 1556 Boot (0x1200) (4d4014dd64287dea6372162158a497aa) \Device\Harddisk0\DR0\Partition1
19:01:59.0976 1556 \Device\Harddisk0\DR0\Partition1 - ok
19:01:59.0979 1556 Boot (0x1200) (ce08823e4514dd64c5bdb594c0db1e24) \Device\Harddisk5\DR5\Partition0
19:01:59.0981 1556 \Device\Harddisk5\DR5\Partition0 - ok
19:01:59.0983 1556 Boot (0x1200) (42c42bded4317022ef69258b9f93aefc) \Device\Harddisk6\DR6\Partition0
19:01:59.0985 1556 \Device\Harddisk6\DR6\Partition0 - ok
19:01:59.0998 1556 Boot (0x1200) (4e019f6e78b526608b6d10437e2bc610) \Device\Harddisk7\DR7\Partition0
19:01:59.0999 1556 \Device\Harddisk7\DR7\Partition0 - ok
19:01:59.0999 1556 ============================================================
19:01:59.0999 1556 Scan finished
19:01:59.0999 1556 ============================================================
19:02:00.0005 2480 Detected object count: 0
19:02:00.0005 2480 Actual detected object count: 0

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 AM

Posted 02 January 2012 - 08:41 PM

Ok, MBAM did not update.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

>>>
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.


>>>>
If still no Security Center
Windows 7 - SFC /SCANNOW Command - System File Checker
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 04 January 2012 - 07:30 AM

Updated MBAM. No malicious items detected after scan.

Below three logs. One is the MBAM, the second is from the full NAV scan that completed today. The Trojan ZeroAccess.B is back in Conserv.dll, the last is ESET, which finds the Trojan Firefef.DN in Memory.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.04

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Dad :: DAD-PC [administrator]

1/3/2012 4:50:40 PM
mbam-log-2012-01-03 (16-50-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177225
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


The NAV Log (which oddly enough does not show the Trojan ZeroAccess.B (probably because no action was taken). Norton says it needs to be removed manually with Norton Eraser which I ran but it keeps coming back.



Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
1/2/2012 2:35 PM,High,kwrd.dll (Trojan.Gen.2) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\kwrd.dll
1/2/2012 2:35 PM,High,desktop.ini (Backdoor.Trojan) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\assembly\gac_64\desktop.ini
1/2/2012 10:55 AM,High,kwrd.dll (Trojan.Gen.2) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\kwrd.dll
1/2/2012 10:55 AM,High,desktop.ini (Backdoor.Trojan) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\assembly\gac_64\desktop.ini
1/1/2012 6:50 PM,High,kwrd.dll (Trojan.Gen.2) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\kwrd.dll
1/1/2012 6:50 PM,High,desktop.ini (Backdoor.Trojan) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\assembly\gac_64\desktop.ini
1/1/2012 3:34 PM,High,80000032.@ (Trojan.Gen.2) detected by Download Insight,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\u\80000032.@
1/1/2012 1:34 PM,High,kwrd.dll (Trojan.Gen.2) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\kwrd.dll
1/1/2012 1:33 PM,High,desktop.ini (Backdoor.Trojan) detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\windows\assembly\gac_64\desktop.ini
1/1/2012 12:11 PM,High,80000032.@ (Trojan.Gen.2) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\u\80000032.@
1/1/2012 11:45 AM,High,80000032.@ (Trojan.Gen.2) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\windows\assembly\temp\u\80000032.@
12/31/2011 9:23 PM,High,oiu0.5261928514814989.exe (oiu0.5261928514814989.exe) detected by SONAR,Quarantined,Resolved - No Action Required,c:\users\dad\appdata\local\temp\oiu0.5261928514814989.exe
12/30/2011 2:52 AM,High,Trojan.Gen.2 detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\users\dad\appdata\locallow\sun\java\deployment\cache\6.0\48\3c830330-386b13c5
12/30/2011 2:52 AM,High,Trojan.Maljava detected by Virus scanner,Quarantined,Resolved - No Action Required,c:\users\dad\appdata\locallow\sun\java\deployment\cache\6.0\31\601ac19f-4d6ed38d
12/29/2011 4:54 PM,High,0.23570925152327726fdrgs.exe (0.23570925152327726fdrgs.exe) detected by SONAR,Quarantined,Resolved - No Action Required,c:\users\dad\appdata\local\temp

Log File of ESET

C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Savevid Toolbar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\ProgramData\{ACFC9F59-F1AE-43D2-8CFE-E2F1E0F82ABA}\SavevidSetupV2.res a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
C:\Users\Dad\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\1b0b81d-421aff72 a variant of Java/Agent.DZ trojan deleted - quarantined
C:\Users\Dad\Downloads\ImageViewerSetup.exe a variant of Win32/SweetIM.B application cleaned by deleting - quarantined
C:\Users\Dad\Downloads\installer-for-recuva(2).exe probably a variant of MSIL/Agent.NGQ trojan cleaned by deleting - quarantined
C:\Users\Dad\Downloads\installer-for-recuva.exe probably a variant of MSIL/Agent.NGQ trojan cleaned by deleting - quarantined
C:\Users\Dad\Downloads\PhotoshopCS5Installer(2).exe a variant of Win32/SoftonicDownloader.A application deleted - quarantined
C:\Users\Dad\Downloads\PhotoshopCS5Installer.exe a variant of Win32/SoftonicDownloader.A application deleted - quarantined
C:\Users\Dad\Downloads\SavevidSetupV2(2).exe a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
C:\Users\Dad\Downloads\SavevidSetupV2(3).exe a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
C:\Users\Dad\Downloads\SavevidSetupV2(4).exe a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
C:\Users\Dad\Downloads\SavevidSetupV2(5).exe a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
C:\Users\Dad\Downloads\SavevidSetupV2.exe a variant of Win32/Toolbar.SearchSuite application deleted - quarantined
C:\Users\Dad\Downloads\SetupGamevance(2).exe a variant of Win32/Adware.Gamevance.AP application cleaned by deleting - quarantined
C:\Users\Dad\Downloads\SetupGamevance.exe a variant of Win32/Adware.Gamevance.AP application cleaned by deleting - quarantined
C:\Users\Dad\Downloads\SoftonicDownloader_for_dvdfab(2).exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Dad\Downloads\SoftonicDownloader_for_dvdfab.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Dad\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Windows\assembly\temp\U\80000032.@ probably a variant of Win32/Olmarik.AVQ trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.G trojan cleaned by deleting - quarantined
I:\Maxtor backup\D6KH5X31\History\Level2\C\Documents and Settings\DAD\Desktop\SetupGamevance(2).exe a variant of Win32/Adware.Gamevance.AB application cleaned by deleting - quarantined
I:\Maxtor backup\D6KH5X31\History\Level2\C\Documents and Settings\DAD\Desktop\SetupGamevance(3).exe a variant of Win32/Adware.Gamevance.AB application cleaned by deleting - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-04 230002\Backup files 30.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-04 230002\Backup files 31.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-04 230002\Backup files 32.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-04 230002\Backup files 33.zip a variant of Win32/SoftonicDownloader.A application deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-04 230002\Backup files 34.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-11 230003\Backup files 29.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-11 230003\Backup files 30.zip a variant of Win32/InstallCore.D application deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-11 230003\Backup files 31.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-11 230003\Backup files 32.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-11 230003\Backup files 33.zip a variant of Win32/SoftonicDownloader.A application deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-04 230002\Backup Files 2011-12-11 230003\Backup files 34.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-25 230002\Backup Files 2011-12-25 230002\Backup files 29.zip a variant of Java/Exploit.CVE-2011-3544.N trojan deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-25 230002\Backup Files 2011-12-25 230002\Backup files 30.zip a variant of Win32/InstallCore.D application deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-25 230002\Backup Files 2011-12-25 230002\Backup files 31.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-25 230002\Backup Files 2011-12-25 230002\Backup files 32.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-25 230002\Backup Files 2011-12-25 230002\Backup files 33.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2011-12-25 230002\Backup Files 2011-12-25 230002\Backup files 34.zip multiple threats deleted - quarantined
J:\DAD-PC\Backup Set 2012-01-01 230002\Backup Files 2012-01-01 230002\Backup files 29.zip a variant of Java/Agent.DZ trojan deleted - quarantined
J:\Downloads\Setup_FreeConverter(2).exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
J:\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
J:\Seagate Backup\D6KH5X31\C\Documents and Settings\DAD\My Documents\Misc\winhelp.chm Win32/Dialer.CE trojan deleted - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 AM

Posted 04 January 2012 - 03:54 PM

Ok as this rootkit is re occurring we should have the Malware team dig it out once and for all.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Pieter Pos

Pieter Pos
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:06:44 AM

Posted 04 January 2012 - 08:00 PM

Followed instructions 6-9 and posted a new topic as per instruction 9. Thanks for the quick follow-up.

Pieter

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:44 AM

Posted 04 January 2012 - 09:15 PM

Thank you..
Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRL Team member is already assisting you and not open the thread to respond.

The current wait time is 3 - 5 days and ALL logs are amswered.

To avoid confusion, I am closing this topic.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users