Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Missing Desktop and Taskbar Icons Slow CPU


  • This topic is locked This topic is locked
19 replies to this topic

#1 khan3000

khan3000

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 23 April 2012 - 12:01 PM

All desktop and taskbar icons are missing, and related icons under Start menu. Upon activating any program / browser CPU pins at 100%. Have run Eset and quarantined the following but did not really affect symptoms.

C:\System Volume Information\_restore{6B968584-D163-4ACE-9809-F35856664052}\RP102\A0039793.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6B968584-D163-4ACE-9809-F35856664052}\RP97\A0037122.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined


Malwarebytes and Spybot find nothing. A few unusual entries in Hijack log. Tried to fix O15 Protocol Defaults but cannot remove. Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:59:11 AM, on 4/23/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279957481345
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8714 bytes

BC AdBot (Login to Remove)

 


#2 khan3000

khan3000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 24 April 2012 - 10:49 PM

UPDATE 4/24/12 HijackThis log, DDS, attach.zip, GMER.txt

"All desktop and taskbar icons are missing, and related icons under Start menu. Upon activating any program / browser CPU pins at 100%. Have run Eset and quarantined the following but did not really affect symptoms.

C:\System Volume Information\_restore{6B968584-D163-4ACE-9809-F35856664052}\RP102\A0039793.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{6B968584-D163-4ACE-9809-F35856664052}\RP97\A0037122.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined


Malwarebytes and Spybot find nothing. A few unusual entries in Hijack log. Tried to fix O15 Protocol Defaults but cannot remove. Thanks"....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:44:07 PM, on 4/24/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279957481345
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 8033 bytes


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by CAN at 20:21:28 on 2012-04-24
.
============== Running Processes ===============
.
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\TEMP\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "c:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "c:\program files\epson software\fax utility\FUFAXSTM.exe"
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279957481345
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60} : NameServer = 68.87.76.182,68.87.76.134
TCP: Interfaces\{1B4DCB12-85CC-487C-A195-51CB962BA819} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\temp\application data\mozilla\firefox\profiles\tas0imbk.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? BHDrvx86;BHDrvx86
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? EraserUtilRebootDrv;EraserUtilRebootDrv
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? IDSxpx86;IDSxpx86
R? IntuitUpdateServiceV4;Intuit Update Service v4
R? is3srv;is3srv
R? LBeepKE;Logitech Beep Suppression Driver
R? LinksysUpdater;Linksys Updater
R? MacDriveService;MacDriveService
R? MDFSYSNT;MacDrive file system driver
R? MDPMGRNT;MDPMGRNT
R? N360;Norton Security Suite
R? NAVENG;NAVENG
R? NAVEX15;NAVEX15
R? PSI;PSI
R? Secunia PSI Agent;Secunia PSI Agent
R? Secunia Update Agent;Secunia Update Agent
R? SymIRON;Symantec Iron Driver
R? szkg5;szkg5
R? szkgfs;szkgfs
R? USBIODS;Delcom USB IO Driver
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter
S? LHidEqd;Logitech SetPoint Unifying KMDF HID Filter
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? tdrpman228;Acronis Try&Decide and Restore Points filter (build 228)
.
=============== Created Last 30 ================
.
2012-04-23 20:49:28 -------- d-----w- c:\documents and settings\temp\local settings\application data\Apple Computer
2012-04-22 01:17:58 12127 -c--a-w- c:\windows\system32\dllcache\wadv02nt.sys
2012-04-22 01:16:58 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2012-04-22 01:15:59 43904 -c--a-w- c:\windows\system32\dllcache\sbp2port.sys
2012-04-22 01:14:57 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2012-04-22 01:13:53 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2012-04-22 01:08:41 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2012-04-22 01:07:59 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2012-04-22 01:06:59 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2012-04-22 00:37:16 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2012-04-22 00:36:59 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
2012-04-22 00:35:59 272640 -c--a-w- c:\windows\system32\dllcache\cinemclc.sys
2012-04-22 00:34:59 23552 -c--a-w- c:\windows\system32\dllcache\atixbar.sys
2012-04-22 00:33:41 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2012-04-21 22:56:14 -------- d-sha-r- C:\cmdcons
2012-04-21 19:24:41 -------- d-----w- c:\documents and settings\temp\application data\Malwarebytes
2012-04-21 18:01:25 -------- d-----w- c:\documents and settings\temp\local settings\application data\Adobe
2012-04-21 17:14:00 -------- d-----w- c:\documents and settings\temp\local settings\application data\Mozilla
2012-04-21 16:54:18 -------- d-----w- c:\documents and settings\temp\local settings\application data\Microsoft
2012-04-15 17:31:22 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-04-15 17:31:22 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-04-15 17:06:12 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-04-15 17:06:12 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-15 17:00:03 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
2012-04-15 16:59:58 -------- d-----w- c:\program files\Viewpoint
2012-04-15 16:57:19 -------- d-----w- c:\program files\common files\AOL
2012-04-15 16:57:18 -------- d-----w- c:\program files\AOL Desktop 9.6
2012-04-15 16:57:17 -------- d-----w- c:\program files\common files\aolshare
2012-04-12 04:05:51 -------- d-----w- c:\program files\UPHClean
2012-04-11 07:10:45 5600 ----a-w- c:\windows\system\WINASPI.DLL
2012-04-11 07:10:45 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2012-04-11 07:10:45 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2012-04-11 07:10:45 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2012-04-11 06:08:59 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdi.sys
2012-04-11 06:08:59 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-04-11 06:08:59 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-04-11 06:08:58 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-04-11 06:08:58 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-04-11 06:08:58 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-04-11 06:08:58 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-04-11 06:08:58 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-04-11 06:08:08 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-04-08 06:56:34 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-08 06:56:34 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-08 06:56:34 -------- d-----w- c:\program files\Symantec
2012-04-08 06:56:34 -------- d-----w- c:\program files\common files\Symantec Shared
2012-04-08 06:55:55 -------- d-----w- c:\program files\Norton Security Suite
2012-04-08 06:55:30 -------- d-----w- c:\program files\NortonInstaller
2012-04-08 06:23:34 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage
2012-04-08 06:22:26 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-04-08 06:21:42 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2012-04-08 04:00:45 -------- d-----w- C:\temp
2012-04-08 03:52:44 -------- d-----w- c:\windows\system32\NtmsData
2012-04-06 06:03:32 -------- d-----w- c:\program files\SystemRequirementsLab
2012-03-29 14:56:49 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-04-14 15:25:21 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 03:54:46 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 23:01:33 2 --shatr- c:\windows\winstart.bat
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
2012-02-16 05:04:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 05:04:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 20:21:42.05 ===============

#3 khan3000

khan3000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 24 April 2012 - 10:52 PM

Attached File  attach.zip   3KB   1 downloads

Attached Files

  • Attached File  GMER.txt   821bytes   0 downloads


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 PM

Posted 26 April 2012 - 03:12 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 khan3000

khan3000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 26 April 2012 - 11:39 PM

Gringo - thank you for your assistance! Before I start, let me update you. I did a System Restore last night to a System Check point from 3 days ago. Everything seems to have returned to normal. Desktop, Taskbar, and Start icons have returned and CPU speed seems normal. The current HijackThis log no longer shows any O15 Protocol Defaults and the odd R values also seemed to have cleared. That said, I would still like to make sure all is cleared. Below is the Security Check checkup.txt for your review. I have not proceeded with ComboFix until you can reassess. Let me know if you would like me to proceed with ComboFix at this point. Thanks....

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:

SpywareBlaster 4.6
Spybot - Search & Destroy
Secunia PSI (2.0.0.3003)
CCleaner
TweakNow RegCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.233
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (11.0.)
Mozilla Thunderbird 3.1.12 Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 PM

Posted 26 April 2012 - 11:41 PM

yes go ahead and send me the report when it completes


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 khan3000

khan3000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 27 April 2012 - 12:37 AM

ComboFix 12-04-26.01 - CAN 04/26/2012 22:06:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1334 [GMT -7:00]
Running from: c:\documents and settings\CAN\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\weave\toFetch
c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\weave\toFetch\bookmarks.json
c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\weave\toFetch\clients.json
c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\weave\toFetch\forms.json
c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\weave\toFetch\history.json
c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\weave\toFetch\passwords.json
c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\weave\toFetch\prefs.json
c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\weave\toFetch\tabs.json
c:\documents and settings\CAN\My Documents\$AP346F.tmp
c:\documents and settings\CAN\My Documents\$AP5B89.tmp
c:\documents and settings\CAN\My Documents\$AP6395.tmp
c:\documents and settings\CAN\My Documents\$AP6E0D.tmp
c:\documents and settings\CAN\WINDOWS
c:\windows\system32\default_user_class.dat.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 03:36 . 2012-04-27 03:36 -------- d-----w- c:\documents and settings\Guest\Application Data\ID Vault
2012-04-25 04:52 . 2012-03-30 16:20 104008 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2012-04-25 04:52 . 2012-03-30 16:20 1717832 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.dll
2012-04-25 04:52 . 2012-03-30 16:20 136776 ----a-w- c:\program files\Mozilla Firefox\CommonDotNET.dll
2012-04-25 04:52 . 2012-03-30 16:15 8007680 ----a-w- c:\program files\Mozilla Firefox\Microsoft.mshtml.dll
2012-04-25 04:51 . 2011-07-05 17:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2012-04-25 04:50 . 2012-04-26 05:11 -------- d-----w- c:\windows\system32\drivers\N360\0502010.003
2012-04-25 04:50 . 2012-04-25 04:50 -------- d-----w- c:\documents and settings\All Users\GID
2012-04-25 04:50 . 2012-04-25 04:50 -------- d-----w- c:\program files\SFT
2012-04-25 04:26 . 2012-04-25 04:26 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-21 22:38 . 2012-04-25 04:26 -------- d-s---w- c:\documents and settings\Administrator
2012-04-21 16:06 . 2012-04-25 04:26 -------- d-s---w- c:\documents and settings\TEMP
2012-04-21 01:54 . 2012-04-21 01:54 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2012-04-19 15:11 . 2012-04-19 15:11 -------- d-----w- c:\documents and settings\Guest\Application Data\FastStone
2012-04-16 05:41 . 2012-04-16 05:41 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2012-04-16 05:40 . 2012-04-16 05:40 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2012-04-15 18:13 . 2012-04-15 18:13 -------- d-----w- c:\documents and settings\Guest\Application Data\vlc
2012-04-15 17:31 . 2012-03-13 04:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-04-15 17:31 . 2012-03-13 04:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-04-15 17:01 . 2012-04-15 17:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2012-04-15 17:00 . 2012-04-15 17:00 -------- d-----w- c:\documents and settings\CAN\Application Data\AOL
2012-04-15 17:00 . 2012-04-15 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2012-04-15 16:59 . 2012-04-15 17:00 -------- d-----w- c:\program files\Viewpoint
2012-04-15 16:58 . 2012-04-15 17:00 -------- d-----w- c:\documents and settings\CAN\Local Settings\Application Data\AOL
2012-04-15 16:57 . 2012-04-15 17:05 -------- d-----w- c:\program files\Common Files\AOL
2012-04-15 16:57 . 2012-04-15 17:05 -------- d-----w- c:\program files\AOL Desktop 9.6
2012-04-15 16:57 . 2012-04-15 17:05 -------- d-----w- c:\program files\Common Files\aolshare
2012-04-15 16:57 . 2012-04-15 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2012-04-15 16:44 . 2012-04-15 16:44 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2012-04-15 16:38 . 2012-04-15 16:39 -------- d-----w- c:\documents and settings\Guest\Application Data\Epson
2012-04-15 16:38 . 2012-04-15 16:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Active Disk
2012-04-12 04:05 . 2012-04-12 04:05 -------- d-----w- c:\program files\UPHClean
2012-04-11 07:10 . 1999-09-10 19:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2012-04-11 07:10 . 1999-09-10 19:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2012-04-11 07:10 . 1999-09-10 19:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2012-04-11 07:10 . 1999-09-10 19:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2012-04-08 06:56 . 2012-04-09 15:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-08 06:56 . 2012-04-09 14:55 -------- d-----w- c:\program files\Symantec
2012-04-08 06:56 . 2012-04-08 17:48 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-08 06:56 . 2012-04-08 17:48 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-08 06:55 . 2012-04-08 06:55 -------- d-----w- c:\program files\Norton Security Suite
2012-04-08 06:55 . 2012-04-08 06:55 -------- d-----w- c:\program files\NortonInstaller
2012-04-08 06:30 . 2012-04-08 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault
2012-04-08 06:23 . 2012-04-08 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2012-04-08 06:23 . 2012-04-25 04:55 -------- d-----w- c:\documents and settings\CAN\Local Settings\Application Data\ID Vault
2012-04-08 06:23 . 2012-04-25 04:52 -------- d-----w- c:\documents and settings\CAN\Application Data\ID Vault
2012-04-08 06:22 . 2012-04-25 04:52 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-04-08 06:21 . 2012-04-08 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2012-04-08 04:00 . 2012-04-12 03:41 -------- d-----w- C:\temp
2012-04-08 03:52 . 2012-04-08 04:37 -------- d-----w- c:\windows\system32\NtmsData
2012-04-06 06:03 . 2012-04-06 06:03 -------- d-----w- c:\program files\SystemRequirementsLab
2012-04-01 03:18 . 2012-04-01 03:18 -------- d-----w- c:\documents and settings\CAN\Local Settings\Application Data\RcIncidents
2012-03-29 14:56 . 2012-04-14 15:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 15:25 . 2011-05-14 21:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 03:54 . 2010-12-23 14:50 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-04 22:56 . 2010-08-11 06:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-10 10:00 . 2012-03-10 10:00 53248 ----a-r- c:\documents and settings\CAN\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-03-02 23:01 . 2011-03-25 07:26 2 --shatr- c:\windows\winstart.bat
2012-03-01 11:01 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-09-03 16:39 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-09-03 17:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-03 16:35 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-07-24 05:57 385024 ------w- c:\windows\system32\html.iec
2012-02-16 05:04 . 2012-02-16 05:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 05:04 . 2010-07-24 18:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2002-09-03 17:11 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:39 . 2012-02-04 05:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\documents and settings\CAN\My Documents\Applets Programs\DVD CD PHOTO Programs\srsssc.exe" [2007-11-25 481280]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-19 4355512]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-19 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-19 377248]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2002-08-22 221184]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-06-05 176128]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-25 147456]
"Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2001-01-18 45056]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 61440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
c:\documents and settings\CAN\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-10-30 25214]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2011-9-11 36864]
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2011-9-11 36864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ auto_reactivate c:\bootwiz\asrm.bin\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Secunia Update Agent"=2 (0x2)
"MacDriveService"=2 (0x2)
"LinksysUpdater"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [6/14/2007 12:03 PM 276096]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 11:15 AM 19072]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\symds.sys [4/24/2012 9:51 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\symefa.sys [4/24/2012 9:51 PM 744568]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [7/24/2010 1:14 AM 902592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [4/19/2012 9:44 PM 821880]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [4/24/2012 9:51 PM 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\ironx86.sys [4/24/2012 9:51 PM 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [3/30/2012 9:15 AM 65608]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/23/2010 7:49 AM 12184]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [4/24/2012 9:50 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/9/2012 8:37 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120425.001\IDSXpx86.sys [4/26/2012 7:14 PM 356280]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 12184]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [7/10/2011 10:22 PM 39264]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 7:56 AM 253088]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848]
S3 USBIODS;Delcom USB IO Driver;c:\windows\system32\drivers\USBIODS.sys [10/19/2006 11:55 PM 12740]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 12:43 PM 204800]
S4 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 2:55 PM 143360]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 17:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:25]
.
2012-04-25 c:\windows\Tasks\Mozilla Firefox.job
- c:\progra~1\MOZILL~1\firefox.exe [2010-07-24 04:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sz0165.ev.mail.comcast.net/zimbra/mail?app=mail#1
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: intuit.com\itsdeductibleonline
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://sz0165.ev.mail.comcast.net/zimbra/mail?app=mail#1|http://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-26 22:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
- - - - - - - > 'winlogon.exe'(6004)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-04-26 22:20:19
ComboFix-quarantined-files.txt 2012-04-27 05:20
ComboFix2.txt 2012-04-21 23:20
.
Pre-Run: 47,605,886,976 bytes free
Post-Run: 47,564,271,616 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Home Edition" /fastdetect
.
.
- - End Of File - - FDCBC838870C83430558BED884D14739

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 PM

Posted 27 April 2012 - 12:39 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 khan3000

khan3000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 27 April 2012 - 11:31 PM

Gringo - no problem running TDSS but I made several attempts with aswMBR but it was unable to complete. During a scan of a desktop file the file listing font would turn yellow. After letting this run, upon return aswMBR would be closed. Before this happened the last time I hit Save Log and produced the following:

20:44:48.0412 5208 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
20:44:48.0973 5208 ============================================================
20:44:48.0973 5208 Current date / time: 2012/04/27 20:44:48.0973
20:44:48.0973 5208 SystemInfo:
20:44:48.0973 5208
20:44:48.0973 5208 OS Version: 5.1.2600 ServicePack: 3.0
20:44:48.0973 5208 Product type: Workstation
20:44:48.0973 5208 ComputerName: DESKTOP
20:44:48.0973 5208 UserName: CAN
20:44:48.0973 5208 Windows directory: C:\WINDOWS
20:44:48.0973 5208 System windows directory: C:\WINDOWS
20:44:48.0973 5208 Processor architecture: Intel x86
20:44:48.0973 5208 Number of processors: 1
20:44:48.0973 5208 Page size: 0x1000
20:44:48.0973 5208 Boot type: Normal boot
20:44:48.0973 5208 ============================================================
20:44:52.0798 5208 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:44:52.0849 5208 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:44:53.0049 5208 ============================================================
20:44:53.0049 5208 \Device\Harddisk0\DR0:
20:44:53.0049 5208 MBR partitions:
20:44:53.0049 5208 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xBC430, BlocksNum 0x2536D3D0
20:44:53.0049 5208 \Device\Harddisk1\DR1:
20:44:53.0059 5208 MBR partitions:
20:44:53.0059 5208 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
20:44:53.0059 5208 ============================================================
20:44:53.0089 5208 D: <-> \Device\Harddisk1\DR1\Partition0
20:44:53.0229 5208 C: <-> \Device\Harddisk0\DR0\Partition0
20:44:53.0229 5208 ============================================================
20:44:53.0229 5208 Initialize success
20:44:53.0229 5208 ============================================================
20:45:03.0714 6100 ============================================================
20:45:03.0714 6100 Scan started
20:45:03.0714 6100 Mode: Manual;
20:45:03.0714 6100 ============================================================
20:45:06.0218 6100 Abiosdsk - ok
20:45:06.0228 6100 abp480n5 - ok
20:45:06.0588 6100 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:45:06.0598 6100 ACPI - ok
20:45:06.0678 6100 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:45:06.0678 6100 ACPIEC - ok
20:45:07.0730 6100 AcrSch2Svc (dc73c8180656171ffeef8a2df5f2db60) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
20:45:07.0740 6100 AcrSch2Svc - ok
20:45:07.0800 6100 Adobe LM Service (6d182c31acf16213407f2768f1107fe3) C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
20:45:07.0800 6100 Adobe LM Service - ok
20:45:08.0221 6100 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
20:45:08.0231 6100 AdobeActiveFileMonitor6.0 - ok
20:45:08.0801 6100 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:45:08.0811 6100 AdobeFlashPlayerUpdateSvc - ok
20:45:08.0821 6100 adpu160m - ok
20:45:09.0072 6100 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:45:09.0072 6100 aec - ok
20:45:09.0302 6100 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:45:09.0312 6100 AFD - ok
20:45:09.0442 6100 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:45:09.0442 6100 agp440 - ok
20:45:09.0462 6100 Aha154x - ok
20:45:09.0482 6100 aic78u2 - ok
20:45:09.0583 6100 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:45:09.0583 6100 aic78xx - ok
20:45:09.0693 6100 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:45:09.0703 6100 Alerter - ok
20:45:09.0773 6100 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:45:09.0773 6100 ALG - ok
20:45:09.0793 6100 AliIde - ok
20:45:09.0823 6100 amsint - ok
20:45:09.0843 6100 AppMgmt - ok
20:45:10.0033 6100 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:45:10.0033 6100 Arp1394 - ok
20:45:10.0103 6100 asc - ok
20:45:10.0113 6100 asc3350p - ok
20:45:10.0133 6100 asc3550 - ok
20:45:10.0314 6100 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\aspi32.sys
20:45:10.0314 6100 Aspi32 - ok
20:45:10.0774 6100 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:45:10.0774 6100 aspnet_state - ok
20:45:10.0834 6100 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:45:10.0834 6100 AsyncMac - ok
20:45:11.0015 6100 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:45:11.0025 6100 atapi - ok
20:45:11.0035 6100 Atdisk - ok
20:45:12.0186 6100 Ati HotKey Poller (a03f8b3bf819a1c8c9661a71fe53f09f) C:\WINDOWS\system32\Ati2evxx.exe
20:45:12.0196 6100 Ati HotKey Poller - ok
20:45:13.0168 6100 ATI Smart (ecfaa465ec730f40dfa41e63eea06a57) C:\WINDOWS\system32\ati2sgag.exe
20:45:13.0168 6100 ATI Smart - ok
20:45:17.0063 6100 ati2mtag (7e682d97868cefae5d2bbd23ebbf7207) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:45:17.0153 6100 ati2mtag - ok
20:45:17.0814 6100 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:45:17.0824 6100 Atmarpc - ok
20:45:17.0945 6100 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:45:17.0945 6100 AudioSrv - ok
20:45:17.0995 6100 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:45:18.0085 6100 audstub - ok
20:45:18.0265 6100 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:45:18.0265 6100 Beep - ok
20:45:18.0786 6100 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys
20:45:18.0796 6100 BHDrvx86 - ok
20:45:18.0936 6100 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:45:18.0946 6100 BITS - ok
20:45:19.0016 6100 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:45:19.0026 6100 Browser - ok
20:45:19.0216 6100 catchme - ok
20:45:19.0317 6100 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:45:19.0317 6100 cbidf2k - ok
20:45:19.0337 6100 cd20xrnt - ok
20:45:19.0387 6100 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:45:19.0397 6100 Cdaudio - ok
20:45:19.0467 6100 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:45:19.0467 6100 Cdfs - ok
20:45:19.0497 6100 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:45:19.0507 6100 Cdrom - ok
20:45:19.0517 6100 Changer - ok
20:45:19.0587 6100 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
20:45:19.0587 6100 CiSvc - ok
20:45:19.0657 6100 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:45:19.0657 6100 ClipSrv - ok
20:45:19.0777 6100 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:45:19.0777 6100 clr_optimization_v2.0.50727_32 - ok
20:45:19.0887 6100 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:45:19.0887 6100 clr_optimization_v4.0.30319_32 - ok
20:45:19.0907 6100 CmdIde - ok
20:45:19.0927 6100 COMSysApp - ok
20:45:19.0957 6100 Cpqarray - ok
20:45:20.0028 6100 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:45:20.0038 6100 CryptSvc - ok
20:45:20.0118 6100 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
20:45:20.0118 6100 ctsfm2k - ok
20:45:20.0128 6100 dac2w2k - ok
20:45:20.0148 6100 dac960nt - ok
20:45:20.0238 6100 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:45:20.0248 6100 DcomLaunch - ok
20:45:20.0368 6100 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:45:20.0368 6100 Dhcp - ok
20:45:20.0428 6100 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:45:20.0428 6100 Disk - ok
20:45:20.0448 6100 dmadmin - ok
20:45:20.0578 6100 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:45:20.0588 6100 dmboot - ok
20:45:20.0628 6100 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:45:20.0628 6100 dmio - ok
20:45:20.0648 6100 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:45:20.0658 6100 dmload - ok
20:45:20.0689 6100 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:45:20.0689 6100 dmserver - ok
20:45:20.0739 6100 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:45:20.0739 6100 DMusic - ok
20:45:20.0789 6100 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:45:20.0789 6100 Dnscache - ok
20:45:20.0869 6100 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:45:20.0869 6100 Dot3svc - ok
20:45:20.0889 6100 dpti2o - ok
20:45:20.0909 6100 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:45:20.0909 6100 drmkaud - ok
20:45:20.0989 6100 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:45:20.0989 6100 E100B - ok
20:45:21.0049 6100 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:45:21.0049 6100 EapHost - ok
20:45:21.0199 6100 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:45:21.0199 6100 eeCtrl - ok
20:45:21.0279 6100 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
20:45:21.0279 6100 ElbyCDIO - ok
20:45:21.0329 6100 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:45:21.0339 6100 EraserUtilRebootDrv - ok
20:45:21.0390 6100 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:45:21.0390 6100 ERSvc - ok
20:45:21.0460 6100 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:45:21.0470 6100 Eventlog - ok
20:45:21.0510 6100 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
20:45:21.0520 6100 EventSystem - ok
20:45:21.0600 6100 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:45:21.0600 6100 Fastfat - ok
20:45:21.0680 6100 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:45:21.0680 6100 FastUserSwitchingCompatibility - ok
20:45:21.0760 6100 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:45:21.0760 6100 Fdc - ok
20:45:21.0780 6100 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:45:21.0780 6100 Fips - ok
20:45:22.0020 6100 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:45:22.0051 6100 FLEXnet Licensing Service - ok
20:45:22.0081 6100 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:45:22.0081 6100 Flpydisk - ok
20:45:22.0171 6100 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:45:22.0171 6100 FltMgr - ok
20:45:22.0511 6100 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:45:22.0511 6100 FontCache3.0.0.0 - ok
20:45:22.0541 6100 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:45:22.0541 6100 Fs_Rec - ok
20:45:22.0561 6100 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:45:22.0571 6100 Ftdisk - ok
20:45:22.0641 6100 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
20:45:22.0641 6100 gameenum - ok
20:45:22.0711 6100 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:45:22.0711 6100 GEARAspiWDM - ok
20:45:22.0721 6100 getPlusHelper - ok
20:45:22.0772 6100 GIDv2 (20f6c49e2c410fcd32d781f521579bf5) C:\WINDOWS\system32\drivers\GIDv2.sys
20:45:22.0782 6100 GIDv2 - ok
20:45:22.0822 6100 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:45:22.0832 6100 Gpc - ok
20:45:22.0932 6100 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:45:22.0932 6100 helpsvc - ok
20:45:23.0002 6100 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:45:23.0012 6100 HidServ - ok
20:45:23.0032 6100 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:45:23.0032 6100 hidusb - ok
20:45:23.0092 6100 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:45:23.0092 6100 hkmsvc - ok
20:45:23.0112 6100 hpn - ok
20:45:23.0202 6100 HSFHWBS2 (5bb6ce6c3fac28d4ef5c147e02c19e0b) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
20:45:23.0202 6100 HSFHWBS2 - ok
20:45:23.0352 6100 HSF_DP (842b23035f8f68e79675efb436b6aa94) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:45:23.0362 6100 HSF_DP - ok
20:45:23.0453 6100 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:45:23.0453 6100 HTTP - ok
20:45:23.0533 6100 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:45:23.0533 6100 HTTPFilter - ok
20:45:23.0553 6100 i2omgmt - ok
20:45:23.0563 6100 i2omp - ok
20:45:23.0633 6100 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:45:23.0633 6100 i8042prt - ok
20:45:23.0853 6100 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:45:23.0863 6100 idsvc - ok
20:45:24.0234 6100 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120427.001\IDSxpx86.sys
20:45:24.0234 6100 IDSxpx86 - ok
20:45:24.0384 6100 IDVaultSvc (9eb85e7ee5d408fbd7968e695d088570) C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
20:45:24.0384 6100 IDVaultSvc - ok
20:45:24.0564 6100 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:45:24.0564 6100 Imapi - ok
20:45:24.0955 6100 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
20:45:24.0955 6100 ImapiService - ok
20:45:24.0975 6100 ini910u - ok
20:45:25.0085 6100 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:45:25.0085 6100 IntelIde - ok
20:45:25.0345 6100 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:45:25.0345 6100 intelppm - ok
20:45:25.0566 6100 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
20:45:25.0566 6100 IntuitUpdateService - ok
20:45:25.0776 6100 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
20:45:25.0786 6100 IntuitUpdateServiceV4 - ok
20:45:25.0976 6100 iomdisk (9d7069d72c0c72952f05e1688a5ae89d) C:\WINDOWS\system32\DRIVERS\iomdisk.sys
20:45:25.0976 6100 iomdisk - ok
20:45:26.0237 6100 Iomega App Services (19ef7fb809d3073ee60f85464e9c4c51) C:\PROGRA~1\Iomega\System32\AppServices.exe
20:45:26.0237 6100 Iomega App Services - ok
20:45:26.0247 6100 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:45:26.0247 6100 ip6fw - ok
20:45:26.0317 6100 IPFilter - ok
20:45:26.0357 6100 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:45:26.0357 6100 IpFilterDriver - ok
20:45:26.0487 6100 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:45:26.0487 6100 IpInIp - ok
20:45:26.0727 6100 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:45:26.0727 6100 IpNat - ok
20:45:26.0827 6100 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:45:26.0827 6100 IPSec - ok
20:45:26.0978 6100 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:45:26.0988 6100 IRENUM - ok
20:45:26.0998 6100 is3srv - ok
20:45:27.0098 6100 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:45:27.0098 6100 isapnp - ok
20:45:27.0659 6100 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
20:45:27.0659 6100 JavaQuickStarterService - ok
20:45:27.0779 6100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:45:27.0779 6100 Kbdclass - ok
20:45:27.0889 6100 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:45:27.0889 6100 kbdhid - ok
20:45:28.0099 6100 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:45:28.0109 6100 kmixer - ok
20:45:28.0209 6100 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:45:28.0209 6100 KSecDD - ok
20:45:28.0330 6100 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:45:28.0330 6100 lanmanserver - ok
20:45:28.0630 6100 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:45:28.0640 6100 lanmanworkstation - ok
20:45:28.0800 6100 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
20:45:28.0800 6100 LBeepKE - ok
20:45:28.0810 6100 lbrtfdc - ok
20:45:29.0451 6100 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:45:29.0461 6100 LBTServ - ok
20:45:29.0541 6100 LEqdUsb (717e6714bca808f2a372e636aff3d15a) C:\WINDOWS\system32\Drivers\LEqdUsb.Sys
20:45:29.0541 6100 LEqdUsb - ok
20:45:29.0631 6100 LHidEqd (2786f7b4003adff88ce28bc1800b5407) C:\WINDOWS\system32\Drivers\LHidEqd.Sys
20:45:29.0631 6100 LHidEqd - ok
20:45:29.0742 6100 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
20:45:29.0742 6100 LHidFilt - ok
20:45:30.0022 6100 LinksysUpdater (06dc2fdc6282f0d68910417b1150c848) C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
20:45:30.0022 6100 LinksysUpdater - ok
20:45:30.0112 6100 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:45:30.0112 6100 LmHosts - ok
20:45:30.0212 6100 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
20:45:30.0212 6100 LMouFilt - ok
20:45:30.0473 6100 MacDriveService (3085e01e239b2875dfa538e6eb7d7ada) C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
20:45:30.0473 6100 MacDriveService - ok
20:45:30.0493 6100 mcdbus - ok
20:45:30.0583 6100 MDFSYSNT (366613f7dd940c857fe4d616bf746583) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
20:45:30.0583 6100 MDFSYSNT - ok
20:45:30.0633 6100 mdmxsdk (aeb54ef22cb7c7e3f405f69f048d696c) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:45:30.0633 6100 mdmxsdk - ok
20:45:30.0653 6100 MDPMGRNT (71c3f8fa39c7409bca9099e44c19dd78) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
20:45:30.0653 6100 MDPMGRNT - ok
20:45:30.0793 6100 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:45:30.0803 6100 Messenger - ok
20:45:30.0863 6100 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:45:30.0863 6100 mnmdd - ok
20:45:30.0903 6100 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
20:45:30.0913 6100 mnmsrvc - ok
20:45:31.0154 6100 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:45:31.0154 6100 Modem - ok
20:45:31.0224 6100 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:45:31.0224 6100 MODEMCSA - ok
20:45:31.0284 6100 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:45:31.0284 6100 Mouclass - ok
20:45:31.0394 6100 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:45:31.0394 6100 mouhid - ok
20:45:31.0494 6100 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:45:31.0494 6100 MountMgr - ok
20:45:31.0504 6100 mraid35x - ok
20:45:31.0534 6100 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:45:31.0534 6100 MRxDAV - ok
20:45:32.0135 6100 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:45:32.0135 6100 MRxSmb - ok
20:45:32.0215 6100 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
20:45:32.0215 6100 MSDTC - ok
20:45:32.0315 6100 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:45:32.0315 6100 Msfs - ok
20:45:32.0335 6100 MSIServer - ok
20:45:32.0365 6100 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:45:32.0365 6100 MSKSSRV - ok
20:45:32.0395 6100 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:45:32.0445 6100 MSPCLOCK - ok
20:45:32.0496 6100 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:45:32.0496 6100 MSPQM - ok
20:45:32.0566 6100 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:45:32.0566 6100 mssmbios - ok
20:45:32.0676 6100 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:45:32.0686 6100 Mup - ok
20:45:32.0946 6100 N360 (e78a365cc3e0fbfc018a33dce01909f8) C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
20:45:32.0946 6100 N360 - ok
20:45:33.0287 6100 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:45:33.0297 6100 napagent - ok
20:45:34.0008 6100 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120427.018\NAVENG.SYS
20:45:34.0018 6100 NAVENG - ok
20:45:35.0039 6100 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120427.018\NAVEX15.SYS
20:45:35.0059 6100 NAVEX15 - ok
20:45:35.0961 6100 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:45:35.0961 6100 NDIS - ok
20:45:36.0151 6100 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:45:36.0161 6100 NdisTapi - ok
20:45:36.0231 6100 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:45:36.0231 6100 Ndisuio - ok
20:45:36.0411 6100 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:45:36.0411 6100 NdisWan - ok
20:45:36.0551 6100 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:45:36.0561 6100 NDProxy - ok
20:45:36.0611 6100 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:45:36.0611 6100 NetBIOS - ok
20:45:36.0641 6100 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:45:36.0651 6100 NetBT - ok
20:45:36.0752 6100 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:45:36.0752 6100 NetDDE - ok
20:45:36.0772 6100 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:45:36.0782 6100 NetDDEdsdm - ok
20:45:36.0872 6100 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:45:36.0872 6100 Netlogon - ok
20:45:37.0092 6100 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:45:37.0102 6100 Netman - ok
20:45:37.0563 6100 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:45:37.0563 6100 NetTcpPortSharing - ok
20:45:37.0673 6100 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:45:37.0683 6100 NIC1394 - ok
20:45:37.0803 6100 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:45:37.0803 6100 Nla - ok
20:45:38.0444 6100 nmservice (cd2fe9c33cfd0fe0af124e05907e5c3d) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
20:45:38.0454 6100 nmservice - ok
20:45:38.0524 6100 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:45:38.0524 6100 Npfs - ok
20:45:38.0955 6100 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:45:38.0955 6100 Ntfs - ok
20:45:39.0065 6100 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:45:39.0075 6100 NtLmSsp - ok
20:45:39.0596 6100 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:45:39.0606 6100 NtmsSvc - ok
20:45:39.0686 6100 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:45:39.0686 6100 Null - ok
20:45:39.0776 6100 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:45:39.0776 6100 NwlnkFlt - ok
20:45:39.0806 6100 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:45:39.0806 6100 NwlnkFwd - ok
20:45:39.0856 6100 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:45:39.0856 6100 ohci1394 - ok
20:45:40.0177 6100 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
20:45:40.0177 6100 ossrv - ok
20:45:40.0707 6100 P16X (f051107ff80f132882e71e3a5d302ec1) C:\WINDOWS\system32\drivers\P16X.sys
20:45:40.0717 6100 P16X - ok
20:45:41.0008 6100 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:45:41.0008 6100 Parport - ok
20:45:41.0088 6100 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:45:41.0088 6100 PartMgr - ok
20:45:41.0178 6100 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:45:41.0188 6100 ParVdm - ok
20:45:41.0398 6100 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:45:41.0398 6100 PCI - ok
20:45:41.0408 6100 PCIDump - ok
20:45:41.0498 6100 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:45:41.0498 6100 PCIIde - ok
20:45:41.0819 6100 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:45:41.0819 6100 Pcmcia - ok
20:45:41.0969 6100 Pcouffin (a09c1922ef8149e27500c0f935a55f60) C:\WINDOWS\system32\Drivers\Pcouffin.sys
20:45:41.0969 6100 Pcouffin - ok
20:45:42.0029 6100 PDCOMP - ok
20:45:42.0039 6100 PDFRAME - ok
20:45:42.0059 6100 PDRELI - ok
20:45:42.0069 6100 PDRFRAME - ok
20:45:42.0089 6100 perc2 - ok
20:45:42.0109 6100 perc2hib - ok
20:45:42.0240 6100 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
20:45:42.0240 6100 PfModNT - ok
20:45:42.0570 6100 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:45:42.0580 6100 PlugPlay - ok
20:45:42.0720 6100 pnarp (ce27fc8bdc54b3ac63d53e2d5f6cc929) C:\WINDOWS\system32\DRIVERS\pnarp.sys
20:45:42.0720 6100 pnarp - ok
20:45:42.0800 6100 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
20:45:42.0800 6100 Point32 - ok
20:45:42.0931 6100 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:45:42.0931 6100 PolicyAgent - ok
20:45:43.0061 6100 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:45:43.0061 6100 PptpMiniport - ok
20:45:43.0141 6100 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:45:43.0141 6100 Processor - ok
20:45:43.0161 6100 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:45:43.0161 6100 ProtectedStorage - ok
20:45:43.0191 6100 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:45:43.0191 6100 PSched - ok
20:45:43.0301 6100 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
20:45:43.0301 6100 PSI - ok
20:45:43.0371 6100 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:45:43.0381 6100 Ptilink - ok
20:45:43.0431 6100 purendis (f4fd591e86ecb6b5d000c7d6c987416b) C:\WINDOWS\system32\DRIVERS\purendis.sys
20:45:43.0431 6100 purendis - ok
20:45:43.0622 6100 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:45:43.0622 6100 PxHelp20 - ok
20:45:43.0632 6100 ql1080 - ok
20:45:43.0652 6100 Ql10wnt - ok
20:45:43.0672 6100 ql12160 - ok
20:45:43.0692 6100 ql1240 - ok
20:45:43.0712 6100 ql1280 - ok
20:45:43.0822 6100 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:45:43.0822 6100 RasAcd - ok
20:45:44.0092 6100 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:45:44.0092 6100 RasAuto - ok
20:45:44.0182 6100 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:45:44.0182 6100 Rasl2tp - ok
20:45:44.0252 6100 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:45:44.0262 6100 RasMan - ok
20:45:44.0323 6100 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:45:44.0323 6100 RasPppoe - ok
20:45:44.0373 6100 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:45:44.0373 6100 Raspti - ok
20:45:44.0733 6100 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:45:44.0733 6100 Rdbss - ok
20:45:44.0793 6100 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:45:44.0793 6100 RDPCDD - ok
20:45:45.0014 6100 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
20:45:45.0024 6100 RDPWD - ok
20:45:45.0244 6100 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:45:45.0254 6100 RDSessMgr - ok
20:45:45.0464 6100 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:45:45.0474 6100 redbook - ok
20:45:45.0564 6100 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:45:45.0574 6100 RemoteAccess - ok
20:45:45.0644 6100 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
20:45:45.0654 6100 RpcLocator - ok
20:45:46.0095 6100 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
20:45:46.0105 6100 RpcSs - ok
20:45:46.0365 6100 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
20:45:46.0365 6100 RSVP - ok
20:45:46.0426 6100 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:45:46.0436 6100 SamSs - ok
20:45:46.0586 6100 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:45:46.0586 6100 SCardSvr - ok
20:45:46.0706 6100 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\WINDOWS\system32\drivers\SCDEmu.sys
20:45:46.0706 6100 SCDEmu - ok
20:45:46.0756 6100 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:45:46.0756 6100 Schedule - ok
20:45:46.0906 6100 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:45:46.0906 6100 Secdrv - ok
20:45:46.0976 6100 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:45:46.0976 6100 seclogon - ok
20:45:47.0747 6100 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files\Secunia\PSI\PSIA.exe
20:45:47.0757 6100 Secunia PSI Agent - ok
20:45:48.0078 6100 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files\Secunia\PSI\sua.exe
20:45:48.0078 6100 Secunia Update Agent - ok
20:45:48.0378 6100 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:45:48.0378 6100 SENS - ok
20:45:48.0549 6100 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:45:48.0559 6100 serenum - ok
20:45:48.0779 6100 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:45:48.0779 6100 Serial - ok
20:45:48.0879 6100 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:45:48.0879 6100 Sfloppy - ok
20:45:49.0079 6100 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:45:49.0089 6100 SharedAccess - ok
20:45:49.0190 6100 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:45:49.0190 6100 ShellHWDetection - ok
20:45:49.0210 6100 Simbad - ok
20:45:49.0480 6100 snapman (e60646143eb6b746eb3ab58ef7d5cff7) C:\WINDOWS\system32\DRIVERS\snapman.sys
20:45:49.0480 6100 snapman - ok
20:45:49.0490 6100 Sparrow - ok
20:45:49.0630 6100 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:45:49.0630 6100 splitter - ok
20:45:49.0860 6100 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:45:49.0871 6100 Spooler - ok
20:45:49.0891 6100 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:45:49.0891 6100 sr - ok
20:45:50.0091 6100 SRS Labs License Service (2cc01434982af2677db422f0892875ff) C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
20:45:50.0091 6100 SRS Labs License Service - ok
20:45:50.0221 6100 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
20:45:50.0221 6100 srservice - ok
20:45:50.0291 6100 SRS_SSCFilter (898a81cf4b599f870f94f2f59f00a3a7) C:\WINDOWS\system32\drivers\srs_sscfilter.sys
20:45:50.0291 6100 SRS_SSCFilter - ok
20:45:50.0762 6100 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502010.003\SRTSP.SYS
20:45:50.0772 6100 SRTSP - ok
20:45:50.0942 6100 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502010.003\SRTSPX.SYS
20:45:50.0942 6100 SRTSPX - ok
20:45:51.0583 6100 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:45:51.0593 6100 Srv - ok
20:45:51.0703 6100 sscdbus (1c299f2dcf8b25ee8a263565e3e50051) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
20:45:51.0703 6100 sscdbus - ok
20:45:51.0753 6100 sscdmdm (f7e2c7d423fe9688ff999182451dc95c) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
20:45:51.0753 6100 sscdmdm - ok
20:45:51.0974 6100 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:45:51.0974 6100 SSDPSRV - ok
20:45:52.0204 6100 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:45:52.0214 6100 stisvc - ok
20:45:52.0344 6100 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:45:52.0344 6100 swenum - ok
20:45:52.0534 6100 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:45:52.0534 6100 swmidi - ok
20:45:52.0554 6100 SwPrv - ok
20:45:52.0574 6100 symc810 - ok
20:45:52.0594 6100 symc8xx - ok
20:45:52.0875 6100 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMDS.SYS
20:45:52.0875 6100 SymDS - ok
20:45:53.0676 6100 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502010.003\SYMEFA.SYS
20:45:53.0676 6100 SymEFA - ok
20:45:53.0936 6100 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
20:45:53.0946 6100 SymEvent - ok
20:45:54.0087 6100 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502010.003\Ironx86.SYS
20:45:54.0087 6100 SymIRON - ok
20:45:54.0307 6100 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502010.003\SYMTDI.SYS
20:45:54.0377 6100 SYMTDI - ok
20:45:54.0397 6100 sym_hi - ok
20:45:54.0417 6100 sym_u3 - ok
20:45:54.0637 6100 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:45:54.0637 6100 sysaudio - ok
20:45:54.0948 6100 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:45:54.0948 6100 SysmonLog - ok
20:45:54.0968 6100 szkg5 - ok
20:45:54.0988 6100 szkgfs - ok
20:45:55.0108 6100 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
20:45:55.0118 6100 taphss - ok
20:45:55.0509 6100 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:45:55.0509 6100 TapiSrv - ok
20:45:56.0130 6100 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:45:56.0140 6100 Tcpip - ok
20:45:56.0280 6100 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:45:56.0280 6100 TDPIPE - ok
20:46:11.0502 6100 tdrpman228 (664469f03c955e851c5de58eea233f5a) C:\WINDOWS\system32\DRIVERS\tdrpm228.sys
20:46:11.0562 6100 tdrpman228 - ok
20:46:11.0632 6100 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:11.0642 6100 TDTCP - ok
20:46:11.0762 6100 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:11.0762 6100 TermDD - ok
20:46:12.0143 6100 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:46:12.0153 6100 TermService - ok
20:46:12.0403 6100 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:46:12.0413 6100 Themes - ok
20:46:12.0523 6100 tifsfilter (6dcb8ddb481cd3c40fa68593723b4d89) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
20:46:12.0523 6100 tifsfilter - ok
20:46:13.0094 6100 timounter (394fc70b88b7958fa85798bbc76d140a) C:\WINDOWS\system32\DRIVERS\timntr.sys
20:46:13.0104 6100 timounter - ok
20:46:13.0124 6100 TosIde - ok
20:46:13.0234 6100 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:46:13.0234 6100 TrkWks - ok
20:46:13.0424 6100 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:46:13.0424 6100 Udfs - ok
20:46:13.0444 6100 ultra - ok
20:46:14.0216 6100 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:46:14.0226 6100 Update - ok
20:46:15.0077 6100 UPHClean (325fb38c323c63c7f57885b4dfb1b91e) C:\Program Files\UPHClean\uphclean.exe
20:46:15.0087 6100 UPHClean - ok
20:46:15.0497 6100 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:46:15.0507 6100 upnphost - ok
20:46:15.0628 6100 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:46:15.0628 6100 UPS - ok
20:46:15.0758 6100 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:46:15.0768 6100 usbccgp - ok
20:46:15.0958 6100 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:15.0968 6100 usbehci - ok
20:46:16.0258 6100 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:16.0258 6100 usbhub - ok
20:46:16.0349 6100 USBIODS (032c91a2e39698dd947e4d8b6ca9469b) C:\WINDOWS\system32\DRIVERS\USBIODS.sys
20:46:16.0349 6100 USBIODS - ok
20:46:16.0459 6100 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:46:16.0459 6100 usbscan - ok
20:46:16.0559 6100 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:16.0569 6100 usbstor - ok
20:46:16.0639 6100 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:46:16.0639 6100 usbuhci - ok
20:46:16.0659 6100 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:46:16.0659 6100 VgaSave - ok
20:46:16.0709 6100 ViaIde - ok
20:46:16.0829 6100 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:16.0839 6100 VolSnap - ok
20:46:17.0170 6100 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:46:17.0180 6100 VSS - ok
20:46:18.0151 6100 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
20:46:18.0151 6100 W32Time - ok
20:46:18.0271 6100 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:18.0281 6100 Wanarp - ok
20:46:18.0882 6100 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:46:18.0882 6100 Wdf01000 - ok
20:46:18.0902 6100 WDICA - ok
20:46:19.0173 6100 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:19.0173 6100 wdmaud - ok
20:46:19.0373 6100 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:46:19.0383 6100 WebClient - ok
20:46:20.0074 6100 winachsf (bcdcc21314add47e26f1dfa1605e11c9) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:46:20.0074 6100 winachsf - ok
20:46:20.0605 6100 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:46:20.0605 6100 winmgmt - ok
20:46:20.0765 6100 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
20:46:20.0765 6100 WmdmPmSN - ok
20:46:21.0085 6100 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:46:21.0085 6100 WmiApSrv - ok
20:46:22.0497 6100 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:46:22.0517 6100 WMPNetworkSvc - ok
20:46:22.0778 6100 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\Drivers\wpdusb.sys
20:46:22.0778 6100 WpdUsb - ok
20:46:23.0829 6100 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:46:23.0839 6100 WPFFontCache_v0400 - ok
20:46:23.0869 6100 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:46:23.0869 6100 WS2IFSL - ok
20:46:23.0950 6100 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:46:23.0950 6100 wscsvc - ok
20:46:24.0000 6100 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:46:24.0000 6100 wuauserv - ok
20:46:24.0190 6100 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:46:24.0190 6100 WudfPf - ok
20:46:24.0340 6100 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
20:46:24.0340 6100 WUDFRd - ok
20:46:24.0440 6100 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:46:24.0450 6100 WudfSvc - ok
20:46:24.0851 6100 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:46:24.0861 6100 WZCSVC - ok
20:46:24.0961 6100 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:46:25.0031 6100 xmlprov - ok
20:46:25.0422 6100 _IOMEGA_ACTIVE_DISK_SERVICE_ (b624180218bb196ad9869d5d6b454318) C:\Program Files\Iomega\AutoDisk\ADService.exe
20:46:25.0432 6100 _IOMEGA_ACTIVE_DISK_SERVICE_ - ok
20:46:25.0492 6100 MBR (0x1B8) (54551fa1abc120ea3e16bab96f0ea979) \Device\Harddisk0\DR0
20:46:25.0872 6100 \Device\Harddisk0\DR0 - ok
20:46:25.0902 6100 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:46:25.0902 6100 \Device\Harddisk1\DR1 - ok
20:46:25.0972 6100 Boot (0x1200) (59d6110bc9700e37bfde11283de4d21c) \Device\Harddisk0\DR0\Partition0
20:46:25.0972 6100 \Device\Harddisk0\DR0\Partition0 - ok
20:46:25.0982 6100 Boot (0x1200) (52046a6da4cdec12ebaf8d1f9f9b655f) \Device\Harddisk1\DR1\Partition0
20:46:25.0992 6100 \Device\Harddisk1\DR1\Partition0 - ok
20:46:26.0012 6100 ============================================================
20:46:26.0012 6100 Scan finished
20:46:26.0012 6100 ============================================================
20:46:26.0123 4288 Detected object count: 0
20:46:26.0123 4288 Actual detected object count: 0



* * * * * * *

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-27 20:39:56
-----------------------------
20:39:56.773 OS Version: Windows 5.1.2600 Service Pack 3
20:39:56.773 Number of processors: 1 586 0x207
20:39:56.773 ComputerName: DESKTOP UserName: CAN
20:39:57.824 Initialize success
20:40:09.391 AVAST engine defs: 12042601
20:40:14.418 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
20:40:14.418 Disk 0 Vendor: Size: 0MB BusType: 0
20:40:14.428 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
20:40:14.428 Disk 1 Vendor: Size: 0MB BusType: 0
20:40:14.518 Disk 0 MBR read successfully
20:40:14.518 Disk 0 MBR scan
20:40:14.588 Disk 0 unknown MBR code
20:40:14.588 Disk 0 MBR hidden
20:40:14.638 Disk 0 Partition 1 00 DE Dell Utility Dell 4.1 376 MB offset 63
20:40:14.709 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 304858 MB offset 771120
20:40:14.969 Disk 0 scanning C:\WINDOWS\system32\drivers
20:42:21.942 Service scanning
20:43:05.354 Modules scanning
20:45:17.885 Disk 0 trace - called modules:
20:45:17.945 ntoskrnl.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll atapi.sys intelide.sys
20:45:17.955 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a68fab8]
20:45:17.955 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> [0x8a6c5d78]
20:45:17.955 5 iomdisk.sys[f771fbc3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a693b00]
20:45:24.674 AVAST engine scan C:\WINDOWS
20:47:56.072 AVAST engine scan C:\WINDOWS\system32
21:07:47.595 AVAST engine scan C:\WINDOWS\system32\drivers
21:08:40.181 AVAST engine scan C:\Documents and Settings\CAN
21:29:17.100 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\CAN\Desktop\MBR.dat"
21:29:17.140 The log file has been saved successfully to "C:\Documents and Settings\CAN\Desktop\aswMBR.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 PM

Posted 28 April 2012 - 12:04 AM

Hello


How are things running at this time??

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 khan3000

khan3000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 28 April 2012 - 01:06 AM

Gringo,

ComboFix log below. Things running well and same since the initial Restore and both prior to and after CFScript/Combofix. Only problem might have been running a complete aswMBR scan.

Kahn3000


ComboFix 12-04-26.01 - CAN 04/27/2012 22:20:27.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1135 [GMT -7:00]
Running from: c:\documents and settings\CAN\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\CAN\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\offitems.log
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 04:39 . 2012-04-28 04:39 -------- d-----w- C:\New Folder
2012-04-27 03:36 . 2012-04-27 03:36 -------- d-----w- c:\documents and settings\Guest\Application Data\ID Vault
2012-04-25 04:52 . 2012-03-30 16:20 104008 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.XmlSerializers.dll
2012-04-25 04:52 . 2012-03-30 16:20 1717832 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.dll
2012-04-25 04:52 . 2012-03-30 16:20 136776 ----a-w- c:\program files\Mozilla Firefox\CommonDotNET.dll
2012-04-25 04:52 . 2012-03-30 16:15 8007680 ----a-w- c:\program files\Mozilla Firefox\Microsoft.mshtml.dll
2012-04-25 04:51 . 2011-07-05 17:24 25232 ------w- c:\windows\system32\drivers\gidv2.sys
2012-04-25 04:50 . 2012-04-26 05:11 -------- d-----w- c:\windows\system32\drivers\N360\0502010.003
2012-04-25 04:50 . 2012-04-25 04:50 -------- d-----w- c:\documents and settings\All Users\GID
2012-04-25 04:50 . 2012-04-25 04:50 -------- d-----w- c:\program files\SFT
2012-04-25 04:26 . 2012-04-25 04:26 -------- d-----w- c:\windows\system32\wbem\Repository
2012-04-25 04:22 . 2012-04-25 04:22 -------- d-----w- c:\program files\uTorrent
2012-04-21 22:38 . 2012-04-25 04:26 -------- d-s---w- c:\documents and settings\Administrator
2012-04-21 16:06 . 2012-04-25 04:26 -------- d-s---w- c:\documents and settings\TEMP
2012-04-21 01:54 . 2012-04-21 01:54 -------- d-----w- c:\windows\system32\config\systemprofile\IETldCache
2012-04-19 15:11 . 2012-04-19 15:11 -------- d-----w- c:\documents and settings\Guest\Application Data\FastStone
2012-04-16 05:41 . 2012-04-16 05:41 -------- d-----w- c:\documents and settings\Guest\Application Data\Apple Computer
2012-04-16 05:40 . 2012-04-16 05:40 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2012-04-15 18:13 . 2012-04-15 18:13 -------- d-----w- c:\documents and settings\Guest\Application Data\vlc
2012-04-15 17:31 . 2012-03-13 04:39 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2012-04-15 17:31 . 2012-03-13 04:39 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-04-15 17:01 . 2012-04-15 17:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2012-04-15 17:00 . 2012-04-15 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2012-04-15 16:59 . 2012-04-15 17:00 -------- d-----w- c:\program files\Viewpoint
2012-04-15 16:57 . 2012-04-15 17:05 -------- d-----w- c:\program files\Common Files\AOL
2012-04-15 16:57 . 2012-04-15 17:05 -------- d-----w- c:\program files\AOL Desktop 9.6
2012-04-15 16:57 . 2012-04-15 17:05 -------- d-----w- c:\program files\Common Files\aolshare
2012-04-15 16:57 . 2012-04-15 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2012-04-15 16:48 . 2012-04-15 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2012-04-15 16:44 . 2012-04-15 16:44 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2012-04-15 16:38 . 2012-04-15 16:39 -------- d-----w- c:\documents and settings\Guest\Application Data\Epson
2012-04-15 16:38 . 2012-04-15 16:38 -------- d-----w- c:\documents and settings\Guest\Application Data\Active Disk
2012-04-12 04:05 . 2012-04-12 04:05 -------- d-----w- c:\program files\UPHClean
2012-04-11 07:10 . 1999-09-10 19:06 5600 ----a-w- c:\windows\system\WINASPI.DLL
2012-04-11 07:10 . 1999-09-10 19:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE
2012-04-11 07:10 . 1999-09-10 19:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2012-04-11 07:10 . 1999-09-10 19:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2012-04-08 06:56 . 2012-04-09 15:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-04-08 06:56 . 2012-04-09 14:55 -------- d-----w- c:\program files\Symantec
2012-04-08 06:56 . 2012-04-08 17:48 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-04-08 06:56 . 2012-04-08 17:48 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-04-08 06:55 . 2012-04-08 06:55 -------- d-----w- c:\program files\Norton Security Suite
2012-04-08 06:55 . 2012-04-08 06:55 -------- d-----w- c:\program files\NortonInstaller
2012-04-08 06:30 . 2012-04-08 06:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault
2012-04-08 06:23 . 2012-04-08 06:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage
2012-04-08 06:22 . 2012-04-25 04:52 -------- d-----w- c:\program files\Constant Guard Protection Suite
2012-04-08 06:21 . 2012-04-08 06:21 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc
2012-04-08 04:00 . 2012-04-12 03:41 -------- d-----w- C:\temp
2012-04-08 03:52 . 2012-04-08 04:37 -------- d-----w- c:\windows\system32\NtmsData
2012-04-06 06:03 . 2012-04-06 06:03 -------- d-----w- c:\program files\SystemRequirementsLab
2012-03-29 14:56 . 2012-04-14 15:25 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 15:25 . 2011-05-14 21:52 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-08 03:54 . 2010-12-23 14:50 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-04-04 22:56 . 2010-08-11 06:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-02 23:01 . 2011-03-25 07:26 2 --shatr- c:\windows\winstart.bat
2012-03-01 11:01 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-09-03 16:39 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-09-03 17:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-03 16:35 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2010-07-24 05:57 385024 ------w- c:\windows\system32\html.iec
2012-02-16 05:04 . 2012-02-16 05:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 05:04 . 2010-07-24 18:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2002-09-03 17:11 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 04:39 . 2012-02-04 05:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-27_05.15.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-27 14:36 . 2012-04-27 14:36 16384 c:\windows\temp\Perflib_Perfdata_750.dat
+ 2012-04-27 14:34 . 2012-04-27 14:34 16384 c:\windows\temp\Perflib_Perfdata_62c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Audio Sandbox"="c:\documents and settings\CAN\My Documents\Applets Programs\DVD CD PHOTO Programs\srsssc.exe" [2007-11-25 481280]
"EPLTarget\P0000000000000000"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-19 4355512]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-19 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-19 377248]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-12 1468256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-06 421888]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2002-08-22 221184]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="c:\program files\Mediafour\MacDrive 7\MacDrive.exe" [2007-06-05 176128]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"MDGetStarted.exe"="c:\program files\Mediafour\MacDrive 7\MDGetStarted.exe" [2007-06-13 139264]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2005-09-24 483328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-25 147456]
"Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2001-01-18 45056]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 61440]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-10-30 25214]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2011-9-11 36864]
Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2012-3-30 5572168]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2011-9-11 36864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ auto_reactivate c:\bootwiz\asrm.bin\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MacDrive7.0.4TimeOutPatch]
\TimeOutPatch.EXE [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Secunia Update Agent"=2 (0x2)
"MacDriveService"=2 (0x2)
"LinksysUpdater"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
.
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [6/14/2007 12:03 PM 276096]
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2/28/2007 11:15 AM 19072]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502010.003\symds.sys [4/24/2012 9:51 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502010.003\symefa.sys [4/24/2012 9:51 PM 744568]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [7/24/2010 1:14 AM 902592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120413.001\BHDrvx86.sys [4/19/2012 9:44 PM 821880]
R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [4/24/2012 9:51 PM 25232]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502010.003\ironx86.sys [4/24/2012 9:51 PM 136312]
R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [3/30/2012 9:15 AM 65608]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/23/2010 7:49 AM 12184]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.1.3\ccsvchst.exe [4/24/2012 9:50 PM 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/9/2012 8:37 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120427.001\IDSXpx86.sys [4/27/2012 2:29 PM 356280]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 10:30 AM 42648]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 10:30 AM 12184]
R3 Pcouffin;Low level access layer for CD devices;c:\windows\system32\drivers\Pcouffin.sys [7/10/2011 10:22 PM 39264]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 7:56 AM 253088]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 1:30 AM 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/18/2011 11:44 PM 993848]
S3 USBIODS;Delcom USB IO Driver;c:\windows\system32\drivers\USBIODS.sys [10/19/2006 11:55 PM 12740]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 12:43 PM 204800]
S4 MacDriveService;MacDriveService;c:\program files\Mediafour\MacDrive 7\MacDriveService.exe [5/1/2007 2:55 PM 143360]
S4 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/18/2011 11:44 PM 399416]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 13732985
*NewlyCreated* - 26592052
*Deregistered* - 13732985
*Deregistered* - 26592052
*Deregistered* - aswMBR
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 17:26 435976 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:25]
.
2012-04-25 c:\windows\Tasks\Mozilla Firefox.job
- c:\progra~1\MOZILL~1\firefox.exe [2010-07-24 04:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sz0165.ev.mail.comcast.net/zimbra/mail?app=mail#1
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: intuit.com\itsdeductibleonline
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\CAN\Application Data\Mozilla\Firefox\Profiles\63hi93hs.default\
FF - prefs.js: browser.startup.homepage - hxxp://sz0165.ev.mail.comcast.net/zimbra/mail?app=mail#1|http://att.my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-27 22:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.1.3\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1192)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2012-04-27 22:35:14
ComboFix-quarantined-files.txt 2012-04-28 05:35
ComboFix2.txt 2012-04-27 05:20
ComboFix3.txt 2012-04-21 23:20
.
Pre-Run: 47,684,411,392 bytes free
Post-Run: 47,688,724,480 bytes free
.
- - End Of File - - C7E6B72C1F8C5ED3C46E1AF1F9FC40FA

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 PM

Posted 28 April 2012 - 02:05 AM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 khan3000

khan3000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 28 April 2012 - 02:34 PM

CCleaner run. Malwarebytes and HijackTHis below:



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.28.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
CAN :: DESKTOP [limited]

4/27/2012 11:13:00 PM
mbam-log-2012-04-27 (23-13-00).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 548400
Time elapsed: 6 hour(s), 19 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:29:09 PM, on 4/28/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\SFT\GuardedID\gidd.exe
C:\Documents and Settings\CAN\My Documents\Applets Programs\DVD CD PHOTO Programs\srsssc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Constant Guard Protection Suite\IDVault.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sz0165.ev.mail.comcast.net/zimbra/mail?app=mail#1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Constant Guard Protection Suite (COM) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\coIEPlg.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [GIDDesktop] C:\Program Files\SFT\GuardedID\gidd.exe /s
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Documents and Settings\CAN\My Documents\Applets Programs\DVD CD PHOTO Programs\srsssc.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645"
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Constant Guard.lnk = C:\Program Files\Constant Guard Protection Suite\IDVault.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1279957481345
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AC3F18D-785C-4D57-9650-5D0DE4DAFD60}: NameServer = 68.87.76.182,68.87.76.134
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: CGPS Service (IDVaultSvc) - White Sky, Inc. - C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\5.2.1.3\ccSvcHst.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows ® Codename Longhorn DDK provider - C:\Program Files\UPHClean\uphclean.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12222 bytes

#14 khan3000

khan3000
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:23 PM

Posted 28 April 2012 - 02:35 PM

No problems running CCleaner, MalwareBytes or HijackThis. Everything still running ok.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:23 PM

Posted 28 April 2012 - 06:10 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
      O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Documents and Settings\CAN\My Documents\Applets Programs\DVD CD PHOTO Programs\srsssc.exe"
      O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
      O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
      O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
      O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users