Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hacked/Hijacked/Infected


  • This topic is locked This topic is locked
43 replies to this topic

#1 NascarFan14

NascarFan14

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 14 April 2012 - 03:25 PM

Ok, I have a Dell Optiplex 960 running XP SP3 and something has taken over the PC. I get redirects, the computer was trying to download from the net on its own (norton caught and stopped)I have run Norton, Malwarebytes, Spybot, and Superwhatever and the problem was still there. Today I ran the TDSSKILL, it cured 1 thing log below, aswMBR, log below and ran the microsoft host fix exe file in that order. Now when I reboot the PC it says its found new hardware but I havent added anything.
15:00:24.0625 3088 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
15:00:24.0640 3088 ============================================================
15:00:24.0640 3088 Current date / time: 2012/04/14 15:00:24.0640
15:00:24.0640 3088 SystemInfo:
15:00:24.0640 3088
15:00:24.0640 3088 OS Version: 5.1.2600 ServicePack: 3.0
15:00:24.0640 3088 Product type: Workstation
15:00:24.0640 3088 ComputerName: D4Y69TJ1
15:00:24.0640 3088 UserName: Mark
15:00:24.0640 3088 Windows directory: C:\WINDOWS
15:00:24.0640 3088 System windows directory: C:\WINDOWS
15:00:24.0640 3088 Processor architecture: Intel x86
15:00:24.0640 3088 Number of processors: 2
15:00:24.0640 3088 Page size: 0x1000
15:00:24.0640 3088 Boot type: Normal boot
15:00:24.0640 3088 ============================================================
15:00:25.0125 3088 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:00:25.0125 3088 \Device\Harddisk0\DR0:
15:00:25.0125 3088 MBR used
15:00:25.0125 3088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0x253F6833
15:00:25.0187 3088 Initialize success
15:00:25.0187 3088 ============================================================
15:00:44.0640 3540 ============================================================
15:00:44.0640 3540 Scan started
15:00:44.0640 3540 Mode: Manual;
15:00:44.0640 3540 ============================================================
15:00:45.0343 3540 Abiosdsk - ok
15:00:45.0375 3540 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
15:00:45.0406 3540 abp480n5 - ok
15:00:45.0468 3540 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:00:45.0468 3540 ACPI - ok
15:00:45.0500 3540 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
15:00:45.0500 3540 ACPIEC - ok
15:00:45.0562 3540 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
15:00:45.0593 3540 ADIHdAudAddService - ok
15:00:45.0671 3540 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:45.0671 3540 AdobeFlashPlayerUpdateSvc - ok
15:00:45.0812 3540 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
15:00:45.0843 3540 adpu160m - ok
15:00:45.0937 3540 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
15:00:45.0953 3540 aec - ok
15:00:46.0015 3540 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
15:00:46.0015 3540 AFD - ok
15:00:46.0046 3540 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
15:00:46.0046 3540 agp440 - ok
15:00:46.0078 3540 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
15:00:46.0078 3540 agpCPQ - ok
15:00:46.0125 3540 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
15:00:46.0125 3540 Aha154x - ok
15:00:46.0187 3540 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
15:00:46.0187 3540 aic78u2 - ok
15:00:46.0250 3540 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
15:00:46.0250 3540 aic78xx - ok
15:00:46.0375 3540 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
15:00:46.0390 3540 Alerter - ok
15:00:46.0421 3540 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
15:00:46.0421 3540 ALG - ok
15:00:46.0531 3540 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
15:00:46.0562 3540 AliIde - ok
15:00:46.0593 3540 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
15:00:46.0609 3540 alim1541 - ok
15:00:46.0640 3540 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
15:00:46.0640 3540 amdagp - ok
15:00:46.0687 3540 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
15:00:46.0687 3540 amsint - ok
15:00:46.0828 3540 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:00:46.0859 3540 Apple Mobile Device - ok
15:00:46.0953 3540 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
15:00:46.0953 3540 AppMgmt - ok
15:00:46.0984 3540 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
15:00:46.0984 3540 asc - ok
15:00:47.0062 3540 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
15:00:47.0062 3540 asc3350p - ok
15:00:47.0125 3540 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
15:00:47.0125 3540 asc3550 - ok
15:00:47.0250 3540 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:00:47.0281 3540 aspnet_state - ok
15:00:47.0359 3540 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:00:47.0359 3540 AsyncMac - ok
15:00:47.0468 3540 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
15:00:47.0468 3540 atapi - ok
15:00:47.0531 3540 Atdisk - ok
15:00:47.0578 3540 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:00:47.0578 3540 Atmarpc - ok
15:00:47.0625 3540 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
15:00:47.0625 3540 AudioSrv - ok
15:00:47.0640 3540 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
15:00:47.0640 3540 audstub - ok
15:00:47.0781 3540 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
15:00:47.0781 3540 BcmSqlStartupSvc - ok
15:00:47.0843 3540 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
15:00:47.0843 3540 Beep - ok
15:00:48.0156 3540 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120402.001\BHDrvx86.sys
15:00:48.0156 3540 BHDrvx86 - ok
15:00:48.0281 3540 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
15:00:48.0312 3540 BITS - ok
15:00:48.0453 3540 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
15:00:48.0453 3540 Bonjour Service - ok
15:00:48.0578 3540 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
15:00:48.0578 3540 Browser - ok
15:00:48.0671 3540 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
15:00:48.0671 3540 cbidf - ok
15:00:48.0687 3540 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
15:00:48.0687 3540 cbidf2k - ok
15:00:48.0703 3540 CCALib8 (a9acc4b9730b6d5b0bb2bffdc53f0812) C:\Program Files\Canon\CAL\CALMAIN.exe
15:00:48.0703 3540 CCALib8 - ok
15:00:48.0734 3540 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
15:00:48.0750 3540 cd20xrnt - ok
15:00:48.0812 3540 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
15:00:48.0812 3540 Cdaudio - ok
15:00:48.0828 3540 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
15:00:48.0828 3540 Cdfs - ok
15:00:48.0890 3540 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:00:48.0937 3540 Cdrom - ok
15:00:48.0984 3540 Changer - ok
15:00:49.0031 3540 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
15:00:49.0031 3540 CiSvc - ok
15:00:49.0046 3540 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
15:00:49.0046 3540 ClipSrv - ok
15:00:49.0140 3540 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:49.0296 3540 clr_optimization_v2.0.50727_32 - ok
15:00:49.0406 3540 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:49.0515 3540 clr_optimization_v4.0.30319_32 - ok
15:00:49.0703 3540 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
15:00:49.0703 3540 CmdIde - ok
15:00:49.0718 3540 COMSysApp - ok
15:00:49.0750 3540 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
15:00:49.0750 3540 Cpqarray - ok
15:00:49.0812 3540 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
15:00:49.0812 3540 CryptSvc - ok
15:00:49.0812 3540 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
15:00:49.0828 3540 dac2w2k - ok
15:00:49.0828 3540 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
15:00:49.0828 3540 dac960nt - ok
15:00:49.0890 3540 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
15:00:49.0906 3540 DcomLaunch - ok
15:00:49.0984 3540 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
15:00:49.0984 3540 Dhcp - ok
15:00:50.0031 3540 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
15:00:50.0046 3540 Disk - ok
15:00:50.0109 3540 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
15:00:50.0109 3540 DLABMFSM - ok
15:00:50.0187 3540 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
15:00:50.0187 3540 DLABOIOM - ok
15:00:50.0218 3540 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
15:00:50.0234 3540 DLACDBHM - ok
15:00:50.0250 3540 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
15:00:50.0250 3540 DLADResM - ok
15:00:50.0250 3540 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
15:00:50.0250 3540 DLAIFS_M - ok
15:00:50.0265 3540 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
15:00:50.0265 3540 DLAOPIOM - ok
15:00:50.0265 3540 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
15:00:50.0265 3540 DLAPoolM - ok
15:00:50.0281 3540 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
15:00:50.0312 3540 DLARTL_M - ok
15:00:50.0375 3540 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
15:00:50.0375 3540 DLAUDFAM - ok
15:00:50.0390 3540 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
15:00:50.0390 3540 DLAUDF_M - ok
15:00:50.0390 3540 dmadmin - ok
15:00:50.0453 3540 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
15:00:50.0453 3540 dmboot - ok
15:00:50.0468 3540 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
15:00:50.0484 3540 dmio - ok
15:00:50.0546 3540 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
15:00:50.0546 3540 dmload - ok
15:00:50.0640 3540 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
15:00:50.0640 3540 dmserver - ok
15:00:50.0765 3540 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
15:00:50.0765 3540 DMusic - ok
15:00:50.0812 3540 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
15:00:50.0812 3540 Dnscache - ok
15:00:50.0859 3540 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
15:00:50.0859 3540 Dot3svc - ok
15:00:50.0937 3540 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
15:00:50.0937 3540 dpti2o - ok
15:00:50.0968 3540 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
15:00:51.0000 3540 drmkaud - ok
15:00:51.0046 3540 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
15:00:51.0062 3540 DRVMCDB - ok
15:00:51.0125 3540 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
15:00:51.0140 3540 DRVNDDM - ok
15:00:51.0187 3540 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
15:00:51.0218 3540 e1kexpress - ok
15:00:51.0312 3540 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
15:00:51.0312 3540 EapHost - ok
15:00:51.0453 3540 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:00:51.0484 3540 eeCtrl - ok
15:00:51.0500 3540 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:00:51.0500 3540 EraserUtilRebootDrv - ok
15:00:51.0546 3540 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
15:00:51.0546 3540 ERSvc - ok
15:00:51.0625 3540 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:00:51.0625 3540 Eventlog - ok
15:00:51.0687 3540 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
15:00:51.0703 3540 EventSystem - ok
15:00:51.0812 3540 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
15:00:51.0812 3540 Fastfat - ok
15:00:51.0843 3540 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:00:51.0843 3540 FastUserSwitchingCompatibility - ok
15:00:51.0890 3540 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
15:00:51.0890 3540 Fdc - ok
15:00:51.0906 3540 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
15:00:51.0906 3540 Fips - ok
15:00:51.0968 3540 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
15:00:51.0984 3540 FLEXnet Licensing Service - ok
15:00:52.0046 3540 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:00:52.0046 3540 Flpydisk - ok
15:00:52.0093 3540 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:00:52.0125 3540 FltMgr - ok
15:00:52.0234 3540 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:00:52.0250 3540 FontCache3.0.0.0 - ok
15:00:52.0343 3540 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:00:52.0343 3540 Fs_Rec - ok
15:00:52.0359 3540 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:00:52.0390 3540 Ftdisk - ok
15:00:52.0437 3540 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
15:00:52.0484 3540 GearAspiWDM - ok
15:00:52.0515 3540 GEARSecurity (b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\System32\GEARSec.exe
15:00:52.0515 3540 GEARSecurity - ok
15:00:52.0531 3540 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:00:52.0531 3540 Gpc - ok
15:00:52.0671 3540 gupdate1c9d02667f8588 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:00:52.0671 3540 gupdate1c9d02667f8588 - ok
15:00:52.0687 3540 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
15:00:52.0687 3540 gupdatem - ok
15:00:52.0750 3540 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:00:52.0750 3540 gusvc - ok
15:00:52.0875 3540 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
15:00:52.0875 3540 HDAudBus - ok
15:00:52.0937 3540 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
15:00:52.0968 3540 HECI - ok
15:00:53.0046 3540 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:00:53.0046 3540 helpsvc - ok
15:00:53.0109 3540 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
15:00:53.0109 3540 HidServ - ok
15:00:53.0125 3540 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
15:00:53.0125 3540 hidusb - ok
15:00:53.0171 3540 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
15:00:53.0171 3540 hkmsvc - ok
15:00:53.0187 3540 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
15:00:53.0187 3540 hpn - ok
15:00:53.0390 3540 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:00:53.0390 3540 hpqcxs08 - ok
15:00:53.0453 3540 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:00:53.0453 3540 hpqddsvc - ok
15:00:53.0468 3540 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:00:53.0484 3540 HPSLPSVC - ok
15:00:53.0671 3540 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
15:00:53.0687 3540 HPZid412 - ok
15:00:53.0718 3540 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
15:00:53.0734 3540 HPZipr12 - ok
15:00:53.0781 3540 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
15:00:53.0796 3540 HPZius12 - ok
15:00:53.0859 3540 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
15:00:53.0875 3540 HSFHWBS2 - ok
15:00:53.0906 3540 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
15:00:53.0921 3540 HSF_DPV - ok
15:00:54.0000 3540 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
15:00:54.0000 3540 HTTP - ok
15:00:54.0109 3540 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
15:00:54.0109 3540 HTTPFilter - ok
15:00:54.0171 3540 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
15:00:54.0171 3540 i2omgmt - ok
15:00:54.0203 3540 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
15:00:54.0203 3540 i2omp - ok
15:00:54.0281 3540 IAANTMON (48da1a18adda9ceff889d49cfb947770) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:00:54.0296 3540 IAANTMON - ok
15:00:54.0343 3540 iaStor (6c44fa574a17b31e12ddbbe973171728) C:\WINDOWS\system32\drivers\iaStor.sys
15:00:54.0343 3540 iaStor - ok
15:00:54.0453 3540 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:00:54.0453 3540 IDriverT - ok
15:00:54.0640 3540 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:00:54.0656 3540 idsvc - ok
15:00:54.0937 3540 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120413.001\IDSxpx86.sys
15:00:54.0953 3540 IDSxpx86 - ok
15:00:55.0203 3540 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
15:00:55.0203 3540 Imapi - ok
15:00:55.0265 3540 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
15:00:55.0265 3540 ImapiService - ok
15:00:55.0312 3540 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
15:00:55.0312 3540 ini910u - ok
15:00:55.0312 3540 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
15:00:55.0328 3540 IntelIde - ok
15:00:55.0375 3540 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:00:55.0375 3540 intelppm - ok
15:00:55.0421 3540 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:00:55.0421 3540 Ip6Fw - ok
15:00:55.0468 3540 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:00:55.0468 3540 IpFilterDriver - ok
15:00:55.0531 3540 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:00:55.0531 3540 IpInIp - ok
15:00:55.0562 3540 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:00:55.0578 3540 IpNat - ok
15:00:55.0656 3540 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
15:00:55.0656 3540 iPod Service - ok
15:00:55.0890 3540 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:00:55.0890 3540 IPSec - ok
15:00:55.0921 3540 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
15:00:55.0921 3540 IRENUM - ok
15:00:55.0968 3540 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:00:56.0000 3540 isapnp - ok
15:00:56.0125 3540 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
15:00:56.0125 3540 JavaQuickStarterService - ok
15:00:56.0171 3540 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:00:56.0171 3540 Kbdclass - ok
15:00:56.0187 3540 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
15:00:56.0187 3540 kbdhid - ok
15:00:56.0250 3540 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
15:00:56.0250 3540 kmixer - ok
15:00:56.0312 3540 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
15:00:56.0312 3540 KSecDD - ok
15:00:56.0437 3540 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
15:00:56.0437 3540 LanmanServer - ok
15:00:56.0484 3540 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
15:00:56.0484 3540 lanmanworkstation - ok
15:00:56.0500 3540 lbrtfdc - ok
15:00:56.0562 3540 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
15:00:56.0562 3540 LmHosts - ok
15:00:56.0625 3540 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
15:00:56.0640 3540 mdmxsdk - ok
15:00:56.0687 3540 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
15:00:56.0687 3540 Messenger - ok
15:00:56.0718 3540 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
15:00:56.0718 3540 mnmdd - ok
15:00:56.0750 3540 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
15:00:56.0750 3540 mnmsrvc - ok
15:00:56.0781 3540 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
15:00:56.0796 3540 Modem - ok
15:00:56.0906 3540 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:00:56.0906 3540 Mouclass - ok
15:00:56.0921 3540 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
15:00:56.0921 3540 mouhid - ok
15:00:56.0937 3540 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
15:00:56.0937 3540 MountMgr - ok
15:00:56.0968 3540 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
15:00:56.0968 3540 mraid35x - ok
15:00:57.0031 3540 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:00:57.0031 3540 MRxDAV - ok
15:00:57.0156 3540 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:00:57.0171 3540 MRxSmb - ok
15:00:57.0203 3540 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
15:00:57.0203 3540 MSDTC - ok
15:00:57.0250 3540 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
15:00:57.0250 3540 Msfs - ok
15:00:57.0265 3540 MSIServer - ok
15:00:57.0312 3540 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:00:57.0312 3540 MSKSSRV - ok
15:00:57.0390 3540 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:00:57.0406 3540 MSPCLOCK - ok
15:00:57.0421 3540 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
15:00:57.0421 3540 MSPQM - ok
15:00:57.0468 3540 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:00:57.0468 3540 mssmbios - ok
15:00:57.0593 3540 MSSQL$MSSMLBIZ - ok
15:00:57.0656 3540 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
15:00:57.0656 3540 MSSQLServerADHelper - ok
15:00:57.0703 3540 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
15:00:57.0703 3540 Mup - ok
15:00:57.0765 3540 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
15:00:57.0796 3540 NAL - ok
15:00:57.0890 3540 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
15:00:57.0890 3540 napagent - ok
15:00:58.0218 3540 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120413.025\NAVENG.SYS
15:00:58.0218 3540 NAVENG - ok
15:00:58.0328 3540 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120413.025\NAVEX15.SYS
15:00:58.0328 3540 NAVEX15 - ok
15:00:58.0562 3540 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
15:00:58.0562 3540 NDIS - ok
15:00:58.0625 3540 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:00:58.0625 3540 NdisTapi - ok
15:00:58.0640 3540 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:00:58.0640 3540 Ndisuio - ok
15:00:58.0656 3540 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:00:58.0656 3540 NdisWan - ok
15:00:58.0734 3540 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
15:00:58.0734 3540 NDProxy - ok
15:00:58.0796 3540 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
15:00:58.0796 3540 Net Driver HPZ12 - ok
15:00:58.0875 3540 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
15:00:58.0875 3540 NetBIOS - ok
15:00:58.0890 3540 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
15:00:58.0890 3540 NetBT - ok
15:00:59.0000 3540 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:00:59.0000 3540 NetDDE - ok
15:00:59.0000 3540 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
15:00:59.0000 3540 NetDDEdsdm - ok
15:00:59.0062 3540 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:00:59.0062 3540 Netlogon - ok
15:00:59.0078 3540 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
15:00:59.0093 3540 Netman - ok
15:00:59.0187 3540 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:00:59.0203 3540 NetTcpPortSharing - ok
15:00:59.0328 3540 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
15:00:59.0328 3540 NIS - ok
15:00:59.0390 3540 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
15:00:59.0390 3540 Nla - ok
15:00:59.0500 3540 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
15:00:59.0500 3540 Npfs - ok
15:00:59.0593 3540 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
15:00:59.0625 3540 Ntfs - ok
15:00:59.0671 3540 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:00:59.0671 3540 NtLmSsp - ok
15:00:59.0718 3540 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
15:00:59.0734 3540 NtmsSvc - ok
15:00:59.0781 3540 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
15:00:59.0781 3540 Null - ok
15:00:59.0984 3540 nv (a1129753f45b79e29cb0766713087d4e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:01:00.0046 3540 nv - ok
15:01:00.0203 3540 NVSvc (797aaf72bb4d9a816ffa948b79735370) C:\WINDOWS\system32\nvsvc32.exe
15:01:00.0203 3540 NVSvc - ok
15:01:00.0234 3540 NvtSp50 - ok
15:01:00.0281 3540 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:01:00.0281 3540 NwlnkFlt - ok
15:01:00.0296 3540 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:01:00.0296 3540 NwlnkFwd - ok
15:01:00.0437 3540 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:01:00.0437 3540 odserv - ok
15:01:00.0500 3540 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:01:00.0500 3540 ose - ok
15:01:00.0593 3540 PalmUSBD (71e2ea2e02828d492add2baab297657d) C:\WINDOWS\system32\drivers\PalmUSBD.sys
15:01:00.0609 3540 PalmUSBD - ok
15:01:00.0703 3540 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
15:01:00.0703 3540 Parport - ok
15:01:00.0765 3540 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
15:01:00.0765 3540 PartMgr - ok
15:01:00.0796 3540 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
15:01:00.0796 3540 ParVdm - ok
15:01:00.0859 3540 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
15:01:00.0875 3540 PBADRV - ok
15:01:00.0921 3540 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
15:01:00.0953 3540 PCI - ok
15:01:00.0953 3540 PCIDump - ok
15:01:01.0000 3540 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
15:01:01.0031 3540 PCIIde - ok
15:01:01.0062 3540 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
15:01:01.0062 3540 Pcmcia - ok
15:01:01.0062 3540 PDCOMP - ok
15:01:01.0078 3540 PDFRAME - ok
15:01:01.0078 3540 PDRELI - ok
15:01:01.0078 3540 PDRFRAME - ok
15:01:01.0093 3540 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
15:01:01.0093 3540 perc2 - ok
15:01:01.0140 3540 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
15:01:01.0156 3540 perc2hib - ok
15:01:01.0218 3540 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
15:01:01.0218 3540 PlugPlay - ok
15:01:01.0296 3540 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
15:01:01.0296 3540 Pml Driver HPZ12 - ok
15:01:01.0359 3540 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:01:01.0359 3540 PolicyAgent - ok
15:01:01.0437 3540 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:01:01.0453 3540 PptpMiniport - ok
15:01:01.0468 3540 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:01:01.0468 3540 ProtectedStorage - ok
15:01:01.0500 3540 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
15:01:01.0500 3540 PSched - ok
15:01:01.0562 3540 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:01:01.0562 3540 Ptilink - ok
15:01:01.0625 3540 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
15:01:01.0625 3540 PxHelp20 - ok
15:01:01.0765 3540 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:01:01.0765 3540 QBCFMonitorService - ok
15:01:01.0796 3540 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:01:01.0796 3540 QBFCService - ok
15:01:01.0921 3540 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
15:01:01.0921 3540 ql1080 - ok
15:01:01.0937 3540 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
15:01:01.0937 3540 Ql10wnt - ok
15:01:01.0953 3540 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
15:01:01.0953 3540 ql12160 - ok
15:01:01.0968 3540 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
15:01:01.0984 3540 ql1240 - ok
15:01:02.0000 3540 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
15:01:02.0000 3540 ql1280 - ok
15:01:02.0062 3540 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:01:02.0062 3540 RasAcd - ok
15:01:02.0125 3540 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
15:01:02.0125 3540 RasAuto - ok
15:01:02.0171 3540 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:01:02.0171 3540 Rasl2tp - ok
15:01:02.0234 3540 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
15:01:02.0234 3540 RasMan - ok
15:01:02.0390 3540 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:01:02.0390 3540 RasPppoe - ok
15:01:02.0390 3540 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
15:01:02.0390 3540 Raspti - ok
15:01:02.0453 3540 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:01:02.0453 3540 Rdbss - ok
15:01:02.0453 3540 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:01:02.0484 3540 RDPCDD - ok
15:01:02.0546 3540 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:01:02.0546 3540 rdpdr - ok
15:01:02.0593 3540 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
15:01:02.0609 3540 RDPWD - ok
15:01:02.0640 3540 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
15:01:02.0640 3540 RDSessMgr - ok
15:01:02.0687 3540 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
15:01:02.0687 3540 redbook - ok
15:01:02.0734 3540 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
15:01:02.0734 3540 RemoteAccess - ok
15:01:02.0796 3540 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
15:01:02.0796 3540 RemoteRegistry - ok
15:01:02.0828 3540 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
15:01:02.0828 3540 RpcLocator - ok
15:01:02.0875 3540 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
15:01:02.0875 3540 RpcSs - ok
15:01:02.0921 3540 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
15:01:02.0921 3540 RSVP - ok
15:01:02.0968 3540 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
15:01:02.0968 3540 SamSs - ok
15:01:03.0015 3540 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
15:01:03.0015 3540 SCardSvr - ok
15:01:03.0062 3540 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
15:01:03.0062 3540 Schedule - ok
15:01:03.0156 3540 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:01:03.0156 3540 SeaPort - ok
15:01:03.0281 3540 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:01:03.0281 3540 Secdrv - ok
15:01:03.0328 3540 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
15:01:03.0328 3540 seclogon - ok
15:01:03.0453 3540 SecureStorageService (27d53cd650cc77123faf2f07023dabc7) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
15:01:03.0468 3540 SecureStorageService - ok
15:01:03.0562 3540 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
15:01:03.0578 3540 SENS - ok
15:01:03.0593 3540 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
15:01:03.0593 3540 Serenum - ok
15:01:03.0640 3540 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
15:01:03.0656 3540 Serial - ok
15:01:03.0750 3540 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
15:01:03.0750 3540 SFAUDIO - ok
15:01:03.0812 3540 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
15:01:03.0843 3540 Sfloppy - ok
15:01:03.0906 3540 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
15:01:03.0906 3540 SharedAccess - ok
15:01:03.0984 3540 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:01:03.0984 3540 ShellHWDetection - ok
15:01:04.0000 3540 Simbad - ok
15:01:04.0031 3540 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
15:01:04.0031 3540 sisagp - ok
15:01:04.0218 3540 SMManager (b0bf6833849bfa70f42e1e22dee476f8) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
15:01:04.0218 3540 SMManager - ok
15:01:04.0296 3540 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
15:01:04.0296 3540 Sparrow - ok
15:01:04.0343 3540 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
15:01:04.0343 3540 splitter - ok
15:01:04.0421 3540 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
15:01:04.0421 3540 Spooler - ok
15:01:04.0531 3540 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
15:01:04.0531 3540 SQLBrowser - ok
15:01:04.0578 3540 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
15:01:04.0578 3540 SQLWriter - ok
15:01:04.0671 3540 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
15:01:04.0703 3540 sr - ok
15:01:04.0765 3540 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
15:01:04.0765 3540 srservice - ok
15:01:04.0875 3540 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1207010.003\SRTSP.SYS
15:01:04.0875 3540 SRTSP - ok
15:01:04.0968 3540 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1207010.003\SRTSPX.SYS
15:01:05.0000 3540 SRTSPX - ok
15:01:05.0046 3540 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
15:01:05.0046 3540 Srv - ok
15:01:05.0109 3540 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
15:01:05.0109 3540 SSDPSRV - ok
15:01:05.0125 3540 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
15:01:05.0125 3540 stisvc - ok
15:01:05.0187 3540 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:01:05.0187 3540 stllssvr - ok
15:01:05.0328 3540 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
15:01:05.0343 3540 swenum - ok
15:01:05.0468 3540 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
15:01:05.0468 3540 swmidi - ok
15:01:05.0468 3540 SwPrv - ok
15:01:05.0500 3540 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
15:01:05.0515 3540 symc810 - ok
15:01:05.0531 3540 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
15:01:05.0531 3540 symc8xx - ok
15:01:05.0625 3540 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1207010.003\SYMDS.SYS
15:01:05.0640 3540 SymDS - ok
15:01:05.0671 3540 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1207010.003\SYMEFA.SYS
15:01:05.0703 3540 SymEFA - ok
15:01:05.0750 3540 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
15:01:05.0750 3540 SymEvent - ok
15:01:05.0796 3540 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1207010.003\Ironx86.SYS
15:01:05.0812 3540 SymIRON - ok
15:01:05.0906 3540 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NIS\1207010.003\SYMTDI.SYS
15:01:05.0921 3540 SYMTDI - ok
15:01:05.0968 3540 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
15:01:05.0984 3540 sym_hi - ok
15:01:05.0984 3540 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
15:01:05.0984 3540 sym_u3 - ok
15:01:06.0031 3540 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
15:01:06.0031 3540 sysaudio - ok
15:01:06.0078 3540 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
15:01:06.0078 3540 SysmonLog - ok
15:01:06.0125 3540 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
15:01:06.0125 3540 TapiSrv - ok
15:01:06.0234 3540 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:01:06.0234 3540 Tcpip - ok
15:01:06.0375 3540 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
15:01:06.0390 3540 tcsd_win32.exe - ok
15:01:06.0546 3540 TdmService (b6cae7741addce1d57b65e015751a274) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
15:01:06.0562 3540 TdmService - ok
15:01:06.0734 3540 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
15:01:06.0734 3540 TDPIPE - ok
15:01:06.0781 3540 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
15:01:06.0781 3540 TDTCP - ok
15:01:06.0843 3540 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
15:01:06.0875 3540 TermDD - ok
15:01:06.0937 3540 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
15:01:06.0937 3540 TermService - ok
15:01:07.0031 3540 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
15:01:07.0046 3540 Themes - ok
15:01:07.0078 3540 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
15:01:07.0078 3540 TlntSvr - ok
15:01:07.0203 3540 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
15:01:07.0203 3540 TosIde - ok
15:01:07.0250 3540 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
15:01:07.0281 3540 TrkWks - ok
15:01:07.0312 3540 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
15:01:07.0312 3540 Udfs - ok
15:01:07.0328 3540 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
15:01:07.0343 3540 ultra - ok
15:01:07.0390 3540 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
15:01:07.0390 3540 Update - ok
15:01:07.0437 3540 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
15:01:07.0437 3540 upnphost - ok
15:01:07.0453 3540 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
15:01:07.0453 3540 UPS - ok
15:01:07.0625 3540 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
15:01:07.0640 3540 USBAAPL - ok
15:01:07.0687 3540 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
15:01:07.0687 3540 usbaudio - ok
15:01:07.0750 3540 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:01:07.0750 3540 usbccgp - ok
15:01:07.0765 3540 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:01:07.0796 3540 usbehci - ok
15:01:07.0843 3540 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:01:07.0843 3540 usbhub - ok
15:01:07.0875 3540 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
15:01:07.0875 3540 usbprint - ok
15:01:07.0937 3540 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
15:01:07.0937 3540 usbscan - ok
15:01:08.0062 3540 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:01:08.0078 3540 USBSTOR - ok
15:01:08.0109 3540 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:01:08.0125 3540 usbuhci - ok
15:01:08.0171 3540 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
15:01:08.0171 3540 VgaSave - ok
15:01:08.0218 3540 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
15:01:08.0218 3540 viaagp - ok
15:01:08.0234 3540 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
15:01:08.0234 3540 ViaIde - ok
15:01:08.0265 3540 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
15:01:08.0265 3540 VolSnap - ok
15:01:08.0328 3540 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
15:01:08.0343 3540 VSS - ok
15:01:08.0390 3540 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
15:01:08.0406 3540 w32time - ok
15:01:08.0453 3540 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:01:08.0453 3540 Wanarp - ok
15:01:08.0500 3540 WavxDMgr (fc2606083f35db9c497d6ba9f554d22c) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
15:01:08.0500 3540 WavxDMgr - ok
15:01:08.0515 3540 WDICA - ok
15:01:08.0546 3540 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
15:01:08.0546 3540 wdmaud - ok
15:01:08.0562 3540 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
15:01:08.0578 3540 WebClient - ok
15:01:08.0640 3540 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
15:01:08.0656 3540 winachsf - ok
15:01:08.0718 3540 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
15:01:08.0734 3540 winmgmt - ok
15:01:08.0812 3540 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
15:01:08.0828 3540 WinRM - ok
15:01:08.0968 3540 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:01:08.0984 3540 wlidsvc - ok
15:01:09.0015 3540 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
15:01:09.0015 3540 WmdmPmSN - ok
15:01:09.0078 3540 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
15:01:09.0078 3540 Wmi - ok
15:01:09.0156 3540 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
15:01:09.0156 3540 WmiAcpi - ok
15:01:09.0203 3540 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:01:09.0203 3540 WmiApSrv - ok
15:01:09.0375 3540 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
15:01:09.0375 3540 WMPNetworkSvc - ok
15:01:09.0531 3540 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:01:09.0546 3540 WPFFontCache_v0400 - ok
15:01:09.0703 3540 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
15:01:09.0703 3540 wscsvc - ok
15:01:09.0703 3540 WSearch - ok
15:01:09.0718 3540 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
15:01:09.0718 3540 wuauserv - ok
15:01:09.0828 3540 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:01:09.0828 3540 WudfPf - ok
15:01:09.0875 3540 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
15:01:09.0875 3540 WudfSvc - ok
15:01:09.0921 3540 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
15:01:09.0921 3540 WZCSVC - ok
15:01:09.0968 3540 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
15:01:09.0968 3540 xmlprov - ok
15:01:09.0984 3540 MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
15:01:10.0000 3540 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:01:10.0000 3540 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:01:10.0031 3540 Boot (0x1200) (702d56126f370bf2414de699812c1649) \Device\Harddisk0\DR0\Partition0
15:01:10.0031 3540 \Device\Harddisk0\DR0\Partition0 - ok
15:01:10.0062 3540 ============================================================
15:01:10.0062 3540 Scan finished
15:01:10.0062 3540 ============================================================
15:01:10.0062 2544 Detected object count: 1
15:01:10.0062 2544 Actual detected object count: 1
15:01:33.0406 2544 \Device\Harddisk0\DR0\# - copied to quarantine
15:01:33.0406 2544 \Device\Harddisk0\DR0 - copied to quarantine
15:01:33.0437 2544 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:01:33.0437 2544 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:01:33.0437 2544 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:01:33.0453 2544 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:01:33.0468 2544 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:01:33.0468 2544 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:01:33.0468 2544 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:01:33.0468 2544 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:01:33.0468 2544 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:01:33.0468 2544 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:01:33.0484 2544 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:01:33.0500 2544 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:01:33.0500 2544 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:01:33.0500 2544 \Device\Harddisk0\DR0 - ok
15:01:34.0562 2544 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:01:48.0937 3728 Deinitialize success






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-14 15:10:47
-----------------------------
15:10:47.171 OS Version: Windows 5.1.2600 Service Pack 3
15:10:47.171 Number of processors: 2 586 0x170A
15:10:47.171 ComputerName: D4Y69TJ1 UserName: Mark
15:10:49.171 Initialize success
15:16:40.312 AVAST engine defs: 12041400
15:17:37.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:17:37.828 Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 8
15:17:37.843 Disk 0 MBR read successfully
15:17:37.843 Disk 0 MBR scan
15:17:37.890 Disk 0 Windows VISTA default MBR code
15:17:37.890 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
15:17:37.906 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305133 MB offset 224910
15:17:37.906 Disk 0 scanning sectors +625137345
15:17:38.000 Disk 0 scanning C:\WINDOWS\system32\drivers
15:17:51.703 Service scanning
15:18:16.875 Modules scanning
15:18:26.781 Disk 0 trace - called modules:
15:18:26.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:18:26.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac53030]
15:18:26.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a6d2028]
15:18:27.609 AVAST engine scan C:\WINDOWS
15:18:45.062 AVAST engine scan C:\WINDOWS\system32
15:21:20.765 AVAST engine scan C:\WINDOWS\system32\drivers
15:21:44.218 AVAST engine scan C:\Documents and Settings\Mark
15:28:24.656 AVAST engine scan C:\Documents and Settings\All Users
15:40:29.093 Scan finished successfully
15:43:50.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat"
15:43:50.375 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\aswMBR.txt"


Thanks in advance

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 15 April 2012 - 12:35 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 NascarFan14

NascarFan14
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 15 April 2012 - 09:39 AM

Thank you for the quick reply, I have followed the posted instructions and will paste the logs accordingly. I downloaded Defogger and clicked yes to disable, I did not get a finished popup but a txt file was populated to my desktop, the only popup I received was the original disable re-enable window, I did not click either I just closed the window and it did not ask me to reboot the machine. I then ran security check and the log is pasted below. I then ran DDS and both logs are posted below. I have not tested or noticed any additional problems as this is the first step in the troubleshooting process.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:17 on 15/04/2012 (Mark)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 20
Java version out of date!
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe
``````````End of Log````````````




.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Mark at 10:23:49 on 2012-04-15
.
============== Running Processes ===============
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mark\Local Settings\Application Data\ATT Connect\Participant\pull.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Mark\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.1.3\ips\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.1.3\coIEPlg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Push Client] "c:\documents and settings\mark\local settings\application data\att connect\participant\pull.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241797114031
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257041256593
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{4DA84824-FDF0-4C30-898F-BEC7DE01438B} : NameServer = 4.2.2.2,4.2.2.1
TCP: Interfaces\{4DA84824-FDF0-4C30-898F-BEC7DE01438B} : DhcpNameServer = 192.168.1.254 192.168.1.254
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
AppInit_DLLs: OGPDFLoader.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate1c9d02667f8588;Google Update Service (gupdate1c9d02667f8588)
R? gupdatem;Google Update Service (gupdatem)
R? NvtSp50;NvtSp50 NDIS Protocol Driver
R? SMManager;Smith Micro Connection Manager Service
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? BHDrvx86;BHDrvx86
S? e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K
S? EraserUtilRebootDrv;EraserUtilRebootDrv
S? IDSxpx86;IDSxpx86
S? NAVENG;NAVENG
S? NAVEX15;NAVEX15
S? NIS;Norton Internet Security
S? SFAUDIO;Sonic Focus DSP Driver
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymIRON;Symantec Iron Driver
.
=============== Created Last 30 ================
.
2012-04-14 19:01:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-08 23:08:43 -------- d-----w- c:\program files\iPod
2012-04-08 23:08:39 -------- d-----w- c:\program files\iTunes
2012-04-06 22:16:38 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-04-03 21:48:03 369784 ----a-w- c:\windows\system32\drivers\nis\1207010.003\symtdi.sys
2012-04-03 21:48:03 331384 ----a-w- c:\windows\system32\drivers\nis\1207010.003\symtdiv.sys
2012-04-03 21:48:03 299640 ----a-w- c:\windows\system32\drivers\nis\1207010.003\symnets.sys
2012-04-03 21:48:02 744568 ----a-w- c:\windows\system32\drivers\nis\1207010.003\symefa.sys
2012-04-03 21:48:02 516216 ----a-w- c:\windows\system32\drivers\nis\1207010.003\srtsp.sys
2012-04-03 21:48:02 50168 ----a-w- c:\windows\system32\drivers\nis\1207010.003\srtspx.sys
2012-04-03 21:48:02 340088 ----a-w- c:\windows\system32\drivers\nis\1207010.003\symds.sys
2012-04-03 21:48:02 136312 ----a-w- c:\windows\system32\drivers\nis\1207010.003\ironx86.sys
2012-04-03 21:47:45 -------- d-----w- c:\windows\system32\drivers\nis\1207010.003
2012-04-03 10:03:19 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 15:41:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-03-23 12:05:37 -------- d-----w- c:\program files\TurboTax
2012-03-17 20:57:10 -------- d-----w- C:\ThumbDrive
.
==================== Find3M ====================
.
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 10:03:19 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-15 15:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 15:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:26:17 1869184 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 10:24:29.10 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/8/2009 10:52:59 AM
System Uptime: 4/15/2012 7:26:18 AM (3 hours ago)
.
Motherboard: Dell Inc. | | 0J468K
Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz | CPU | 2992/1333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 198.011 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_2E15&SUBSYS_02761028&REV_03\3&172E68DD&0&19
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_2E15&SUBSYS_02761028&REV_03\3&172E68DD&0&19
Service:
.
==== System Restore Points ===================
.
RP97: 1/8/2012 5:59:53 PM - System Checkpoint
RP98: 1/13/2012 6:48:03 AM - Installed 1973 Ford Car Shop Manual (Vol I-VI) (v11.3.1).
RP99: 1/15/2012 9:24:25 AM - Software Distribution Service 3.0
RP100: 1/21/2012 6:46:18 PM - System Checkpoint
RP101: 2/14/2012 5:34:10 PM - Software Distribution Service 3.0
RP102: 2/14/2012 6:46:20 PM - Software Distribution Service 3.0
RP103: 3/3/2012 2:49:31 PM - Software Distribution Service 3.0
RP104: 3/13/2012 6:39:00 PM - Software Distribution Service 3.0
RP105: 3/23/2012 8:06:16 AM - Installed TurboTax 2011 wrapper
RP106: 3/28/2012 11:21:38 AM - System Checkpoint
RP107: 3/29/2012 5:33:35 PM - Software Distribution Service 3.0
RP108: 4/11/2012 5:46:12 PM - Software Distribution Service 3.0
RP109: 4/14/2012 3:58:58 PM - Installed Microsoft Fix it 50267
.
==== Installed Programs ======================
.
1973 Ford Car Shop Manual (Vol I-VI) (v11.3.1)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709a
Acrobat.com
Adobe Acrobat 9 Standard - English, Français, Deutsch
Adobe Acrobat 7.0 Professional
Adobe Acrobat 7.1.0 Professional
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.5.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Connect Participant Application v9.0.82
Audacity 1.2.4
BIAS SoundSoap 2.0
BioAPI Framework
biolsp patch
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Business Contact Manager for Outlook 2007 SP2
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Choice Guard
Cisco Press CCNA ICND Test
Conexant D850 PCI V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
DCP32MMWrapper
Dell Control Point
Dell ControlPoint Connection Manager
Dell ControlPoint Security Manager
Dell ControlPoint System Manager
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Destination Component
DeviceDiscovery
Digital Line Detect
DocMgr
DocProc
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
Fax
Free CraigsList Reader Pro from CraigsPal 4.6.9
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Gemalto
GoldWave v5.56
Google Earth
Google Update Helper
Google Updater
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Intel® Network Connections 13.1.34.2
Intel® Matrix Storage Manager
Internet Explorer (Enable DEP)
iTunes
Java Auto Updater
Java™ 6 Update 20
Junk Mail filter update
LAME v3.98.3 for Audacity
Line 6 Uninstaller
LiveUpdate
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
MFCLOC
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
MobileMe Control Panel
Modem Diagnostic Tool
MovieEdit Task
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Netscape (7.2)
Netscape Navigator (9.0.0.6)
NetWaiting
Network
Norton Internet Security
NTRU TCG Software Stack
NVIDIA Drivers
OCR Software by I.R.I.S. 12.0
OGA Notifier 2.0.0048.0
Palm Desktop
PDF OwnerGuard User Edition
PhotoStitch
PowerDVD
Preboot Manager
Private Information Manager
ProductContext
QuickBooks Simple Start 2009
QuickTime
RAW Image Task 2.2
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Secure Update
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Security Wizards
Segoe UI
Shop for HP Supplies
SmartWebPrinting
SO32MMWrapper
SolutionCenter
Sonic CinePlayer Decoder Pack
SoundMAX
Spybot - Search & Destroy
ST Microelectronics TPM Driver Installer
Status
SupportSoft Assisted Service
Symantec Procomm Plus
Toolbox
TrayApp
Trusted Drive Manager
tsp patch
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows Internet Explorer 8 (KB982664)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UPEK TouchChip Fingerprint Reader
Visual Studio 2005 Tools for Office Second Edition Runtime
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
WebReg
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WinPatrol
WinZip
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
4/8/2012 8:20:58 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
4/14/2012 7:22:04 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.6024.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 15 April 2012 - 12:12 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 NascarFan14

NascarFan14
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 15 April 2012 - 05:50 PM

Ok, I downloaded combofix, disabled Norton ( I have re-enabled now) It asked to update the recovery console which I clicked on yes.The program ran with only 1 popup, "a readily available replacement was not found combofix needs to do an intensive search and I clicked ok. I never had to reboot the PC and the log popped up on the screen ( pasted below). Now I continue to have a Winpatrol popup saying APPINIT_dlls C:\WINDOWS\system32\OGPDFLoader.dll version 8.4.0.0 wants to run and I clck no, another popup appears saying "this setting is in a key location of your operating system we do not recommend removal unless your sure this entry is causing problems" I click no after about the 3rd on I get directed to a webpage saying
WinPatrol Help

Dealing with Repeating Alerts the Easy Way

You may notice or be experiencing a Startup Program entry which keeps coming back after you have asked WinPatrol to remove it.

This type of infiltration can usually still be removed using WinPatrol but may require some extra steps to sure the correct Startup entries are permanently removed. These steps will allow your computer to continue running safely but you may want to use additional Anti-Spyware programs to remove any none threatening traces.
Our recommendations for other free software can be found at http://www.mysteryware.com

Why this is happening?
Frequently, unwanted mystery programs come in groups which are designed to protect and reactivate each other. Even if you tell Scotty to remove and kill a Startup Program, another partner program will replace the data removed by WinPatrol.
If WinPatrol detects the same program repeating itself, Scotty will automatically mark this program as Disabled. While "Disabled", WinPatrol will continue to remove the Startup Program but if other programs are actively replacing it more action is recommended.

What can be done?
The most important step is to stop the programs which are currently active causing you the problems.
WinPatrol can help you!

•Close down or Exit all the applications that you know about running on your computer.
•Click the Active Tasks tab to check what programs are still listed.
•You may see multiple suspicious programs.
Some may have what look to be randomly created filenames.
Frequently, malicious programs will not have a company name or copyright information.
•WinPatrol allows you to Kill multiple tasks with one action.
Hold down the CTRL key to select several tasks at once and click on each suspicious task.
•Click on the Kill Task button.
Once the programs are no longer active you should be able to remove them from the Startup Programs list. Once removed we recommend rebooting and use WinPatrol to verify no unwanted Startup Programs are still around.

"Delete File on Reboot"
If after trying to remove a suspicious or dangerous program you find it still will not go away, right-click on the title of the program and select "Delete File on Reboot." This action will not take place until the next time you re-boot. The file will be deleted before Windows starts and any other programs that may attempt to prevent its deletion.

There is no way to recover the file once it is deleted, so use this feature only when you are absolutely sure you want to remove the file.



Combofix log is below this



ComboFix 12-04-15.02 - Mark 04/15/2012 18:25:09.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2432 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET12.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-14 19:01 . 2012-04-14 19:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-08 23:08 . 2012-04-08 23:08 -------- d-----w- c:\program files\iPod
2012-04-08 23:08 . 2012-04-08 23:09 -------- d-----w- c:\program files\iTunes
2012-04-06 22:16 . 2012-04-06 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-03 21:47 . 2012-04-03 21:51 -------- d-----w- c:\windows\system32\drivers\NIS\1207010.003
2012-04-03 10:03 . 2012-04-03 10:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-23 12:05 . 2012-03-23 12:05 -------- d-----w- c:\program files\TurboTax
2012-03-17 20:57 . 2012-03-17 20:57 -------- d-----w- C:\ThumbDrive
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-28 13:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 10:03 . 2011-05-17 09:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
2012-02-15 15:01 . 2010-07-14 22:26 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 15:01 . 2010-07-14 22:26 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 14:24 40960 ------w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 14:24 40960 ------w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Push Client"="c:\documents and settings\Mark\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2011-04-27 966944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-5-8 25214]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\OGPDFLoader.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
backup=c:\windows\pss\Dell ControlPoint System Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 06:08 483328 ------w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-12-19 22:58 184320 ------w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
2009-03-01 22:09 1810432 ------w- c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
2009-01-19 19:54 667648 ------w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2009-01-16 20:40 95544 ------w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 17:08 49208 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-11 23:53 186904 ------w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2008-09-09 05:21 623880 ------w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-27 03:41 13529088 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 18:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2009-01-16 20:41 656696 ------w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-07-24 19:27 1044480 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService]
2009-01-16 19:46 15360 ------w- c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2008-12-22 16:15 145408 ------w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"TdmService"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"stllssvr"=3 (0x3)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SMManager"=2 (0x2)
"SecureStorageService"=3 (0x3)
"SeaPort"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"PCCUJobMgr"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Norton PC Checkup Application Launcher"=2 (0x2)
"Norton Ghost"=2 (0x2)
"NAV"=2 (0x2)
"MSSQL$MSSMLBIZ"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9d02667f8588"=2 (0x2)
"GEARSecurity"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"CCALib8"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/29/2009 11:15 PM 24064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207010.003\symds.sys [4/3/2012 5:48 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207010.003\symefa.sys [4/3/2012 5:48 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120402.001\BHDrvx86.sys [4/2/2012 7:38 PM 821880]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207010.003\ironx86.sys [4/3/2012 5:48 PM 136312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [4/3/2012 5:47 PM 130008]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [4/29/2009 11:15 PM 144480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2012 6:20 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120413.001\IDSXpx86.sys [4/14/2012 5:28 AM 356280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9d02667f8588;Google Update Service (gupdate1c9d02667f8588);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 5:43 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 6:03 AM 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 5:43 PM 133104]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 6:09 PM 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:03]
.
2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 21:12]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 21:43]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 21:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{4DA84824-FDF0-4C30-898F-BEC7DE01438B}: NameServer = 4.2.2.2,4.2.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-15 18:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\System32\TdmNetworkProvider.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\wvauth.dll
.
Completion time: 2012-04-15 18:32:42
ComboFix-quarantined-files.txt 2012-04-15 22:32
.
Pre-Run: 212,479,815,680 bytes free
Post-Run: 213,105,799,168 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - AFA2F1C7BF21F258214983E35BECBDEB

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 15 April 2012 - 08:28 PM

Greetings

from what I can tell tyhat is a legit file

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 NascarFan14

NascarFan14
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 16 April 2012 - 05:07 AM

Ok, I allowed the APPINIT_dlls (from last post ). Now I continue to have a Winpatrol popup saying APPINIT_dlls C:\WINDOWS\system32\OGPDFLoader.dll version 8.4.0.0 wants to run and I clck no, another popup appears saying "this setting is in a key location of your operating system we do not recommend removal unless your sure this entry is causing problems" I click no after about the 3rd on I get directed to a webpage saying) and I got another popup from winpartrol asking to run dll as an app (2 of them ) 1 c:\windows\system32\rundll32.exe * and rundll32.exe ieframe.dll,openurl %1 and I aloowed both. It said from microsoft. I ran tdsskiller it found no problems and did not ask for a reboot and I ran aswMBR both logs below.

05:30:26.0250 1360 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
05:30:26.0625 1360 ============================================================
05:30:26.0625 1360 Current date / time: 2012/04/16 05:30:26.0625
05:30:26.0625 1360 SystemInfo:
05:30:26.0625 1360
05:30:26.0625 1360 OS Version: 5.1.2600 ServicePack: 3.0
05:30:26.0625 1360 Product type: Workstation
05:30:26.0625 1360 ComputerName: D4Y69TJ1
05:30:26.0625 1360 UserName: Mark
05:30:26.0625 1360 Windows directory: C:\WINDOWS
05:30:26.0625 1360 System windows directory: C:\WINDOWS
05:30:26.0625 1360 Processor architecture: Intel x86
05:30:26.0625 1360 Number of processors: 2
05:30:26.0625 1360 Page size: 0x1000
05:30:26.0625 1360 Boot type: Normal boot
05:30:26.0625 1360 ============================================================
05:30:26.0953 1360 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
05:30:26.0968 1360 \Device\Harddisk0\DR0:
05:30:26.0968 1360 MBR used
05:30:26.0968 1360 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x36E8E, BlocksNum 0x253F6833
05:30:27.0000 1360 Initialize success
05:30:27.0000 1360 ============================================================
05:30:32.0296 0432 ============================================================
05:30:32.0296 0432 Scan started
05:30:32.0296 0432 Mode: Manual;
05:30:32.0296 0432 ============================================================
05:30:32.0687 0432 Abiosdsk - ok
05:30:32.0734 0432 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
05:30:32.0734 0432 abp480n5 - ok
05:30:32.0796 0432 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
05:30:32.0796 0432 ACPI - ok
05:30:32.0828 0432 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
05:30:32.0828 0432 ACPIEC - ok
05:30:32.0875 0432 ADIHdAudAddService (d80d1d73d1dbf38d0afe692c8bdc939a) C:\WINDOWS\system32\drivers\ADIHdAud.sys
05:30:32.0875 0432 ADIHdAudAddService - ok
05:30:33.0000 0432 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
05:30:33.0000 0432 AdobeFlashPlayerUpdateSvc - ok
05:30:33.0015 0432 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
05:30:33.0031 0432 adpu160m - ok
05:30:33.0187 0432 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
05:30:33.0187 0432 aec - ok
05:30:33.0234 0432 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
05:30:33.0234 0432 AFD - ok
05:30:33.0265 0432 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
05:30:33.0265 0432 agp440 - ok
05:30:33.0281 0432 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
05:30:33.0281 0432 agpCPQ - ok
05:30:33.0312 0432 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
05:30:33.0312 0432 Aha154x - ok
05:30:33.0328 0432 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
05:30:33.0328 0432 aic78u2 - ok
05:30:33.0343 0432 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
05:30:33.0343 0432 aic78xx - ok
05:30:33.0359 0432 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
05:30:33.0359 0432 Alerter - ok
05:30:33.0406 0432 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
05:30:33.0406 0432 ALG - ok
05:30:33.0453 0432 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
05:30:33.0453 0432 AliIde - ok
05:30:33.0578 0432 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
05:30:33.0578 0432 alim1541 - ok
05:30:33.0593 0432 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
05:30:33.0593 0432 amdagp - ok
05:30:33.0609 0432 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
05:30:33.0609 0432 amsint - ok
05:30:33.0750 0432 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
05:30:33.0750 0432 Apple Mobile Device - ok
05:30:33.0796 0432 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
05:30:33.0796 0432 AppMgmt - ok
05:30:33.0812 0432 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
05:30:33.0812 0432 asc - ok
05:30:33.0828 0432 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
05:30:33.0828 0432 asc3350p - ok
05:30:33.0859 0432 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
05:30:33.0859 0432 asc3550 - ok
05:30:34.0000 0432 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
05:30:34.0015 0432 aspnet_state - ok
05:30:34.0078 0432 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
05:30:34.0078 0432 AsyncMac - ok
05:30:34.0125 0432 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
05:30:34.0125 0432 atapi - ok
05:30:34.0140 0432 Atdisk - ok
05:30:34.0187 0432 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
05:30:34.0187 0432 Atmarpc - ok
05:30:34.0250 0432 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
05:30:34.0250 0432 AudioSrv - ok
05:30:34.0312 0432 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
05:30:34.0312 0432 audstub - ok
05:30:34.0421 0432 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
05:30:34.0421 0432 BcmSqlStartupSvc - ok
05:30:34.0468 0432 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
05:30:34.0468 0432 Beep - ok
05:30:34.0843 0432 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120402.001\BHDrvx86.sys
05:30:34.0843 0432 BHDrvx86 - ok
05:30:34.0968 0432 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
05:30:34.0968 0432 BITS - ok
05:30:35.0078 0432 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
05:30:35.0078 0432 Bonjour Service - ok
05:30:35.0156 0432 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
05:30:35.0156 0432 Browser - ok
05:30:35.0343 0432 catchme - ok
05:30:35.0406 0432 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
05:30:35.0406 0432 cbidf - ok
05:30:35.0421 0432 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
05:30:35.0421 0432 cbidf2k - ok
05:30:35.0437 0432 CCALib8 (a9acc4b9730b6d5b0bb2bffdc53f0812) C:\Program Files\Canon\CAL\CALMAIN.exe
05:30:35.0437 0432 CCALib8 - ok
05:30:35.0484 0432 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
05:30:35.0484 0432 cd20xrnt - ok
05:30:35.0546 0432 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
05:30:35.0546 0432 Cdaudio - ok
05:30:35.0546 0432 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
05:30:35.0546 0432 Cdfs - ok
05:30:35.0609 0432 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
05:30:35.0609 0432 Cdrom - ok
05:30:35.0625 0432 Changer - ok
05:30:35.0687 0432 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
05:30:35.0687 0432 CiSvc - ok
05:30:35.0703 0432 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
05:30:35.0703 0432 ClipSrv - ok
05:30:35.0781 0432 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
05:30:35.0781 0432 clr_optimization_v2.0.50727_32 - ok
05:30:35.0828 0432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
05:30:35.0828 0432 clr_optimization_v4.0.30319_32 - ok
05:30:35.0937 0432 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
05:30:35.0937 0432 CmdIde - ok
05:30:35.0937 0432 COMSysApp - ok
05:30:35.0953 0432 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
05:30:35.0953 0432 Cpqarray - ok
05:30:35.0984 0432 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
05:30:35.0984 0432 CryptSvc - ok
05:30:36.0000 0432 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
05:30:36.0000 0432 dac2w2k - ok
05:30:36.0000 0432 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
05:30:36.0000 0432 dac960nt - ok
05:30:36.0078 0432 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
05:30:36.0078 0432 DcomLaunch - ok
05:30:36.0140 0432 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
05:30:36.0140 0432 Dhcp - ok
05:30:36.0203 0432 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
05:30:36.0203 0432 Disk - ok
05:30:36.0234 0432 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
05:30:36.0234 0432 DLABMFSM - ok
05:30:36.0265 0432 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
05:30:36.0265 0432 DLABOIOM - ok
05:30:36.0281 0432 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
05:30:36.0281 0432 DLACDBHM - ok
05:30:36.0281 0432 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
05:30:36.0281 0432 DLADResM - ok
05:30:36.0296 0432 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
05:30:36.0296 0432 DLAIFS_M - ok
05:30:36.0296 0432 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
05:30:36.0296 0432 DLAOPIOM - ok
05:30:36.0296 0432 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
05:30:36.0296 0432 DLAPoolM - ok
05:30:36.0312 0432 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
05:30:36.0312 0432 DLARTL_M - ok
05:30:36.0312 0432 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
05:30:36.0312 0432 DLAUDFAM - ok
05:30:36.0328 0432 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
05:30:36.0328 0432 DLAUDF_M - ok
05:30:36.0328 0432 dmadmin - ok
05:30:36.0359 0432 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
05:30:36.0359 0432 dmboot - ok
05:30:36.0421 0432 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
05:30:36.0421 0432 dmio - ok
05:30:36.0421 0432 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
05:30:36.0437 0432 dmload - ok
05:30:36.0484 0432 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
05:30:36.0484 0432 dmserver - ok
05:30:36.0546 0432 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
05:30:36.0546 0432 DMusic - ok
05:30:36.0593 0432 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
05:30:36.0593 0432 Dnscache - ok
05:30:36.0640 0432 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
05:30:36.0656 0432 Dot3svc - ok
05:30:36.0687 0432 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
05:30:36.0687 0432 dpti2o - ok
05:30:36.0734 0432 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
05:30:36.0734 0432 drmkaud - ok
05:30:36.0765 0432 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
05:30:36.0765 0432 DRVMCDB - ok
05:30:36.0812 0432 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
05:30:36.0812 0432 DRVNDDM - ok
05:30:36.0937 0432 e1kexpress (d60759140694150360bbefd9cab7c920) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
05:30:36.0937 0432 e1kexpress - ok
05:30:36.0953 0432 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
05:30:36.0968 0432 EapHost - ok
05:30:37.0109 0432 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
05:30:37.0109 0432 eeCtrl - ok
05:30:37.0140 0432 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
05:30:37.0140 0432 EraserUtilRebootDrv - ok
05:30:37.0218 0432 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
05:30:37.0218 0432 ERSvc - ok
05:30:37.0281 0432 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:30:37.0281 0432 Eventlog - ok
05:30:37.0343 0432 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
05:30:37.0343 0432 EventSystem - ok
05:30:37.0468 0432 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
05:30:37.0468 0432 Fastfat - ok
05:30:37.0531 0432 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:30:37.0531 0432 FastUserSwitchingCompatibility - ok
05:30:37.0531 0432 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
05:30:37.0531 0432 Fdc - ok
05:30:37.0546 0432 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
05:30:37.0546 0432 Fips - ok
05:30:37.0609 0432 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
05:30:37.0609 0432 FLEXnet Licensing Service - ok
05:30:37.0656 0432 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
05:30:37.0656 0432 Flpydisk - ok
05:30:37.0703 0432 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
05:30:37.0703 0432 FltMgr - ok
05:30:37.0843 0432 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
05:30:37.0843 0432 FontCache3.0.0.0 - ok
05:30:37.0921 0432 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
05:30:37.0921 0432 Fs_Rec - ok
05:30:37.0921 0432 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
05:30:37.0921 0432 Ftdisk - ok
05:30:37.0968 0432 GearAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
05:30:37.0968 0432 GearAspiWDM - ok
05:30:38.0015 0432 GEARSecurity (b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\System32\GEARSec.exe
05:30:38.0015 0432 GEARSecurity - ok
05:30:38.0062 0432 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
05:30:38.0062 0432 Gpc - ok
05:30:38.0171 0432 gupdate1c9d02667f8588 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
05:30:38.0171 0432 gupdate1c9d02667f8588 - ok
05:30:38.0171 0432 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
05:30:38.0171 0432 gupdatem - ok
05:30:38.0250 0432 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
05:30:38.0250 0432 gusvc - ok
05:30:38.0328 0432 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
05:30:38.0328 0432 HDAudBus - ok
05:30:38.0437 0432 HECI (e4a123ad734a3731d29ebd3a01b3e535) C:\WINDOWS\system32\DRIVERS\HECI.sys
05:30:38.0437 0432 HECI - ok
05:30:38.0500 0432 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
05:30:38.0500 0432 helpsvc - ok
05:30:38.0546 0432 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
05:30:38.0546 0432 HidServ - ok
05:30:38.0609 0432 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
05:30:38.0609 0432 hidusb - ok
05:30:38.0656 0432 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
05:30:38.0656 0432 hkmsvc - ok
05:30:38.0671 0432 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
05:30:38.0671 0432 hpn - ok
05:30:38.0859 0432 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
05:30:38.0859 0432 hpqcxs08 - ok
05:30:38.0921 0432 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
05:30:38.0921 0432 hpqddsvc - ok
05:30:38.0953 0432 HPSLPSVC (14229263aa19c704e0d6d2e7404a8455) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
05:30:38.0953 0432 HPSLPSVC - ok
05:30:39.0046 0432 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
05:30:39.0046 0432 HPZid412 - ok
05:30:39.0062 0432 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
05:30:39.0062 0432 HPZipr12 - ok
05:30:39.0093 0432 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
05:30:39.0093 0432 HPZius12 - ok
05:30:39.0140 0432 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
05:30:39.0140 0432 HSFHWBS2 - ok
05:30:39.0218 0432 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
05:30:39.0218 0432 HSF_DPV - ok
05:30:39.0296 0432 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
05:30:39.0312 0432 HTTP - ok
05:30:39.0343 0432 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
05:30:39.0359 0432 HTTPFilter - ok
05:30:39.0375 0432 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
05:30:39.0375 0432 i2omgmt - ok
05:30:39.0500 0432 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
05:30:39.0500 0432 i2omp - ok
05:30:39.0578 0432 IAANTMON (48da1a18adda9ceff889d49cfb947770) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
05:30:39.0578 0432 IAANTMON - ok
05:30:39.0656 0432 iaStor (6c44fa574a17b31e12ddbbe973171728) C:\WINDOWS\system32\drivers\iaStor.sys
05:30:39.0656 0432 iaStor - ok
05:30:39.0765 0432 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
05:30:39.0765 0432 IDriverT - ok
05:30:39.0890 0432 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
05:30:39.0890 0432 idsvc - ok
05:30:40.0218 0432 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120413.001\IDSxpx86.sys
05:30:40.0218 0432 IDSxpx86 - ok
05:30:40.0359 0432 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
05:30:40.0359 0432 Imapi - ok
05:30:40.0421 0432 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
05:30:40.0437 0432 ImapiService - ok
05:30:40.0468 0432 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
05:30:40.0468 0432 ini910u - ok
05:30:40.0484 0432 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
05:30:40.0484 0432 IntelIde - ok
05:30:40.0515 0432 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
05:30:40.0515 0432 intelppm - ok
05:30:40.0562 0432 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
05:30:40.0562 0432 Ip6Fw - ok
05:30:40.0593 0432 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
05:30:40.0593 0432 IpFilterDriver - ok
05:30:40.0609 0432 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
05:30:40.0609 0432 IpInIp - ok
05:30:40.0656 0432 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
05:30:40.0656 0432 IpNat - ok
05:30:40.0718 0432 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
05:30:40.0718 0432 iPod Service - ok
05:30:40.0843 0432 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
05:30:40.0843 0432 IPSec - ok
05:30:40.0890 0432 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
05:30:40.0890 0432 IRENUM - ok
05:30:40.0937 0432 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
05:30:40.0937 0432 isapnp - ok
05:30:41.0046 0432 JavaQuickStarterService (1834c96fb1f9280bcf6ddfa6de8338bf) C:\Program Files\Java\jre6\bin\jqs.exe
05:30:41.0046 0432 JavaQuickStarterService - ok
05:30:41.0062 0432 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
05:30:41.0062 0432 Kbdclass - ok
05:30:41.0062 0432 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
05:30:41.0062 0432 kbdhid - ok
05:30:41.0156 0432 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
05:30:41.0156 0432 kmixer - ok
05:30:41.0203 0432 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
05:30:41.0218 0432 KSecDD - ok
05:30:41.0265 0432 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
05:30:41.0265 0432 LanmanServer - ok
05:30:41.0406 0432 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
05:30:41.0406 0432 lanmanworkstation - ok
05:30:41.0468 0432 lbrtfdc - ok
05:30:41.0515 0432 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
05:30:41.0515 0432 LmHosts - ok
05:30:41.0578 0432 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
05:30:41.0578 0432 mdmxsdk - ok
05:30:41.0625 0432 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
05:30:41.0625 0432 Messenger - ok
05:30:41.0671 0432 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
05:30:41.0671 0432 mnmdd - ok
05:30:41.0703 0432 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
05:30:41.0703 0432 mnmsrvc - ok
05:30:41.0765 0432 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
05:30:41.0765 0432 Modem - ok
05:30:41.0812 0432 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
05:30:41.0812 0432 Mouclass - ok
05:30:41.0890 0432 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
05:30:41.0890 0432 mouhid - ok
05:30:41.0968 0432 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
05:30:41.0968 0432 MountMgr - ok
05:30:42.0015 0432 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
05:30:42.0015 0432 mraid35x - ok
05:30:42.0062 0432 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
05:30:42.0062 0432 MRxDAV - ok
05:30:42.0125 0432 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
05:30:42.0125 0432 MRxSmb - ok
05:30:42.0187 0432 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
05:30:42.0187 0432 MSDTC - ok
05:30:42.0234 0432 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
05:30:42.0234 0432 Msfs - ok
05:30:42.0234 0432 MSIServer - ok
05:30:42.0281 0432 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
05:30:42.0281 0432 MSKSSRV - ok
05:30:42.0406 0432 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
05:30:42.0406 0432 MSPCLOCK - ok
05:30:42.0453 0432 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
05:30:42.0453 0432 MSPQM - ok
05:30:42.0531 0432 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
05:30:42.0531 0432 mssmbios - ok
05:30:42.0609 0432 MSSQL$MSSMLBIZ - ok
05:30:42.0656 0432 MSSQLServerADHelper (c06ea83f6fc2959e897c117255b6b1d5) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
05:30:42.0656 0432 MSSQLServerADHelper - ok
05:30:42.0718 0432 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
05:30:42.0718 0432 Mup - ok
05:30:42.0796 0432 NAL (03ca886ba148b6b9996be1368ddc3fc0) C:\WINDOWS\system32\Drivers\iqvw32.sys
05:30:42.0796 0432 NAL - ok
05:30:42.0921 0432 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
05:30:42.0921 0432 napagent - ok
05:30:43.0203 0432 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120415.016\NAVENG.SYS
05:30:43.0203 0432 NAVENG - ok
05:30:43.0265 0432 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120415.016\NAVEX15.SYS
05:30:43.0281 0432 NAVEX15 - ok
05:30:43.0437 0432 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
05:30:43.0437 0432 NDIS - ok
05:30:43.0484 0432 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
05:30:43.0484 0432 NdisTapi - ok
05:30:43.0500 0432 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
05:30:43.0500 0432 Ndisuio - ok
05:30:43.0515 0432 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
05:30:43.0515 0432 NdisWan - ok
05:30:43.0562 0432 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
05:30:43.0562 0432 NDProxy - ok
05:30:43.0625 0432 Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
05:30:43.0625 0432 Net Driver HPZ12 - ok
05:30:43.0671 0432 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
05:30:43.0671 0432 NetBIOS - ok
05:30:43.0687 0432 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
05:30:43.0687 0432 NetBT - ok
05:30:43.0734 0432 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:30:43.0734 0432 NetDDE - ok
05:30:43.0734 0432 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
05:30:43.0750 0432 NetDDEdsdm - ok
05:30:43.0843 0432 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:30:43.0859 0432 Netlogon - ok
05:30:43.0859 0432 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
05:30:43.0875 0432 Netman - ok
05:30:43.0906 0432 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
05:30:43.0921 0432 NetTcpPortSharing - ok
05:30:44.0046 0432 NIS (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
05:30:44.0046 0432 NIS - ok
05:30:44.0109 0432 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
05:30:44.0109 0432 Nla - ok
05:30:44.0171 0432 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
05:30:44.0171 0432 Npfs - ok
05:30:44.0343 0432 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
05:30:44.0359 0432 Ntfs - ok
05:30:44.0437 0432 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:30:44.0437 0432 NtLmSsp - ok
05:30:44.0484 0432 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
05:30:44.0484 0432 NtmsSvc - ok
05:30:44.0515 0432 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
05:30:44.0515 0432 Null - ok
05:30:44.0718 0432 nv (a1129753f45b79e29cb0766713087d4e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
05:30:44.0750 0432 nv - ok
05:30:44.0890 0432 NVSvc (797aaf72bb4d9a816ffa948b79735370) C:\WINDOWS\system32\nvsvc32.exe
05:30:44.0890 0432 NVSvc - ok
05:30:44.0921 0432 NvtSp50 - ok
05:30:44.0968 0432 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
05:30:44.0968 0432 NwlnkFlt - ok
05:30:44.0984 0432 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
05:30:44.0984 0432 NwlnkFwd - ok
05:30:45.0093 0432 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
05:30:45.0093 0432 odserv - ok
05:30:45.0125 0432 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
05:30:45.0140 0432 ose - ok
05:30:45.0187 0432 PalmUSBD (71e2ea2e02828d492add2baab297657d) C:\WINDOWS\system32\drivers\PalmUSBD.sys
05:30:45.0187 0432 PalmUSBD - ok
05:30:45.0281 0432 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
05:30:45.0281 0432 Parport - ok
05:30:45.0296 0432 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
05:30:45.0296 0432 PartMgr - ok
05:30:45.0328 0432 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
05:30:45.0328 0432 ParVdm - ok
05:30:45.0406 0432 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
05:30:45.0406 0432 PBADRV - ok
05:30:45.0421 0432 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
05:30:45.0421 0432 PCI - ok
05:30:45.0421 0432 PCIDump - ok
05:30:45.0468 0432 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
05:30:45.0484 0432 PCIIde - ok
05:30:45.0515 0432 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
05:30:45.0515 0432 Pcmcia - ok
05:30:45.0531 0432 PDCOMP - ok
05:30:45.0531 0432 PDFRAME - ok
05:30:45.0531 0432 PDRELI - ok
05:30:45.0546 0432 PDRFRAME - ok
05:30:45.0562 0432 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
05:30:45.0562 0432 perc2 - ok
05:30:45.0562 0432 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
05:30:45.0562 0432 perc2hib - ok
05:30:45.0609 0432 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
05:30:45.0609 0432 PlugPlay - ok
05:30:45.0781 0432 Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
05:30:45.0781 0432 Pml Driver HPZ12 - ok
05:30:45.0843 0432 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:30:45.0843 0432 PolicyAgent - ok
05:30:45.0875 0432 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
05:30:45.0875 0432 PptpMiniport - ok
05:30:45.0875 0432 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:30:45.0875 0432 ProtectedStorage - ok
05:30:45.0890 0432 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
05:30:45.0890 0432 PSched - ok
05:30:45.0921 0432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
05:30:45.0921 0432 Ptilink - ok
05:30:45.0984 0432 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
05:30:45.0984 0432 PxHelp20 - ok
05:30:46.0078 0432 QBCFMonitorService (17996ca5c59259ae02ca95bd11d7beec) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
05:30:46.0078 0432 QBCFMonitorService - ok
05:30:46.0109 0432 QBFCService (2241eaf40e472c471cb80cf6b97cca11) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
05:30:46.0109 0432 QBFCService - ok
05:30:46.0234 0432 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
05:30:46.0234 0432 ql1080 - ok
05:30:46.0296 0432 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
05:30:46.0296 0432 Ql10wnt - ok
05:30:46.0328 0432 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
05:30:46.0328 0432 ql12160 - ok
05:30:46.0343 0432 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
05:30:46.0343 0432 ql1240 - ok
05:30:46.0343 0432 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
05:30:46.0343 0432 ql1280 - ok
05:30:46.0390 0432 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
05:30:46.0390 0432 RasAcd - ok
05:30:46.0453 0432 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
05:30:46.0453 0432 RasAuto - ok
05:30:46.0468 0432 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
05:30:46.0468 0432 Rasl2tp - ok
05:30:46.0484 0432 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
05:30:46.0484 0432 RasMan - ok
05:30:46.0484 0432 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
05:30:46.0484 0432 RasPppoe - ok
05:30:46.0500 0432 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
05:30:46.0500 0432 Raspti - ok
05:30:46.0546 0432 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
05:30:46.0546 0432 Rdbss - ok
05:30:46.0671 0432 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
05:30:46.0671 0432 RDPCDD - ok
05:30:46.0734 0432 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
05:30:46.0734 0432 rdpdr - ok
05:30:46.0765 0432 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
05:30:46.0765 0432 RDPWD - ok
05:30:46.0812 0432 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
05:30:46.0812 0432 RDSessMgr - ok
05:30:46.0828 0432 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
05:30:46.0828 0432 redbook - ok
05:30:46.0843 0432 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
05:30:46.0843 0432 RemoteAccess - ok
05:30:46.0875 0432 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
05:30:46.0875 0432 RemoteRegistry - ok
05:30:46.0890 0432 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
05:30:46.0890 0432 RpcLocator - ok
05:30:46.0937 0432 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
05:30:46.0937 0432 RpcSs - ok
05:30:47.0078 0432 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
05:30:47.0078 0432 RSVP - ok
05:30:47.0140 0432 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
05:30:47.0140 0432 SamSs - ok
05:30:47.0171 0432 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
05:30:47.0171 0432 SCardSvr - ok
05:30:47.0203 0432 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
05:30:47.0203 0432 Schedule - ok
05:30:47.0296 0432 SeaPort (271077b91d7ad1b616f8afdfe8e3f981) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
05:30:47.0296 0432 SeaPort - ok
05:30:47.0359 0432 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
05:30:47.0359 0432 Secdrv - ok
05:30:47.0406 0432 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
05:30:47.0406 0432 seclogon - ok
05:30:47.0531 0432 SecureStorageService (27d53cd650cc77123faf2f07023dabc7) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
05:30:47.0531 0432 SecureStorageService - ok
05:30:47.0640 0432 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
05:30:47.0640 0432 SENS - ok
05:30:47.0703 0432 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
05:30:47.0703 0432 Serenum - ok
05:30:47.0718 0432 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
05:30:47.0734 0432 Serial - ok
05:30:47.0781 0432 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
05:30:47.0781 0432 SFAUDIO - ok
05:30:47.0828 0432 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
05:30:47.0843 0432 Sfloppy - ok
05:30:47.0906 0432 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
05:30:47.0906 0432 SharedAccess - ok
05:30:47.0984 0432 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:30:47.0984 0432 ShellHWDetection - ok
05:30:47.0984 0432 Simbad - ok
05:30:48.0015 0432 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
05:30:48.0015 0432 sisagp - ok
05:30:48.0171 0432 SMManager (b0bf6833849bfa70f42e1e22dee476f8) C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
05:30:48.0171 0432 SMManager - ok
05:30:48.0359 0432 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
05:30:48.0359 0432 Sparrow - ok
05:30:48.0406 0432 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
05:30:48.0406 0432 splitter - ok
05:30:48.0453 0432 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
05:30:48.0453 0432 Spooler - ok
05:30:48.0562 0432 SQLBrowser (b2ec3e1deac5f0a764bd3486d213a0af) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
05:30:48.0562 0432 SQLBrowser - ok
05:30:48.0609 0432 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
05:30:48.0609 0432 SQLWriter - ok
05:30:48.0671 0432 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
05:30:48.0671 0432 sr - ok
05:30:48.0734 0432 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
05:30:48.0734 0432 srservice - ok
05:30:48.0953 0432 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\NIS\1207010.003\SRTSP.SYS
05:30:48.0953 0432 SRTSP - ok
05:30:49.0000 0432 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\NIS\1207010.003\SRTSPX.SYS
05:30:49.0000 0432 SRTSPX - ok
05:30:49.0078 0432 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
05:30:49.0078 0432 Srv - ok
05:30:49.0125 0432 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
05:30:49.0140 0432 SSDPSRV - ok
05:30:49.0156 0432 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
05:30:49.0156 0432 stisvc - ok
05:30:49.0218 0432 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
05:30:49.0218 0432 stllssvr - ok
05:30:49.0406 0432 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
05:30:49.0421 0432 swenum - ok
05:30:49.0468 0432 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
05:30:49.0484 0432 swmidi - ok
05:30:49.0484 0432 SwPrv - ok
05:30:49.0515 0432 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
05:30:49.0515 0432 symc810 - ok
05:30:49.0531 0432 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
05:30:49.0531 0432 symc8xx - ok
05:30:49.0625 0432 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\NIS\1207010.003\SYMDS.SYS
05:30:49.0625 0432 SymDS - ok
05:30:49.0656 0432 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\NIS\1207010.003\SYMEFA.SYS
05:30:49.0656 0432 SymEFA - ok
05:30:49.0796 0432 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
05:30:49.0796 0432 SymEvent - ok
05:30:49.0859 0432 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\NIS\1207010.003\Ironx86.SYS
05:30:49.0859 0432 SymIRON - ok
05:30:49.0890 0432 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\NIS\1207010.003\SYMTDI.SYS
05:30:49.0890 0432 SYMTDI - ok
05:30:49.0906 0432 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
05:30:49.0906 0432 sym_hi - ok
05:30:49.0921 0432 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
05:30:49.0921 0432 sym_u3 - ok
05:30:49.0968 0432 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
05:30:49.0968 0432 sysaudio - ok
05:30:50.0000 0432 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
05:30:50.0015 0432 SysmonLog - ok
05:30:50.0046 0432 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
05:30:50.0046 0432 TapiSrv - ok
05:30:50.0234 0432 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
05:30:50.0234 0432 Tcpip - ok
05:30:50.0359 0432 tcsd_win32.exe (69f1a38a6dbfe682491cb61a596662e3) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
05:30:50.0375 0432 tcsd_win32.exe - ok
05:30:50.0562 0432 TdmService (b6cae7741addce1d57b65e015751a274) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
05:30:50.0562 0432 TdmService - ok
05:30:50.0687 0432 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
05:30:50.0687 0432 TDPIPE - ok
05:30:50.0734 0432 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
05:30:50.0734 0432 TDTCP - ok
05:30:50.0796 0432 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
05:30:50.0796 0432 TermDD - ok
05:30:50.0859 0432 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
05:30:50.0859 0432 TermService - ok
05:30:50.0906 0432 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
05:30:50.0921 0432 Themes - ok
05:30:50.0953 0432 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
05:30:50.0953 0432 TlntSvr - ok
05:30:50.0953 0432 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
05:30:50.0953 0432 TosIde - ok
05:30:51.0000 0432 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
05:30:51.0000 0432 TrkWks - ok
05:30:51.0203 0432 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
05:30:51.0203 0432 Udfs - ok
05:30:51.0265 0432 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
05:30:51.0265 0432 ultra - ok
05:30:51.0296 0432 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
05:30:51.0312 0432 Update - ok
05:30:51.0343 0432 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
05:30:51.0343 0432 upnphost - ok
05:30:51.0359 0432 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
05:30:51.0359 0432 UPS - ok
05:30:51.0406 0432 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys
05:30:51.0406 0432 USBAAPL - ok
05:30:51.0453 0432 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
05:30:51.0468 0432 usbaudio - ok
05:30:51.0546 0432 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
05:30:51.0546 0432 usbccgp - ok
05:30:51.0609 0432 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
05:30:51.0609 0432 usbehci - ok
05:30:51.0671 0432 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
05:30:51.0671 0432 usbhub - ok
05:30:51.0703 0432 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
05:30:51.0703 0432 usbprint - ok
05:30:51.0750 0432 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
05:30:51.0750 0432 usbscan - ok
05:30:51.0781 0432 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
05:30:51.0781 0432 USBSTOR - ok
05:30:51.0812 0432 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
05:30:51.0812 0432 usbuhci - ok
05:30:51.0828 0432 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
05:30:51.0828 0432 VgaSave - ok
05:30:51.0859 0432 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
05:30:51.0859 0432 viaagp - ok
05:30:52.0000 0432 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
05:30:52.0000 0432 ViaIde - ok
05:30:52.0046 0432 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
05:30:52.0046 0432 VolSnap - ok
05:30:52.0093 0432 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
05:30:52.0093 0432 VSS - ok
05:30:52.0140 0432 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
05:30:52.0140 0432 w32time - ok
05:30:52.0156 0432 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
05:30:52.0156 0432 Wanarp - ok
05:30:52.0187 0432 WavxDMgr (fc2606083f35db9c497d6ba9f554d22c) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
05:30:52.0187 0432 WavxDMgr - ok
05:30:52.0187 0432 WDICA - ok
05:30:52.0234 0432 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
05:30:52.0234 0432 wdmaud - ok
05:30:52.0234 0432 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
05:30:52.0234 0432 WebClient - ok
05:30:52.0312 0432 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
05:30:52.0312 0432 winachsf - ok
05:30:52.0546 0432 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
05:30:52.0546 0432 winmgmt - ok
05:30:52.0609 0432 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
05:30:52.0625 0432 WinRM - ok
05:30:52.0781 0432 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
05:30:52.0781 0432 wlidsvc - ok
05:30:52.0812 0432 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
05:30:52.0812 0432 WmdmPmSN - ok
05:30:52.0968 0432 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
05:30:52.0984 0432 Wmi - ok
05:30:53.0078 0432 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
05:30:53.0078 0432 WmiAcpi - ok
05:30:53.0203 0432 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
05:30:53.0203 0432 WmiApSrv - ok
05:30:53.0296 0432 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
05:30:53.0296 0432 WMPNetworkSvc - ok
05:30:53.0421 0432 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
05:30:53.0421 0432 WPFFontCache_v0400 - ok
05:30:53.0609 0432 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
05:30:53.0609 0432 WS2IFSL - ok
05:30:53.0640 0432 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
05:30:53.0656 0432 wscsvc - ok
05:30:53.0656 0432 WSearch - ok
05:30:53.0703 0432 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
05:30:53.0703 0432 wuauserv - ok
05:30:53.0750 0432 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
05:30:53.0750 0432 WudfPf - ok
05:30:53.0765 0432 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
05:30:53.0765 0432 WudfSvc - ok
05:30:53.0812 0432 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
05:30:53.0812 0432 WZCSVC - ok
05:30:53.0843 0432 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
05:30:53.0859 0432 xmlprov - ok
05:30:53.0859 0432 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
05:30:53.0921 0432 \Device\Harddisk0\DR0 - ok
05:30:53.0921 0432 Boot (0x1200) (702d56126f370bf2414de699812c1649) \Device\Harddisk0\DR0\Partition0
05:30:53.0921 0432 \Device\Harddisk0\DR0\Partition0 - ok
05:30:53.0921 0432 ============================================================
05:30:53.0921 0432 Scan finished
05:30:53.0921 0432 ============================================================
05:30:53.0937 0208 Detected object count: 0
05:30:53.0937 0208 Actual detected object count: 0
05:31:05.0546 2716 Deinitialize success




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-16 05:31:09
-----------------------------
05:31:09.703 OS Version: Windows 5.1.2600 Service Pack 3
05:31:09.703 Number of processors: 2 586 0x170A
05:31:09.703 ComputerName: D4Y69TJ1 UserName: Mark
05:31:10.609 Initialize success
05:36:59.218 AVAST engine defs: 12041600
05:37:03.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:37:03.078 Disk 0 Vendor: Hitachi_ GM3O Size: 305245MB BusType: 8
05:37:03.093 Disk 0 MBR read successfully
05:37:03.109 Disk 0 MBR scan
05:37:03.125 Disk 0 Windows VISTA default MBR code
05:37:03.125 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 109 MB offset 63
05:37:03.156 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305133 MB offset 224910
05:37:03.156 Disk 0 scanning sectors +625137345
05:37:03.250 Disk 0 scanning C:\WINDOWS\system32\drivers
05:37:14.218 Service scanning
05:37:40.890 Modules scanning
05:37:49.953 Disk 0 trace - called modules:
05:37:50.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
05:37:50.000 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac58868]
05:37:50.000 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a6bb028]
05:37:50.937 AVAST engine scan C:\WINDOWS
05:38:07.781 AVAST engine scan C:\WINDOWS\system32
05:40:36.281 AVAST engine scan C:\WINDOWS\system32\drivers
05:40:58.281 AVAST engine scan C:\Documents and Settings\Mark
05:46:43.640 AVAST engine scan C:\Documents and Settings\All Users
05:58:39.500 Scan finished successfully
06:01:14.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat"
06:01:14.625 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\1aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 16 April 2012 - 12:11 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 NascarFan14

NascarFan14
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 16 April 2012 - 05:07 PM

I have followed the directions and the log from the new combofix is below. I did disable Norton prior to running combofix as were the instructions on the first pass.
I still have the new hardware wizard popping up on restarts and cold starts. The google search seems back to normal and the speed of the computer seems faster.
ComboFix 12-04-15.02 - Mark 04/16/2012 17:40:12.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2078 [GMT -4:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mark\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-16 to 2012-04-16 )))))))))))))))))))))))))))))))
.
.
2012-04-14 19:01 . 2012-04-14 19:01 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-08 23:08 . 2012-04-08 23:08 -------- d-----w- c:\program files\iPod
2012-04-08 23:08 . 2012-04-08 23:09 -------- d-----w- c:\program files\iTunes
2012-04-06 22:16 . 2012-04-06 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-04-03 21:47 . 2012-04-03 21:51 -------- d-----w- c:\windows\system32\drivers\NIS\1207010.003
2012-04-03 10:03 . 2012-04-03 10:03 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2012-03-23 12:05 . 2012-03-23 12:05 -------- d-----w- c:\program files\TurboTax
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 19:56 . 2011-12-28 13:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 10:03 . 2011-05-17 09:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-25 16:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-25 16:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-25 16:16 385024 ------w- c:\windows\system32\html.iec
2012-02-15 15:01 . 2010-07-14 22:26 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-02-15 15:01 . 2010-07-14 22:26 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-03 09:26 . 2008-04-25 16:16 1869184 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_22.30.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-16 21:10 . 2012-04-16 21:10 16384 c:\windows\Temp\Perflib_Perfdata_77c.dat
+ 2012-04-16 21:11 . 2012-04-16 21:11 16384 c:\windows\Temp\Perflib_Perfdata_12c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-01-14 14:24 40960 ------w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-01-14 14:24 40960 ------w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Push Client"="c:\documents and settings\Mark\Local Settings\Application Data\ATT Connect\Participant\pull.exe" [2011-04-27 966944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-5-8 25214]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\OGPDFLoader.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell ControlPoint System Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk
backup=c:\windows\pss\Dell ControlPoint System Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2008-04-23 06:08 483328 ------w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 02:43 640376 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 06:25 37232 ------w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
2008-12-19 22:58 184320 ------w- c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
2009-03-01 22:09 1810432 ------w- c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
2009-01-19 19:54 667648 ------w- c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2009-01-16 20:40 95544 ------w- c:\program files\Wave Systems Corp\EMBASSY Security Setup\EmbassySecurityCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 17:08 49208 ------w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-12-11 23:53 186904 ------w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2008-09-09 05:21 623880 ------w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-10-27 03:41 13529088 ------w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-05-23 18:06 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ------w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
2009-01-16 20:41 656696 ------w- c:\program files\Wave Systems Corp\SecureUpgrade.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2008-07-24 19:27 1044480 ------w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USCService]
2009-01-16 19:46 15360 ------w- c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
2008-12-22 16:15 145408 ------w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"wlidsvc"=2 (0x2)
"TdmService"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)
"Symantec Core LC"=2 (0x2)
"stllssvr"=3 (0x3)
"SQLWriter"=2 (0x2)
"SQLBrowser"=2 (0x2)
"SMManager"=2 (0x2)
"SecureStorageService"=3 (0x3)
"SeaPort"=2 (0x2)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"PCCUJobMgr"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Norton PC Checkup Application Launcher"=2 (0x2)
"Norton Ghost"=2 (0x2)
"NAV"=2 (0x2)
"MSSQL$MSSMLBIZ"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMON"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9d02667f8588"=2 (0x2)
"GEARSecurity"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"CCALib8"=2 (0x2)
"BcmSqlStartupSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [4/29/2009 11:15 PM 24064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1207010.003\symds.sys [4/3/2012 5:48 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1207010.003\symefa.sys [4/3/2012 5:48 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120402.001\BHDrvx86.sys [4/2/2012 7:38 PM 821880]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1207010.003\ironx86.sys [4/3/2012 5:48 PM 136312]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [4/3/2012 5:47 PM 130008]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [4/29/2009 11:15 PM 144480]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2012 6:20 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120416.001\IDSXpx86.sys [4/16/2012 5:18 PM 356280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1c9d02667f8588;Google Update Service (gupdate1c9d02667f8588);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 5:43 PM 133104]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 6:03 AM 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2009 5:43 PM 133104]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [3/1/2009 6:09 PM 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 10:03]
.
2012-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-04-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-08 21:12]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 21:43]
.
2012-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 21:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{4DA84824-FDF0-4C30-898F-BEC7DE01438B}: NameServer = 4.2.2.2,4.2.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-16 17:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.1.3\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\windows\System32\TdmNetworkProvider.dll
.
- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\wvauth.dll
.
- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-04-16 17:51:07
ComboFix-quarantined-files.txt 2012-04-16 21:51
ComboFix2.txt 2012-04-15 22:32
.
Pre-Run: 213,005,635,584 bytes free
Post-Run: 213,046,517,760 bytes free
.
- - End Of File - - FA78CB5B33847A8E81145D40FF21DBAC

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 16 April 2012 - 09:12 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.5.1
Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 NascarFan14

NascarFan14
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 17 April 2012 - 04:35 PM

Just an update, when I turned on the computer (twice) I got the blue screen of death, the code was (part that was not in hex) kdcom.d77. I then booted into safe mode with networking, was able to check email with outlook but unable to connect to the internet with IE. I will follow the last set of directions posted by you.

#12 NascarFan14

NascarFan14
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 17 April 2012 - 05:51 PM

Just an update, when I turned on the computer (twice) I got the blue screen of death, the code was (part that was not in hex) kdcom.d77. I then booted into safe mode with networking, was able to check email with outlook but unable to connect to the internet with IE. I will follow the last set of directions posted by you.The new hardware wizard popup was in safe mode also.
Deleted Adobe 9.5.1 and Java as directed. While downloading new Adobe watchdog popu asked to add jp2ssv.dll at c:\programs\files\ire61\bin\jp2ssv.dll and I said no Installed new adobe and did requested reboot, when reboot started I got 2 warning popups but the system rebooted before I could document them. Updated Jave ( on a side note I see alot of activity on my network connection while doing scans and checks) another winpatrol popup to add javatmplatformse6u31 at c:\programfiles\java\ire61\libdeploy\jqs\ie\jqs_plugin.dll and I clicked on no. ran ccsetup and 309mb was removed. ran MBAM as directed, first time I got the popup windows has encountered a problem while doing the quick scan, I said not to inform microsoft and the program closed. Ran update again and quickscan and the program failed again. Moved on to hijack and ran as directed, log is below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:43:17 PM, on 4/17/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Mark\Local Settings\Application Data\ATT Connect\Participant\pull.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netscape\Navigator 9\navigator.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.jayski.com/cupnews.htm"); (C:\Documents and Settings\MARK\Application Data\Mozilla\Profiles\default\alcucgw2.slt\prefs.js)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Push Client] "C:\Documents and Settings\Mark\Local Settings\Application Data\ATT Connect\Participant\pull.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1241797114031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257041256593
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4DA84824-FDF0-4C30-898F-BEC7DE01438B}: NameServer = 4.2.2.2,4.2.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{4DA84824-FDF0-4C30-898F-BEC7DE01438B}: NameServer = 4.2.2.2,4.2.2.1
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O20 - AppInit_DLLs: C:\WINDOWS\system32\OGPDFLoader.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate1c9d02667f8588) (gupdate1c9d02667f8588) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe

--
End of file - 10265 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 17 April 2012 - 06:40 PM

Uninstall Malwarebytes

  • Click on Start and select Control Panel
  • Open Add/Remove Programs
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 NascarFan14

NascarFan14
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 18 April 2012 - 04:39 PM

Below is the new malware log, there were no identified problems from the scan. This morning while I was going through the steps, removed old malware program, rebooted downloaded clean and norton popup saying stopped malicous web attack website14, I am continuously getting these, also fake av redirect 21 . Ran clean program and rebooted computer. There is still signifigant network activity , for example before turning off norton to download new malware network was steady for 20 minutes, 64,414 packets sent 63,376 sent and I didnt start any programs. This evening turned on computer to post, of course the new hardware wizard popup appeared, I canceled again, network ran for 15 minutes straight 32,536 set 30,367 received no programs started by me. Went to post the new info, computer froze, could not start any programs, could not cntrl alt del, power reset computer. After reset computer rebooted and although I could open programs I could not connect to the internet. I rebooted again and now with the exception of the malicious stops by norton and the high CPU usage alert from Generic Host process for Win 32 services I can connect to the internet.
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mark :: D4Y69TJ1 [administrator]

4/18/2012 5:55:36 AM
mbam-log-2012-04-18 (05-55-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234187
Time elapsed: 22 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:08 PM

Posted 18 April 2012 - 05:02 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users