Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Keeps Redirecting


  • This topic is locked This topic is locked
20 replies to this topic

#1 PaulW274

PaulW274

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 17 June 2012 - 11:16 AM

When I click on a result from a Google search I get redirected to Infomash or some other unwanted site in new window. I close the window, click on the Google result and get the correct site. I have Norton 360 - it did not prevent the infection and both quick and full scans do not find the malware.

GMER ran for 1.5 hours. I went to bed and six hours later it's still running. It seems to be still working but it's slowly going through zip files in user AppData. Using 45% to 90% of CPU and 50% of memory. I decided to post without GMER hoping that it will finish.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Paul Wickman at 21:51:02 on 2012-06-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2070 [GMT -10:00]
.
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?hl=en
uDefault_Page_URL = hxxp://www.google.com/ig?hl=en
mDefault_Page_URL = hxxp://www.google.com/ig?hl=en
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local;192.168.*.*
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\6.2.1.5\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\6.2.1.5\coIEPlg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [CrashDumps] rundll32.exe "c:\users\paul wickman\appdata\local\diagnostics\crashdumps\lqalrzs.dll",CreateInstance
uRun: [HLBackupScheduler] c:\program files\backup assistant plus\V CAST Backup Scheduler.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Memeo Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: viasat.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{1D1C2AD5-C0FC-4F75-9522-7DFB238C3C4E} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{1D1C2AD5-C0FC-4F75-9522-7DFB238C3C4E}\2375942554931383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1D1C2AD5-C0FC-4F75-9522-7DFB238C3C4E}\24162726162716 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1D1C2AD5-C0FC-4F75-9522-7DFB238C3C4E}\75F627C646D61627B6 : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [2012-6-16 83064]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0602010.005\SymDS.sys [2012-6-16 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys [2012-6-16 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20120531.001\BHDrvx86.sys [2012-6-16 821880]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys [2012-6-16 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20120613.007\IDSvix86.sys [2012-6-13 368248]
R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2008-6-10 22016]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys [2012-6-16 149624]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\n360\0602010.005\symnets.sys [2012-6-16 318584]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 Amazon Download Agent;Amazon Download Agent;c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderService.exe [2012-3-22 401920]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-5 25824]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe [2012-3-30 119296]
R2 N360;Norton 360;c:\program files\norton 360\engine\6.2.1.5\ccSvcHst.exe [2012-6-16 138232]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-6-16 131512]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-11-2 166144]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2010-2-5 31616]
R3 V0560Vid;Creative Live! Cam Optia AF Driver;c:\windows\system32\drivers\V0560Vid.sys [2009-6-16 291712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 257224]
S3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\drivers\BthFilt.sys [2008-7-24 13824]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-30 106656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-28 135664]
S3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-11-2 166144]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-1 15872]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\verizon wireless\vzaccess manager\SMSIVZAM5.sys [2009-5-25 32408]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-17 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2012-06-17 07:06:36 -------- dc----w- c:\program files\ESET
2012-06-17 06:42:47 20 -c--a-w- c:\windows\system32\drivers\SMR250.dat
2012-06-17 06:42:46 83064 -c--a-w- c:\windows\system32\drivers\SMR250.SYS
2012-06-17 06:42:46 -------- dc----w- c:\users\paul wickman\appdata\roaming\SPE
2012-06-17 06:35:59 -------- dc----w- c:\users\paul wickman\appdata\local\Chromium
2012-06-17 06:34:34 -------- dc----w- c:\program files\Norton PC Checkup 3.0
2012-06-17 06:33:28 -------- dc----w- c:\users\paul wickman\appdata\roaming\PCCUStubInstaller
2012-06-17 03:18:55 318584 -c--a-r- c:\windows\system32\drivers\n360\0602010.005\symnets.sys
2012-06-17 03:18:54 905336 -c--a-r- c:\windows\system32\drivers\n360\0602010.005\SymEFA.sys
2012-06-17 03:18:54 574072 -c--a-r- c:\windows\system32\drivers\n360\0602010.005\srtsp.sys
2012-06-17 03:18:54 340088 -c--a-r- c:\windows\system32\drivers\n360\0602010.005\SymDS.sys
2012-06-17 03:18:54 32888 -c--a-r- c:\windows\system32\drivers\n360\0602010.005\srtspx.sys
2012-06-17 03:18:54 149624 -c--a-r- c:\windows\system32\drivers\n360\0602010.005\Ironx86.sys
2012-06-17 03:18:54 132744 -c--a-r- c:\windows\system32\drivers\n360\0602010.005\ccSetx86.sys
2012-06-17 03:18:47 4782 -c--a-r- c:\windows\system32\drivers\n360\0602010.005\SymVTcer.dat
2012-06-17 03:18:47 -------- dc----w- c:\windows\system32\drivers\n360\0602010.005
2012-06-17 03:15:41 -------- dc----w- c:\users\paul wickman\appdata\roaming\Tific
2012-06-16 20:05:11 101112 -c--a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-16 20:04:54 -------- dc----w- c:\program files\common files\iS3
2012-06-13 20:41:48 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 20:41:48 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:41:47 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 20:41:46 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:41:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:41:43 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 20:41:43 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 20:41:40 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 20:41:34 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:41:34 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:41:34 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 00:53:02 -------- dc----w- c:\users\paul wickman\appdata\local\Backup Assistant Plus
2012-06-12 00:51:19 -------- dc----w- c:\program files\Backup Assistant Plus
2012-06-05 09:53:54 602112 -c--a-w- c:\windows\system32\xvid.dll
2012-05-30 04:08:04 -------- dc----w- c:\windows\system32\N360_BACKUP
2012-05-26 22:07:40 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-05-26 22:07:40 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-05-26 22:07:40 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-05-26 22:07:40 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-05-26 22:07:40 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-05-26 22:07:40 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-05-26 22:07:40 159744 -c--a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-06-17 03:20:04 141944 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-16 19:15:35 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-16 19:15:35 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 13:02:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-14 13:02:05 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-14 13:02:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-14 13:02:05 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-14 13:02:05 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-13 18:46:31 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 18:45:00 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-13 18:45:00 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 18:31:47 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 18:30:41 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-19 06:56:30 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 06:56:30 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2012-04-11 04:43:02 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 04:43:02 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 04:43:02 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 04:43:02 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601 Disk: ST9160823ASG rev.3.ADE -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83051000]<< >>UNKNOWN [0x8CFA7000]<< >>UNKNOWN [0x8CF96000]<< >>UNKNOWN [0x83600000]<< >>UNKNOWN [0x8301A000]<< >>UNKNOWN [0x8C9E2000]<< >>UNKNOWN [0x8C9E9000]<< >>UNKNOWN [0x837EF000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x8308855A] -> \Device\Harddisk0\DR0[0x86B3A030]
\Driver\Disk[0x86B39BB0] -> IRP_MJ_CREATE -> 0x8CFAB39F
3 [0x8CFAB59E] -> ntkrnlpa!IofCallDriver[0x8308855A] -> \Device\Ide\IdeDeviceP1T0L0-1[0x86A3A030]
\Driver\atapi[0x86A2CF38] -> IRP_MJ_CREATE -> 0x8361A8CC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 21:52:04.52 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 PaulW274

PaulW274
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 17 June 2012 - 09:42 PM

Ran GMER a second time (7 hours). Log attached.

Attached Files

  • Attached File  ark.txt   9.74KB   0 downloads


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 18 June 2012 - 12:07 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 PaulW274

PaulW274
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 18 June 2012 - 02:30 AM

After ComboFix finsihed and my computer restarted, I got a warning message about a missing file that might cause problems for Windows. It was this file, which was deleted by ComboFix. The warning message disappeared after maybe 15 seconds.

I tried three different Google searches and when I clicked on a response for each search I was not redirected. So, so far so good.

Here are the two logs.


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 29
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````






ComboFix 12-06-16.02 - Paul Wickman 06/17/2012 20:55:43.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.1686 [GMT -10:00]
Running from: c:\users\Paul Wickman\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paul Wickman\AppData\Local\Diagnostics\CrashDumps\lqalrzs.dll
c:\windows\system32\test
G:\autorun.inf
G:\install.exe
G:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 07:06 . 2012-06-18 07:09 -------- dc----w- c:\users\Paul Wickman\AppData\Local\temp
2012-06-18 07:06 . 2012-06-18 07:06 -------- dc----w- c:\users\pwickman\AppData\Local\temp
2012-06-17 07:06 . 2012-06-17 07:06 -------- dc----w- c:\program files\ESET
2012-06-17 06:42 . 2012-06-17 06:42 -------- dc----w- c:\users\Paul Wickman\AppData\Roaming\SPE
2012-06-17 06:35 . 2012-06-17 06:35 -------- dc----w- c:\users\Paul Wickman\AppData\Local\Chromium
2012-06-17 06:34 . 2012-06-17 06:35 -------- dc----w- c:\program files\Norton PC Checkup 3.0
2012-06-17 06:33 . 2012-06-17 06:33 -------- dc----w- c:\users\Paul Wickman\AppData\Roaming\PCCUStubInstaller
2012-06-17 03:18 . 2012-06-17 06:17 -------- dc----w- c:\windows\system32\drivers\N360\0602010.005
2012-06-17 03:15 . 2012-06-17 03:15 -------- dc----w- c:\users\Paul Wickman\AppData\Roaming\Tific
2012-06-16 20:05 . 2012-01-12 19:26 101112 -c--a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-16 20:04 . 2012-06-16 20:04 -------- dc----w- c:\program files\Common Files\iS3
2012-06-13 20:41 . 2012-06-14 13:02 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 20:41 . 2012-06-14 13:02 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:41 . 2012-06-14 13:01 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 20:41 . 2012-06-14 13:01 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:41 . 2012-06-14 13:01 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:41 . 2012-06-14 13:01 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 20:41 . 2012-06-14 13:01 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 20:41 . 2012-06-14 13:01 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 20:41 . 2012-06-14 13:00 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:41 . 2012-06-14 13:00 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:41 . 2012-06-14 13:00 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 00:53 . 2012-06-17 18:39 -------- dc----w- c:\users\Paul Wickman\AppData\Local\Backup Assistant Plus
2012-06-12 00:51 . 2012-06-12 00:51 -------- dc----w- c:\program files\Backup Assistant Plus
2012-06-05 09:53 . 2012-06-05 09:53 602112 -c--a-w- c:\windows\system32\xvid.dll
2012-05-30 04:08 . 2012-05-30 04:08 -------- dc----w- c:\windows\system32\N360_BACKUP
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-26 22:07 . 2012-05-26 22:07 -------- dc----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 03:20 . 2011-07-06 04:05 141944 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-16 19:15 . 2012-04-11 23:20 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 19:15 . 2011-06-04 19:02 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-13 18:46 . 2012-05-13 17:42 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 18:45 . 2012-05-13 17:42 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-13 18:45 . 2012-05-13 17:42 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 18:31 . 2012-05-13 17:41 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 18:30 . 2012-05-13 17:41 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-19 06:56 . 2012-04-19 06:56 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 06:56 . 2012-04-19 06:56 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2012-04-11 04:43 . 2012-04-11 04:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 04:43 . 2012-04-11 04:42 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 04:43 . 2012-04-11 04:42 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 04:43 . 2012-04-11 04:42 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-06-04 7054984]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-06-08 255592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Memeo Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2012-02-24 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 -c--a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2008-10-15 08:03 45936 -c--a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]
2007-05-11 05:29 738968 -c--a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06 1848648 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 -c--a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2007-05-21 18:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-06-06 01:23 17344176 -c--a-r- c:\program files\Skype\Phone\Skype.exe
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-06 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-11-02 166144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [2009-05-25 32408]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SYMDS.SYS [2012-03-29 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SYMEFA.SYS [2012-03-29 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120531.001\BHDrvx86.sys [2012-04-04 821880]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [2011-11-29 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120613.007\IDSvix86.sys [2012-06-14 368248]
S1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [2008-06-10 22016]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.SYS [2012-03-29 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0602010.005\SYMNETS.SYS [2012-03-29 318584]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-05 25824]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-03-22 119296]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-06-17 131512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 106656]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-11-02 166144]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-16 31616]
S3 V0560Vid;Creative Live! Cam Optia AF Driver;c:\windows\system32\DRIVERS\V0560Vid.sys [2009-06-16 291712]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - MfeAVFK
*Deregistered* - MfeBOPK
*Deregistered* - mfetdik
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 19:15]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:08]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:08]
.
2012-06-18 c:\windows\Tasks\User_Feed_Synchronization-{CE419895-3F91-4CA0-8F91-74F02CA7BED6}.job
- c:\windows\system32\msfeedssync.exe [2011-03-29 05:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: viasat.com
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-CrashDumps - c:\users\Paul Wickman\AppData\Local\Diagnostics\CrashDumps\lqalrzs.dll
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
MSConfigStartUp-BlackBerryAutoUpdate - c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
MSConfigStartUp-Live! Central - c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\wvauth.DLL
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Memeo\AutoBackup\MemeoBackup.exe
c:\windows\system32\wlrmdr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Internet Explorer\IELowutil.exe
c:\windows\servicing\TrustedInstaller.exe
c:\progra~1\HP\DIGITA~1\bin\hpqtra08.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-06-17 21:18:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 07:18
.
Pre-Run: 41,042,571,264 bytes free
Post-Run: 41,771,474,944 bytes free
.
- - End Of File - - 84F900BBC7CCDAEC0033635DD0EA9F69

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 18 June 2012 - 06:27 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 PaulW274

PaulW274
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 18 June 2012 - 10:12 AM

The TDSS utility does not provide a way to copy the text. Also, nothing happens when you highlight and right click the highlighted text. Even though no threats, I went to the root directory and found the log.


04:50:35.0598 2212 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
04:50:36.0939 2212 ============================================================
04:50:36.0939 2212 Current date / time: 2012/06/18 04:50:36.0939
04:50:36.0939 2212 SystemInfo:
04:50:36.0939 2212
04:50:36.0939 2212 OS Version: 6.1.7601 ServicePack: 1.0
04:50:36.0939 2212 Product type: Workstation
04:50:36.0939 2212 ComputerName: PWICKMAN-D830
04:50:36.0939 2212 UserName: Paul Wickman
04:50:36.0939 2212 Windows directory: C:\Windows
04:50:36.0939 2212 System windows directory: C:\Windows
04:50:36.0939 2212 Processor architecture: Intel x86
04:50:36.0939 2212 Number of processors: 2
04:50:36.0939 2212 Page size: 0x1000
04:50:36.0939 2212 Boot type: Normal boot
04:50:36.0939 2212 ============================================================
04:50:38.0250 2212 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
04:50:38.0250 2212 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
04:50:38.0375 2212 ============================================================
04:50:38.0375 2212 \Device\Harddisk0\DR0:
04:50:38.0421 2212 MBR partitions:
04:50:38.0421 2212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x400000
04:50:38.0421 2212 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x433000, BlocksNum 0x125E6000
04:50:38.0421 2212 \Device\Harddisk1\DR1:
04:50:38.0421 2212 MBR partitions:
04:50:38.0421 2212 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x2542D682
04:50:38.0421 2212 ============================================================
04:50:38.0453 2212 C: <-> \Device\Harddisk0\DR0\Partition1
04:50:38.0484 2212 D: <-> \Device\Harddisk0\DR0\Partition0
04:50:38.0484 2212 G: <-> \Device\Harddisk1\DR1\Partition0
04:50:38.0484 2212 ============================================================
04:50:38.0484 2212 Initialize success
04:50:38.0484 2212 ============================================================
04:50:42.0571 5460 ============================================================
04:50:42.0571 5460 Scan started
04:50:42.0571 5460 Mode: Manual;
04:50:42.0571 5460 ============================================================
04:50:44.0100 5460 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
04:50:44.0115 5460 1394ohci - ok
04:50:44.0178 5460 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
04:50:44.0193 5460 ACPI - ok
04:50:44.0209 5460 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
04:50:44.0209 5460 AcpiPmi - ok
04:50:44.0396 5460 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
04:50:44.0396 5460 AdobeARMservice - ok
04:50:44.0490 5460 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
04:50:44.0505 5460 AdobeFlashPlayerUpdateSvc - ok
04:50:44.0568 5460 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
04:50:44.0583 5460 adp94xx - ok
04:50:44.0615 5460 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
04:50:44.0615 5460 adpahci - ok
04:50:44.0646 5460 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
04:50:44.0646 5460 adpu320 - ok
04:50:44.0693 5460 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
04:50:44.0693 5460 AeLookupSvc - ok
04:50:44.0755 5460 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
04:50:44.0771 5460 AFD - ok
04:50:44.0817 5460 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
04:50:44.0817 5460 agp440 - ok
04:50:44.0864 5460 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
04:50:44.0880 5460 aic78xx - ok
04:50:44.0927 5460 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
04:50:44.0927 5460 ALG - ok
04:50:44.0989 5460 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
04:50:44.0989 5460 aliide - ok
04:50:45.0145 5460 Amazon Download Agent (ff6f0f6a2d72065ae4300426fa414693) C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
04:50:45.0161 5460 Amazon Download Agent - ok
04:50:45.0207 5460 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
04:50:45.0207 5460 amdagp - ok
04:50:45.0239 5460 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
04:50:45.0239 5460 amdide - ok
04:50:45.0301 5460 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
04:50:45.0301 5460 AmdK8 - ok
04:50:45.0317 5460 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
04:50:45.0317 5460 AmdPPM - ok
04:50:45.0348 5460 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
04:50:45.0363 5460 amdsata - ok
04:50:45.0379 5460 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
04:50:45.0395 5460 amdsbs - ok
04:50:45.0426 5460 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
04:50:45.0426 5460 amdxata - ok
04:50:45.0488 5460 ApfiltrService (587ca72709dd93942422f40a9b046dd8) C:\Windows\system32\DRIVERS\Apfiltr.sys
04:50:45.0488 5460 ApfiltrService - ok
04:50:45.0551 5460 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
04:50:45.0551 5460 AppID - ok
04:50:45.0597 5460 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
04:50:45.0597 5460 AppIDSvc - ok
04:50:45.0660 5460 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
04:50:45.0660 5460 Appinfo - ok
04:50:45.0722 5460 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:50:45.0738 5460 Apple Mobile Device - ok
04:50:45.0785 5460 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
04:50:45.0785 5460 AppMgmt - ok
04:50:45.0847 5460 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
04:50:45.0847 5460 arc - ok
04:50:45.0878 5460 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
04:50:45.0878 5460 arcsas - ok
04:50:45.0941 5460 ASFIPmon (7591238ebf7dd1fd13b353c382227dc3) C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
04:50:45.0941 5460 ASFIPmon - ok
04:50:45.0956 5460 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
04:50:45.0956 5460 AsyncMac - ok
04:50:45.0987 5460 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
04:50:45.0987 5460 atapi - ok
04:50:46.0237 5460 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
04:50:46.0237 5460 AudioEndpointBuilder - ok
04:50:46.0253 5460 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
04:50:46.0253 5460 Audiosrv - ok
04:50:46.0299 5460 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
04:50:46.0315 5460 AxInstSV - ok
04:50:46.0346 5460 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
04:50:46.0362 5460 b06bdrv - ok
04:50:46.0393 5460 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
04:50:46.0409 5460 b57nd60x - ok
04:50:46.0518 5460 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\ASFIPMon\BASFND.sys
04:50:46.0518 5460 BASFND - ok
04:50:46.0580 5460 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
04:50:46.0580 5460 BDESVC - ok
04:50:46.0627 5460 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
04:50:46.0627 5460 Beep - ok
04:50:46.0705 5460 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
04:50:46.0721 5460 BFE - ok
04:50:47.0095 5460 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120531.001\BHDrvx86.sys
04:50:47.0095 5460 BHDrvx86 - ok
04:50:47.0173 5460 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
04:50:47.0204 5460 BITS - ok
04:50:47.0282 5460 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
04:50:47.0282 5460 blbdrive - ok
04:50:47.0407 5460 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
04:50:47.0407 5460 Bonjour Service - ok
04:50:47.0469 5460 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
04:50:47.0469 5460 bowser - ok
04:50:47.0485 5460 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
04:50:47.0485 5460 BrFiltLo - ok
04:50:47.0532 5460 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
04:50:47.0532 5460 BrFiltUp - ok
04:50:47.0563 5460 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
04:50:47.0563 5460 BridgeMP - ok
04:50:47.0610 5460 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
04:50:47.0625 5460 Browser - ok
04:50:47.0641 5460 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
04:50:47.0657 5460 Brserid - ok
04:50:47.0672 5460 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
04:50:47.0672 5460 BrSerWdm - ok
04:50:47.0688 5460 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
04:50:47.0688 5460 BrUsbMdm - ok
04:50:47.0688 5460 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
04:50:47.0688 5460 BrUsbSer - ok
04:50:47.0719 5460 BTCFilterService - ok
04:50:47.0750 5460 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
04:50:47.0750 5460 BthEnum - ok
04:50:47.0781 5460 BTHFILT (43c96c1ac278bc22e7799c23405635a0) C:\Windows\system32\DRIVERS\BthFilt.sys
04:50:47.0781 5460 BTHFILT - ok
04:50:47.0813 5460 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
04:50:47.0828 5460 BTHMODEM - ok
04:50:47.0875 5460 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
04:50:47.0875 5460 BthPan - ok
04:50:47.0906 5460 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
04:50:47.0922 5460 BTHPORT - ok
04:50:47.0984 5460 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
04:50:47.0984 5460 bthserv - ok
04:50:48.0015 5460 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
04:50:48.0015 5460 BTHUSB - ok
04:50:48.0218 5460 catchme - ok
04:50:48.0312 5460 ccSet_N360 (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\N360\0602010.005\ccSetx86.sys
04:50:48.0312 5460 ccSet_N360 - ok
04:50:48.0374 5460 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
04:50:48.0374 5460 cdfs - ok
04:50:48.0437 5460 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
04:50:48.0437 5460 cdrom - ok
04:50:48.0499 5460 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
04:50:48.0499 5460 CertPropSvc - ok
04:50:48.0530 5460 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
04:50:48.0530 5460 circlass - ok
04:50:48.0593 5460 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
04:50:48.0608 5460 CLFS - ok
04:50:48.0717 5460 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:50:48.0717 5460 clr_optimization_v2.0.50727_32 - ok
04:50:48.0795 5460 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:50:48.0795 5460 clr_optimization_v4.0.30319_32 - ok
04:50:48.0827 5460 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
04:50:48.0827 5460 CmBatt - ok
04:50:48.0873 5460 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
04:50:48.0873 5460 cmdide - ok
04:50:48.0920 5460 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
04:50:48.0936 5460 CNG - ok
04:50:48.0967 5460 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
04:50:48.0967 5460 Compbatt - ok
04:50:49.0029 5460 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
04:50:49.0029 5460 CompositeBus - ok
04:50:49.0045 5460 COMSysApp - ok
04:50:49.0061 5460 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
04:50:49.0061 5460 crcdisk - ok
04:50:49.0123 5460 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
04:50:49.0123 5460 CryptSvc - ok
04:50:49.0185 5460 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
04:50:49.0201 5460 CSC - ok
04:50:49.0263 5460 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
04:50:49.0263 5460 CscService - ok
04:50:49.0295 5460 CtClsFlt - ok
04:50:49.0326 5460 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
04:50:49.0341 5460 DcomLaunch - ok
04:50:49.0388 5460 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
04:50:49.0388 5460 defragsvc - ok
04:50:49.0435 5460 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
04:50:49.0451 5460 DfsC - ok
04:50:49.0513 5460 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
04:50:49.0529 5460 Dhcp - ok
04:50:49.0560 5460 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
04:50:49.0560 5460 discache - ok
04:50:49.0607 5460 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
04:50:49.0607 5460 Disk - ok
04:50:49.0653 5460 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
04:50:49.0653 5460 Dnscache - ok
04:50:49.0700 5460 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
04:50:49.0716 5460 dot3svc - ok
04:50:49.0763 5460 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
04:50:49.0778 5460 DPS - ok
04:50:49.0825 5460 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
04:50:49.0825 5460 drmkaud - ok
04:50:49.0887 5460 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
04:50:49.0887 5460 DXGKrnl - ok
04:50:49.0934 5460 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
04:50:49.0934 5460 EapHost - ok
04:50:50.0043 5460 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
04:50:50.0090 5460 ebdrv - ok
04:50:50.0231 5460 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
04:50:50.0231 5460 eeCtrl - ok
04:50:50.0371 5460 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
04:50:50.0371 5460 EFS - ok
04:50:50.0465 5460 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
04:50:50.0480 5460 ehRecvr - ok
04:50:50.0511 5460 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
04:50:50.0527 5460 ehSched - ok
04:50:50.0636 5460 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
04:50:50.0652 5460 elxstor - ok
04:50:50.0777 5460 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
04:50:50.0777 5460 EraserUtilRebootDrv - ok
04:50:50.0839 5460 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
04:50:50.0839 5460 ErrDev - ok
04:50:50.0901 5460 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
04:50:50.0901 5460 EventSystem - ok
04:50:50.0948 5460 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
04:50:50.0964 5460 exfat - ok
04:50:50.0979 5460 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
04:50:50.0995 5460 fastfat - ok
04:50:51.0057 5460 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
04:50:51.0073 5460 Fax - ok
04:50:51.0089 5460 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
04:50:51.0089 5460 fdc - ok
04:50:51.0135 5460 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
04:50:51.0135 5460 fdPHost - ok
04:50:51.0151 5460 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
04:50:51.0151 5460 FDResPub - ok
04:50:51.0167 5460 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
04:50:51.0167 5460 FileInfo - ok
04:50:51.0182 5460 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
04:50:51.0182 5460 Filetrace - ok
04:50:51.0510 5460 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
04:50:51.0525 5460 FLEXnet Licensing Service - ok
04:50:51.0572 5460 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
04:50:51.0572 5460 flpydisk - ok
04:50:51.0603 5460 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
04:50:51.0603 5460 FltMgr - ok
04:50:51.0681 5460 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
04:50:51.0713 5460 FontCache - ok
04:50:51.0837 5460 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
04:50:51.0837 5460 FontCache3.0.0.0 - ok
04:50:51.0853 5460 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
04:50:51.0869 5460 FsDepends - ok
04:50:51.0884 5460 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
04:50:51.0884 5460 Fs_Rec - ok
04:50:51.0947 5460 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
04:50:51.0947 5460 fvevol - ok
04:50:51.0978 5460 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
04:50:51.0978 5460 gagp30kx - ok
04:50:52.0040 5460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
04:50:52.0040 5460 GEARAspiWDM - ok
04:50:52.0165 5460 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
04:50:52.0181 5460 GoToAssist - ok
04:50:52.0243 5460 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
04:50:52.0259 5460 gpsvc - ok
04:50:52.0305 5460 guardian2 (f058c5f64dff28a2c8d7d1d04171e604) C:\Windows\system32\Drivers\oz776.sys
04:50:52.0305 5460 guardian2 - ok
04:50:52.0446 5460 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
04:50:52.0446 5460 gupdate - ok
04:50:52.0477 5460 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
04:50:52.0477 5460 gupdatem - ok
04:50:52.0524 5460 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
04:50:52.0524 5460 hcw85cir - ok
04:50:52.0586 5460 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
04:50:52.0586 5460 HDAudBus - ok
04:50:52.0602 5460 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
04:50:52.0602 5460 HidBatt - ok
04:50:52.0617 5460 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
04:50:52.0617 5460 HidBth - ok
04:50:52.0649 5460 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
04:50:52.0649 5460 HidIr - ok
04:50:52.0680 5460 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
04:50:52.0680 5460 hidserv - ok
04:50:52.0773 5460 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
04:50:52.0773 5460 HidUsb - ok
04:50:52.0805 5460 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
04:50:52.0805 5460 hkmsvc - ok
04:50:52.0867 5460 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
04:50:52.0883 5460 HomeGroupListener - ok
04:50:52.0929 5460 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
04:50:52.0945 5460 HomeGroupProvider - ok
04:50:53.0023 5460 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
04:50:53.0023 5460 hpqcxs08 - ok
04:50:53.0070 5460 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
04:50:53.0070 5460 hpqddsvc - ok
04:50:53.0132 5460 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
04:50:53.0132 5460 HpSAMD - ok
04:50:53.0210 5460 HPSLPSVC (83db5dd8be71cba5447fbd7a48fdbeda) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
04:50:53.0210 5460 HPSLPSVC - ok
04:50:53.0304 5460 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
04:50:53.0319 5460 HSF_DPV - ok
04:50:53.0351 5460 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
04:50:53.0366 5460 HSXHWAZL - ok
04:50:53.0444 5460 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
04:50:53.0460 5460 HTTP - ok
04:50:53.0507 5460 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
04:50:53.0507 5460 hwpolicy - ok
04:50:53.0553 5460 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
04:50:53.0553 5460 i8042prt - ok
04:50:53.0694 5460 IAANTMON (582f2d900a3ac34c98fbdc2c0abef6b9) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
04:50:53.0694 5460 IAANTMON - ok
04:50:53.0756 5460 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
04:50:53.0772 5460 iaStor - ok
04:50:53.0819 5460 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
04:50:53.0819 5460 iaStorV - ok
04:50:53.0912 5460 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
04:50:53.0928 5460 IDriverT - ok
04:50:54.0084 5460 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:50:54.0099 5460 idsvc - ok
04:50:54.0365 5460 IDSVix86 (f9069ce7a7b9f9ba75d009b0ce3d7601) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120613.007\IDSvix86.sys
04:50:54.0365 5460 IDSVix86 - ok
04:50:54.0521 5460 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
04:50:54.0521 5460 iirsp - ok
04:50:54.0599 5460 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
04:50:54.0614 5460 IKEEXT - ok
04:50:54.0692 5460 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
04:50:54.0692 5460 intelide - ok
04:50:54.0755 5460 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
04:50:54.0755 5460 intelppm - ok
04:50:54.0989 5460 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
04:50:54.0989 5460 IntuitUpdateService - ok
04:50:55.0160 5460 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
04:50:55.0191 5460 IntuitUpdateServiceV4 - ok
04:50:55.0285 5460 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
04:50:55.0301 5460 IPBusEnum - ok
04:50:55.0363 5460 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:50:55.0379 5460 IpFilterDriver - ok
04:50:55.0613 5460 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
04:50:55.0628 5460 iphlpsvc - ok
04:50:55.0675 5460 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
04:50:55.0675 5460 IPMIDRV - ok
04:50:55.0706 5460 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
04:50:55.0722 5460 IPNAT - ok
04:50:55.0800 5460 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
04:50:55.0815 5460 iPod Service - ok
04:50:55.0831 5460 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
04:50:55.0831 5460 IRENUM - ok
04:50:55.0878 5460 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
04:50:55.0878 5460 isapnp - ok
04:50:55.0956 5460 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
04:50:55.0971 5460 iScsiPrt - ok
04:50:56.0034 5460 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
04:50:56.0034 5460 kbdclass - ok
04:50:56.0049 5460 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
04:50:56.0049 5460 kbdhid - ok
04:50:56.0081 5460 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:50:56.0081 5460 KeyIso - ok
04:50:56.0096 5460 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
04:50:56.0096 5460 KSecDD - ok
04:50:56.0127 5460 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
04:50:56.0127 5460 KSecPkg - ok
04:50:56.0190 5460 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
04:50:56.0190 5460 KtmRm - ok
04:50:56.0252 5460 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
04:50:56.0268 5460 LanmanServer - ok
04:50:56.0315 5460 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
04:50:56.0315 5460 LanmanWorkstation - ok
04:50:56.0330 5460 Lbd - ok
04:50:56.0393 5460 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
04:50:56.0393 5460 lltdio - ok
04:50:56.0439 5460 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
04:50:56.0455 5460 lltdsvc - ok
04:50:56.0486 5460 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
04:50:56.0486 5460 lmhosts - ok
04:50:56.0517 5460 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
04:50:56.0517 5460 LSI_FC - ok
04:50:56.0564 5460 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
04:50:56.0564 5460 LSI_SAS - ok
04:50:56.0580 5460 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
04:50:56.0595 5460 LSI_SAS2 - ok
04:50:56.0611 5460 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
04:50:56.0611 5460 LSI_SCSI - ok
04:50:56.0642 5460 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
04:50:56.0642 5460 luafv - ok
04:50:56.0689 5460 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
04:50:56.0689 5460 Mcx2Svc - ok
04:50:56.0736 5460 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
04:50:56.0736 5460 mdmxsdk - ok
04:50:56.0751 5460 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
04:50:56.0751 5460 megasas - ok
04:50:56.0783 5460 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
04:50:56.0783 5460 MegaSR - ok
04:50:56.0876 5460 MemeoBackgroundService (d0067eaa04400314a1e95d70020f7403) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
04:50:56.0892 5460 MemeoBackgroundService - ok
04:50:56.0923 5460 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
04:50:56.0923 5460 MMCSS - ok
04:50:56.0939 5460 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
04:50:56.0939 5460 Modem - ok
04:50:56.0970 5460 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
04:50:56.0970 5460 monitor - ok
04:50:56.0985 5460 motandroidusb - ok
04:50:57.0001 5460 motccgp - ok
04:50:57.0001 5460 motccgpfl - ok
04:50:57.0001 5460 motmodem - ok
04:50:57.0048 5460 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
04:50:57.0063 5460 MotoHelper - ok
04:50:57.0063 5460 MotoSwitchService - ok
04:50:57.0079 5460 Motousbnet - ok
04:50:57.0079 5460 motusbdevice - ok
04:50:57.0141 5460 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
04:50:57.0141 5460 mouclass - ok
04:50:57.0204 5460 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
04:50:57.0204 5460 mouhid - ok
04:50:57.0251 5460 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
04:50:57.0251 5460 mountmgr - ok
04:50:57.0313 5460 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
04:50:57.0313 5460 mpio - ok
04:50:57.0329 5460 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
04:50:57.0329 5460 mpsdrv - ok
04:50:57.0407 5460 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
04:50:57.0422 5460 MpsSvc - ok
04:50:57.0469 5460 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
04:50:57.0485 5460 MRxDAV - ok
04:50:57.0516 5460 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:50:57.0516 5460 mrxsmb - ok
04:50:57.0563 5460 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:50:57.0563 5460 mrxsmb10 - ok
04:50:57.0594 5460 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:50:57.0609 5460 mrxsmb20 - ok
04:50:57.0641 5460 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
04:50:57.0656 5460 msahci - ok
04:50:57.0703 5460 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
04:50:57.0719 5460 msdsm - ok
04:50:57.0765 5460 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
04:50:57.0781 5460 MSDTC - ok
04:50:57.0828 5460 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
04:50:57.0828 5460 Msfs - ok
04:50:57.0953 5460 MsgPlusService (e7826e9f372d4b57c3a56872a24385d9) C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
04:50:57.0953 5460 MsgPlusService - ok
04:50:57.0968 5460 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
04:50:57.0968 5460 mshidkmdf - ok
04:50:58.0015 5460 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
04:50:58.0015 5460 msisadrv - ok
04:50:58.0062 5460 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
04:50:58.0062 5460 MSiSCSI - ok
04:50:58.0077 5460 msiserver - ok
04:50:58.0124 5460 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
04:50:58.0124 5460 MSKSSRV - ok
04:50:58.0140 5460 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
04:50:58.0140 5460 MSPCLOCK - ok
04:50:58.0155 5460 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
04:50:58.0155 5460 MSPQM - ok
04:50:58.0187 5460 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
04:50:58.0187 5460 MsRPC - ok
04:50:58.0233 5460 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
04:50:58.0233 5460 mssmbios - ok
04:50:58.0249 5460 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
04:50:58.0249 5460 MSTEE - ok
04:50:58.0265 5460 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
04:50:58.0265 5460 MTConfig - ok
04:50:58.0280 5460 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
04:50:58.0280 5460 Mup - ok
04:50:58.0467 5460 N360 (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
04:50:58.0467 5460 N360 - ok
04:50:58.0514 5460 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
04:50:58.0530 5460 napagent - ok
04:50:58.0608 5460 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
04:50:58.0623 5460 NativeWifiP - ok
04:50:58.0826 5460 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120617.009\NAVENG.SYS
04:50:58.0826 5460 NAVENG - ok
04:50:58.0935 5460 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\VirusDefs\20120617.009\NAVEX15.SYS
04:50:58.0935 5460 NAVEX15 - ok
04:50:59.0185 5460 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
04:50:59.0201 5460 NDIS - ok
04:50:59.0247 5460 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
04:50:59.0247 5460 NdisCap - ok
04:50:59.0263 5460 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
04:50:59.0279 5460 NdisTapi - ok
04:50:59.0310 5460 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
04:50:59.0310 5460 Ndisuio - ok
04:50:59.0357 5460 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
04:50:59.0372 5460 NdisWan - ok
04:50:59.0419 5460 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
04:50:59.0419 5460 NDProxy - ok
04:50:59.0466 5460 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
04:50:59.0466 5460 Net Driver HPZ12 - ok
04:50:59.0513 5460 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
04:50:59.0513 5460 NetBIOS - ok
04:50:59.0575 5460 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
04:50:59.0575 5460 NetBT - ok
04:50:59.0606 5460 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:50:59.0606 5460 Netlogon - ok
04:50:59.0684 5460 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
04:50:59.0684 5460 Netman - ok
04:50:59.0731 5460 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
04:50:59.0731 5460 netprofm - ok
04:50:59.0871 5460 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:50:59.0871 5460 NetTcpPortSharing - ok
04:51:00.0059 5460 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
04:51:00.0137 5460 netw5v32 - ok
04:51:00.0339 5460 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
04:51:00.0339 5460 nfrd960 - ok
04:51:00.0542 5460 nicconfigsvc (4badaf74d1633b84e195038a52297dc2) C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
04:51:00.0558 5460 nicconfigsvc - ok
04:51:00.0605 5460 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
04:51:00.0620 5460 NlaSvc - ok
04:51:00.0667 5460 Norton PC Checkup Application Launcher - ok
04:51:00.0683 5460 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
04:51:00.0683 5460 Npfs - ok
04:51:00.0714 5460 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
04:51:00.0729 5460 nsi - ok
04:51:00.0761 5460 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
04:51:00.0761 5460 nsiproxy - ok
04:51:00.0854 5460 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
04:51:00.0885 5460 Ntfs - ok
04:51:01.0041 5460 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
04:51:01.0041 5460 Null - ok
04:51:01.0385 5460 nvlddmkm (01544d3e8b6c8c490f57317ad5e4e9ff) C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:51:01.0447 5460 nvlddmkm - ok
04:51:01.0759 5460 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
04:51:01.0759 5460 nvraid - ok
04:51:01.0790 5460 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
04:51:01.0806 5460 nvstor - ok
04:51:01.0853 5460 nvsvc (22ef929df12af21965b0bf5558feaa4a) C:\Windows\system32\nvvsvc.exe
04:51:01.0853 5460 nvsvc - ok
04:51:01.0899 5460 NvtSp50 (dfbbb46e406d6cd7bcb58af493ba80f8) C:\Windows\system32\Drivers\NvtSp50.sys
04:51:01.0899 5460 NvtSp50 - ok
04:51:01.0946 5460 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
04:51:01.0962 5460 nv_agp - ok
04:51:02.0009 5460 NWDellModem (c4ec827bc90f5f4fa8e772b254ce1b6c) C:\Windows\system32\DRIVERS\nwdelmdm.sys
04:51:02.0009 5460 NWDellModem - ok
04:51:02.0040 5460 NWDellPort (c4ec827bc90f5f4fa8e772b254ce1b6c) C:\Windows\system32\DRIVERS\nwdelser.sys
04:51:02.0055 5460 NWDellPort - ok
04:51:02.0227 5460 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
04:51:02.0243 5460 odserv - ok
04:51:02.0289 5460 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
04:51:02.0289 5460 ohci1394 - ok
04:51:02.0336 5460 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:51:02.0336 5460 ose - ok
04:51:02.0399 5460 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
04:51:02.0414 5460 p2pimsvc - ok
04:51:02.0430 5460 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
04:51:02.0445 5460 p2psvc - ok
04:51:02.0492 5460 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
04:51:02.0508 5460 Parport - ok
04:51:02.0523 5460 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
04:51:02.0523 5460 partmgr - ok
04:51:02.0539 5460 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
04:51:02.0539 5460 Parvdm - ok
04:51:02.0601 5460 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\Windows\system32\DRIVERS\PBADRV.sys
04:51:02.0601 5460 PBADRV - ok
04:51:02.0633 5460 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
04:51:02.0648 5460 PcaSvc - ok
04:51:02.0695 5460 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
04:51:02.0695 5460 pci - ok
04:51:02.0757 5460 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
04:51:02.0757 5460 pciide - ok
04:51:02.0804 5460 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
04:51:02.0820 5460 pcmcia - ok
04:51:02.0835 5460 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
04:51:02.0835 5460 pcw - ok
04:51:02.0867 5460 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
04:51:02.0882 5460 PEAUTH - ok
04:51:02.0976 5460 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
04:51:03.0007 5460 PeerDistSvc - ok
04:51:03.0116 5460 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
04:51:03.0147 5460 pla - ok
04:51:03.0335 5460 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
04:51:03.0335 5460 PlugPlay - ok
04:51:03.0397 5460 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
04:51:03.0397 5460 Pml Driver HPZ12 - ok
04:51:03.0428 5460 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
04:51:03.0444 5460 PNRPAutoReg - ok
04:51:03.0459 5460 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
04:51:03.0459 5460 PNRPsvc - ok
04:51:03.0522 5460 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
04:51:03.0522 5460 PolicyAgent - ok
04:51:03.0584 5460 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
04:51:03.0584 5460 Power - ok
04:51:03.0678 5460 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
04:51:03.0678 5460 PptpMiniport - ok
04:51:03.0693 5460 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
04:51:03.0693 5460 Processor - ok
04:51:03.0740 5460 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
04:51:03.0740 5460 ProfSvc - ok
04:51:03.0771 5460 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:51:03.0771 5460 ProtectedStorage - ok
04:51:03.0803 5460 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
04:51:03.0803 5460 Psched - ok
04:51:03.0834 5460 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
04:51:03.0834 5460 PxHelp20 - ok
04:51:04.0005 5460 QBCFMonitorService (f6ea2dce39f1accb2c6c38d61fc79075) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
04:51:04.0005 5460 QBCFMonitorService - ok
04:51:04.0052 5460 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
04:51:04.0068 5460 QBFCService - ok
04:51:04.0146 5460 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
04:51:04.0193 5460 ql2300 - ok
04:51:04.0208 5460 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
04:51:04.0224 5460 ql40xx - ok
04:51:04.0271 5460 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
04:51:04.0286 5460 QWAVE - ok
04:51:04.0317 5460 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
04:51:04.0317 5460 QWAVEdrv - ok
04:51:04.0333 5460 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
04:51:04.0333 5460 RasAcd - ok
04:51:04.0395 5460 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
04:51:04.0395 5460 RasAgileVpn - ok
04:51:04.0395 5460 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
04:51:04.0411 5460 RasAuto - ok
04:51:04.0411 5460 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:51:04.0427 5460 Rasl2tp - ok
04:51:04.0489 5460 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
04:51:04.0489 5460 RasMan - ok
04:51:04.0551 5460 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
04:51:04.0551 5460 RasPppoe - ok
04:51:04.0567 5460 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
04:51:04.0567 5460 RasSstp - ok
04:51:04.0614 5460 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
04:51:04.0629 5460 rdbss - ok
04:51:04.0692 5460 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
04:51:04.0692 5460 rdpbus - ok
04:51:04.0739 5460 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:51:04.0739 5460 RDPCDD - ok
04:51:04.0770 5460 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
04:51:04.0770 5460 RDPDR - ok
04:51:04.0801 5460 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
04:51:04.0801 5460 RDPENCDD - ok
04:51:04.0801 5460 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
04:51:04.0817 5460 RDPREFMP - ok
04:51:04.0895 5460 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
04:51:04.0895 5460 RdpVideoMiniport - ok
04:51:04.0957 5460 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
04:51:04.0957 5460 RDPWD - ok
04:51:05.0019 5460 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
04:51:05.0035 5460 rdyboost - ok
04:51:05.0066 5460 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
04:51:05.0082 5460 RemoteAccess - ok
04:51:05.0113 5460 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
04:51:05.0129 5460 RemoteRegistry - ok
04:51:05.0175 5460 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
04:51:05.0191 5460 RFCOMM - ok
04:51:05.0207 5460 RimUsb - ok
04:51:05.0253 5460 RimVSerPort (3a5633ad615e2b15291bd0b1b97ccd8a) C:\Windows\system32\DRIVERS\RimSerial.sys
04:51:05.0253 5460 RimVSerPort - ok
04:51:05.0300 5460 RLDesignVirtualAudioCableWdm (f5cd7457fa2f0d1078992ccb77a546c4) C:\Windows\system32\DRIVERS\livecamv.sys
04:51:05.0300 5460 RLDesignVirtualAudioCableWdm - ok
04:51:05.0347 5460 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\Windows\system32\Drivers\RootMdm.sys
04:51:05.0347 5460 ROOTMODEM - ok
04:51:05.0378 5460 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
04:51:05.0378 5460 RpcEptMapper - ok
04:51:05.0425 5460 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
04:51:05.0425 5460 RpcLocator - ok
04:51:05.0472 5460 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
04:51:05.0487 5460 RpcSs - ok
04:51:05.0519 5460 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
04:51:05.0519 5460 rspndr - ok
04:51:05.0565 5460 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
04:51:05.0565 5460 s3cap - ok
04:51:05.0581 5460 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:51:05.0581 5460 SamSs - ok
04:51:05.0612 5460 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
04:51:05.0612 5460 sbp2port - ok
04:51:05.0675 5460 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
04:51:05.0675 5460 SCardSvr - ok
04:51:05.0721 5460 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
04:51:05.0721 5460 scfilter - ok
04:51:05.0784 5460 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
04:51:05.0877 5460 Schedule - ok
04:51:05.0924 5460 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
04:51:05.0924 5460 SCPolicySvc - ok
04:51:05.0940 5460 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
04:51:05.0955 5460 SDRSVC - ok
04:51:06.0018 5460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
04:51:06.0018 5460 secdrv - ok
04:51:06.0049 5460 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
04:51:06.0049 5460 seclogon - ok
04:51:06.0221 5460 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
04:51:06.0236 5460 SecureStorageService - ok
04:51:06.0252 5460 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
04:51:06.0252 5460 SENS - ok
04:51:06.0299 5460 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
04:51:06.0299 5460 SensrSvc - ok
04:51:06.0314 5460 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
04:51:06.0314 5460 Serenum - ok
04:51:06.0361 5460 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
04:51:06.0377 5460 Serial - ok
04:51:06.0408 5460 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
04:51:06.0408 5460 sermouse - ok
04:51:06.0455 5460 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
04:51:06.0470 5460 SessionEnv - ok
04:51:06.0501 5460 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
04:51:06.0501 5460 sffdisk - ok
04:51:06.0517 5460 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
04:51:06.0517 5460 sffp_mmc - ok
04:51:06.0533 5460 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
04:51:06.0533 5460 sffp_sd - ok
04:51:06.0548 5460 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
04:51:06.0548 5460 sfloppy - ok
04:51:06.0611 5460 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
04:51:06.0611 5460 SharedAccess - ok
04:51:06.0673 5460 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
04:51:06.0767 5460 ShellHWDetection - ok
04:51:06.0829 5460 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
04:51:06.0829 5460 sisagp - ok
04:51:06.0876 5460 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
04:51:06.0876 5460 SiSRaid2 - ok
04:51:06.0891 5460 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
04:51:06.0891 5460 SiSRaid4 - ok
04:51:07.0001 5460 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
04:51:07.0001 5460 SkypeUpdate - ok
04:51:07.0016 5460 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
04:51:07.0032 5460 Smb - ok
04:51:07.0094 5460 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys
04:51:07.0094 5460 SMSIVZAM5 - ok
04:51:07.0157 5460 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
04:51:07.0157 5460 SNMPTRAP - ok
04:51:07.0203 5460 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
04:51:07.0203 5460 spldr - ok
04:51:07.0250 5460 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
04:51:07.0266 5460 Spooler - ok
04:51:07.0437 5460 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
04:51:07.0515 5460 sppsvc - ok
04:51:07.0687 5460 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
04:51:07.0687 5460 sppuinotify - ok
04:51:07.0812 5460 SQLWriter (d2f4f32b59440011174b4f8137af4e0c) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
04:51:07.0812 5460 SQLWriter - ok
04:51:07.0999 5460 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\N360\0602010.005\SRTSP.SYS
04:51:07.0999 5460 SRTSP - ok
04:51:08.0030 5460 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\N360\0602010.005\SRTSPX.SYS
04:51:08.0030 5460 SRTSPX - ok
04:51:08.0093 5460 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
04:51:08.0108 5460 srv - ok
04:51:08.0124 5460 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
04:51:08.0139 5460 srv2 - ok
04:51:08.0155 5460 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
04:51:08.0155 5460 srvnet - ok
04:51:08.0202 5460 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
04:51:08.0217 5460 SSDPSRV - ok
04:51:08.0264 5460 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
04:51:08.0264 5460 SstpSvc - ok
04:51:08.0311 5460 STacSV (7e6dd4b34acd36af6c711d2bde91b040) C:\Windows\system32\STacSV.exe
04:51:08.0311 5460 STacSV - ok
04:51:08.0358 5460 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
04:51:08.0358 5460 stexstor - ok
04:51:08.0420 5460 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
04:51:08.0436 5460 STHDA - ok
04:51:08.0467 5460 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
04:51:08.0467 5460 StillCam - ok
04:51:08.0529 5460 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
04:51:08.0545 5460 StiSvc - ok
04:51:08.0685 5460 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
04:51:08.0685 5460 stllssvr - ok
04:51:08.0717 5460 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
04:51:08.0717 5460 storflt - ok
04:51:08.0763 5460 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
04:51:08.0779 5460 storvsc - ok
04:51:08.0810 5460 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
04:51:08.0810 5460 swenum - ok
04:51:08.0857 5460 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
04:51:08.0873 5460 swprv - ok
04:51:09.0107 5460 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\N360\0602010.005\SYMDS.SYS
04:51:09.0122 5460 SymDS - ok
04:51:09.0278 5460 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\N360\0602010.005\SYMEFA.SYS
04:51:09.0341 5460 SymEFA - ok
04:51:09.0387 5460 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
04:51:09.0387 5460 SymEvent - ok
04:51:09.0465 5460 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\N360\0602010.005\Ironx86.SYS
04:51:09.0465 5460 SymIRON - ok
04:51:09.0559 5460 SymNetS (3ee215d6fe821e3edf0f7134d9ae905a) C:\Windows\System32\Drivers\N360\0602010.005\SYMNETS.SYS
04:51:09.0559 5460 SymNetS - ok
04:51:09.0575 5460 Synth3dVsc - ok
04:51:09.0684 5460 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
04:51:09.0777 5460 SysMain - ok
04:51:09.0840 5460 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
04:51:09.0840 5460 TabletInputService - ok
04:51:09.0918 5460 tap0901 (fc73b46c3c76c9f1f7ec82749c0c48f3) C:\Windows\system32\DRIVERS\tap0901.sys
04:51:09.0918 5460 tap0901 - ok
04:51:09.0965 5460 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
04:51:09.0980 5460 TapiSrv - ok
04:51:10.0027 5460 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
04:51:10.0027 5460 TBS - ok
04:51:10.0121 5460 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
04:51:10.0152 5460 Tcpip - ok
04:51:10.0308 5460 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
04:51:10.0323 5460 TCPIP6 - ok
04:51:10.0401 5460 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
04:51:10.0401 5460 tcpipreg - ok
04:51:10.0573 5460 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
04:51:10.0604 5460 tcsd_win32.exe - ok
04:51:10.0651 5460 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
04:51:10.0651 5460 TDPIPE - ok
04:51:10.0745 5460 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
04:51:10.0745 5460 TDTCP - ok
04:51:10.0791 5460 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
04:51:10.0791 5460 tdx - ok
04:51:10.0838 5460 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
04:51:10.0838 5460 TermDD - ok
04:51:10.0901 5460 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
04:51:10.0916 5460 TermService - ok
04:51:10.0963 5460 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
04:51:10.0963 5460 Themes - ok
04:51:11.0010 5460 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
04:51:11.0010 5460 THREADORDER - ok
04:51:11.0025 5460 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
04:51:11.0025 5460 TrkWks - ok
04:51:11.0103 5460 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
04:51:11.0119 5460 TrustedInstaller - ok
04:51:11.0166 5460 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:51:11.0166 5460 tssecsrv - ok
04:51:11.0213 5460 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
04:51:11.0213 5460 TsUsbFlt - ok
04:51:11.0228 5460 tsusbhub - ok
04:51:11.0275 5460 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
04:51:11.0291 5460 tunnel - ok
04:51:11.0337 5460 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
04:51:11.0337 5460 uagp35 - ok
04:51:11.0400 5460 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
04:51:11.0415 5460 udfs - ok
04:51:11.0462 5460 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
04:51:11.0462 5460 UI0Detect - ok
04:51:11.0509 5460 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
04:51:11.0509 5460 uliagpkx - ok
04:51:11.0571 5460 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
04:51:11.0571 5460 umbus - ok
04:51:11.0587 5460 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
04:51:11.0587 5460 UmPass - ok
04:51:11.0665 5460 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
04:51:11.0665 5460 UmRdpService - ok
04:51:11.0727 5460 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
04:51:11.0759 5460 upnphost - ok
04:51:11.0868 5460 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
04:51:11.0868 5460 USBAAPL - ok
04:51:11.0930 5460 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
04:51:11.0930 5460 usbaudio - ok
04:51:11.0961 5460 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
04:51:11.0961 5460 usbccgp - ok
04:51:12.0008 5460 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
04:51:12.0008 5460 usbcir - ok
04:51:12.0039 5460 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
04:51:12.0039 5460 usbehci - ok
04:51:12.0086 5460 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
04:51:12.0086 5460 usbhub - ok
04:51:12.0117 5460 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
04:51:12.0117 5460 usbohci - ok
04:51:12.0149 5460 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
04:51:12.0164 5460 usbprint - ok
04:51:12.0180 5460 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
04:51:12.0180 5460 usbscan - ok
04:51:12.0227 5460 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:51:12.0227 5460 USBSTOR - ok
04:51:12.0242 5460 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
04:51:12.0242 5460 usbuhci - ok
04:51:12.0289 5460 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
04:51:12.0289 5460 UxSms - ok
04:51:12.0351 5460 V0560Vid (116540160e598fba1e6f3860284483bf) C:\Windows\system32\DRIVERS\V0560Vid.sys
04:51:12.0367 5460 V0560Vid - ok
04:51:12.0383 5460 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
04:51:12.0383 5460 VaultSvc - ok
04:51:12.0429 5460 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
04:51:12.0429 5460 vdrvroot - ok
04:51:12.0492 5460 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
04:51:12.0507 5460 vds - ok
04:51:12.0554 5460 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
04:51:12.0554 5460 vga - ok
04:51:12.0601 5460 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
04:51:12.0601 5460 VgaSave - ok
04:51:12.0601 5460 VGPU - ok
04:51:12.0663 5460 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
04:51:12.0679 5460 vhdmp - ok
04:51:12.0710 5460 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
04:51:12.0710 5460 viaagp - ok
04:51:12.0726 5460 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
04:51:12.0726 5460 ViaC7 - ok
04:51:12.0804 5460 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
04:51:12.0804 5460 viaide - ok
04:51:12.0835 5460 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
04:51:12.0835 5460 vmbus - ok
04:51:12.0851 5460 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
04:51:12.0851 5460 VMBusHID - ok
04:51:12.0866 5460 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
04:51:12.0866 5460 volmgr - ok
04:51:12.0882 5460 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
04:51:12.0897 5460 volmgrx - ok
04:51:12.0929 5460 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
04:51:12.0944 5460 volsnap - ok
04:51:12.0975 5460 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
04:51:12.0975 5460 vsmraid - ok
04:51:13.0069 5460 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
04:51:13.0100 5460 VSS - ok
04:51:13.0116 5460 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
04:51:13.0116 5460 vwifibus - ok
04:51:13.0163 5460 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
04:51:13.0178 5460 W32Time - ok
04:51:13.0225 5460 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
04:51:13.0225 5460 WacomPen - ok
04:51:13.0272 5460 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
04:51:13.0272 5460 WANARP - ok
04:51:13.0272 5460 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
04:51:13.0272 5460 Wanarpv6 - ok
04:51:13.0381 5460 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
04:51:13.0428 5460 WatAdminSvc - ok
04:51:13.0553 5460 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
04:51:13.0568 5460 WaveEnrollmentService - ok
04:51:13.0755 5460 WavxDMgr (e386d60bdfd1649815607234c17d43dd) C:\Windows\system32\DRIVERS\WavxDMgr.sys
04:51:13.0755 5460 WavxDMgr - ok
04:51:13.0849 5460 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
04:51:13.0896 5460 wbengine - ok
04:51:13.0943 5460 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
04:51:13.0958 5460 WbioSrvc - ok
04:51:14.0036 5460 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
04:51:14.0036 5460 wcncsvc - ok
04:51:14.0067 5460 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
04:51:14.0067 5460 WcsPlugInService - ok
04:51:14.0145 5460 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
04:51:14.0145 5460 Wd - ok
04:51:14.0177 5460 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
04:51:14.0192 5460 Wdf01000 - ok
04:51:14.0223 5460 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
04:51:14.0223 5460 WdiServiceHost - ok
04:51:14.0223 5460 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
04:51:14.0223 5460 WdiSystemHost - ok
04:51:14.0286 5460 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
04:51:14.0301 5460 WebClient - ok
04:51:14.0317 5460 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
04:51:14.0333 5460 Wecsvc - ok
04:51:14.0333 5460 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
04:51:14.0348 5460 wercplsupport - ok
04:51:14.0364 5460 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
04:51:14.0364 5460 WerSvc - ok
04:51:14.0426 5460 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
04:51:14.0426 5460 WfpLwf - ok
04:51:14.0442 5460 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
04:51:14.0442 5460 WIMMount - ok
04:51:14.0504 5460 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
04:51:14.0535 5460 winachsf - ok
04:51:14.0707 5460 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
04:51:14.0723 5460 WinDefend - ok
04:51:14.0769 5460 WinHttpAutoProxySvc - ok
04:51:14.0863 5460 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
04:51:14.0863 5460 Winmgmt - ok
04:51:14.0957 5460 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
04:51:15.0003 5460 WinRM - ok
04:51:15.0113 5460 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
04:51:15.0113 5460 WinUsb - ok
04:51:15.0191 5460 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
04:51:15.0222 5460 Wlansvc - ok
04:51:15.0409 5460 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
04:51:15.0456 5460 wlidsvc - ok
04:51:15.0861 5460 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
04:51:15.0861 5460 WmiAcpi - ok
04:51:15.0955 5460 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
04:51:15.0955 5460 wmiApSrv - ok
04:51:16.0142 5460 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
04:51:16.0173 5460 WMPNetworkSvc - ok
04:51:16.0314 5460 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
04:51:16.0329 5460 WPCSvc - ok
04:51:16.0361 5460 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
04:51:16.0361 5460 WPDBusEnum - ok
04:51:16.0454 5460 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
04:51:16.0454 5460 ws2ifsl - ok
04:51:16.0470 5460 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
04:51:16.0470 5460 wscsvc - ok
04:51:16.0485 5460 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
04:51:16.0485 5460 WSDPrintDevice - ok
04:51:16.0501 5460 WSearch - ok
04:51:16.0610 5460 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
04:51:16.0673 5460 wuauserv - ok
04:51:16.0891 5460 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
04:51:16.0907 5460 WudfPf - ok
04:51:16.0953 5460 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:51:16.0969 5460 WUDFRd - ok
04:51:17.0016 5460 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
04:51:17.0016 5460 wudfsvc - ok
04:51:17.0063 5460 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
04:51:17.0078 5460 WwanSvc - ok
04:51:17.0109 5460 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
04:51:17.0109 5460 XAudio - ok
04:51:17.0141 5460 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
04:51:17.0156 5460 XAudioService - ok
04:51:17.0203 5460 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
04:51:17.0390 5460 \Device\Harddisk0\DR0 - ok
04:51:17.0780 5460 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk1\DR1
04:51:17.0780 5460 \Device\Harddisk1\DR1 - ok
04:51:17.0796 5460 Boot (0x1200) (909178489a0c99c33ef2b5cec69192db) \Device\Harddisk0\DR0\Partition0
04:51:17.0796 5460 \Device\Harddisk0\DR0\Partition0 - ok
04:51:17.0796 5460 Boot (0x1200) (340b383071bad6275f4274bc1311451b) \Device\Harddisk0\DR0\Partition1
04:51:17.0796 5460 \Device\Harddisk0\DR0\Partition1 - ok
04:51:17.0811 5460 Boot (0x1200) (7a2a20d00bccc71ac5548b8778a00449) \Device\Harddisk1\DR1\Partition0
04:51:17.0811 5460 \Device\Harddisk1\DR1\Partition0 - ok
04:51:17.0811 5460 ============================================================
04:51:17.0811 5460 Scan finished
04:51:17.0811 5460 ============================================================
04:51:17.0811 4152 Detected object count: 0
04:51:17.0811 4152 Actual detected object count: 0



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-18 04:55:04
-----------------------------
04:55:04.289 OS Version: Windows 6.1.7601 Service Pack 1
04:55:04.289 Number of processors: 2 586 0x1706
04:55:04.289 ComputerName: PWICKMAN-D830 UserName: Paul Wickman
04:55:14.024 Initialize success
04:59:01.795 AVAST engine defs: 12061801
04:59:08.722 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
04:59:08.722 Disk 0 Vendor: ST9160823ASG 3.ADE Size: 152627MB BusType: 3
04:59:08.737 Disk 1 \Device\Harddisk1\DR1 -> \Device\000000a7
04:59:08.737 Disk 1 Vendor: Size: 152627MB BusType: 0
04:59:08.784 Disk 0 MBR read successfully
04:59:08.784 Disk 0 MBR scan
04:59:08.784 Disk 0 Windows 7 default MBR code
04:59:08.800 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
04:59:08.800 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 2048 MB offset 208896
04:59:08.815 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 150476 MB offset 4403200
04:59:08.831 Disk 0 scanning sectors +312578048
04:59:08.893 Disk 0 scanning C:\Windows\system32\drivers
04:59:22.746 Service scanning
04:59:58.940 Modules scanning
05:00:12.746 Disk 0 trace - called modules:
05:00:12.777 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll intelide.sys PCIIDEX.SYS atapi.sys
05:00:12.777 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b39030]
05:00:12.793 3 CLASSPNP.SYS[8cfbb59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x86a43030]
05:00:13.495 AVAST engine scan C:\Windows
05:00:17.333 AVAST engine scan C:\Windows\system32
05:04:01.371 AVAST engine scan C:\Windows\system32\drivers
05:04:25.006 AVAST engine scan C:\Users\Paul Wickman
05:04:56.471 Disk 0 MBR has been saved successfully to "C:\Users\Paul Wickman\Desktop\MBR.dat"
05:04:56.471 The log file has been saved successfully to "C:\Users\Paul Wickman\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 18 June 2012 - 11:02 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 PaulW274

PaulW274
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 18 June 2012 - 07:23 PM

Here you go. While CF was loading up, I got the message "The contents of the folder C:\Windows\erdnt\Hiv-backup could not be found". During the scan (I think it was during Stage 3) I got the error message "pev.3xe has stopped working."



ComboFix 12-06-16.02 - Paul Wickman 06/18/2012 6:55.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2263 [GMT -10:00]
Running from: c:\users\Paul Wickman\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul Wickman\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 )))))))))))))))))))))))))))))))
.
.
2012-06-18 17:43 . 2012-06-18 17:43 -------- dc----w- c:\users\pwickman\AppData\Local\temp
2012-06-18 17:43 . 2012-06-18 17:43 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-06-18 17:43 . 2012-06-18 17:43 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2012-06-18 17:43 . 2012-06-18 17:43 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-18 07:06 . 2012-06-19 00:13 -------- dc----w- c:\users\Paul Wickman\AppData\Local\temp
2012-06-17 07:06 . 2012-06-17 07:06 -------- dc----w- c:\program files\ESET
2012-06-17 06:42 . 2012-06-17 06:42 -------- dc----w- c:\users\Paul Wickman\AppData\Roaming\SPE
2012-06-17 06:35 . 2012-06-17 06:35 -------- dc----w- c:\users\Paul Wickman\AppData\Local\Chromium
2012-06-17 06:34 . 2012-06-17 06:35 -------- dc----w- c:\program files\Norton PC Checkup 3.0
2012-06-17 06:33 . 2012-06-17 06:33 -------- dc----w- c:\users\Paul Wickman\AppData\Roaming\PCCUStubInstaller
2012-06-17 03:18 . 2012-06-17 06:17 -------- dc----w- c:\windows\system32\drivers\N360\0602010.005
2012-06-17 03:15 . 2012-06-17 03:15 -------- dc----w- c:\users\Paul Wickman\AppData\Roaming\Tific
2012-06-16 20:05 . 2012-01-12 19:26 101112 -c--a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-16 20:04 . 2012-06-16 20:04 -------- dc----w- c:\program files\Common Files\iS3
2012-06-13 20:41 . 2012-06-14 13:02 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 20:41 . 2012-06-14 13:02 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:41 . 2012-06-14 13:01 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 20:41 . 2012-06-14 13:01 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 20:41 . 2012-06-14 13:01 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 20:41 . 2012-06-14 13:01 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 20:41 . 2012-06-14 13:01 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 20:41 . 2012-06-14 13:01 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 20:41 . 2012-06-14 13:00 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 20:41 . 2012-06-14 13:00 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 20:41 . 2012-06-14 13:00 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 00:53 . 2012-06-17 18:39 -------- dc----w- c:\users\Paul Wickman\AppData\Local\Backup Assistant Plus
2012-06-12 00:51 . 2012-06-12 00:51 -------- dc----w- c:\program files\Backup Assistant Plus
2012-06-05 09:53 . 2012-06-05 09:53 602112 -c--a-w- c:\windows\system32\xvid.dll
2012-05-30 04:08 . 2012-05-30 04:08 -------- dc----w- c:\windows\system32\N360_BACKUP
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-26 22:07 . 2012-05-26 22:07 159744 -c--a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-26 22:07 . 2012-05-26 22:07 -------- dc----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 03:20 . 2011-07-06 04:05 141944 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-16 19:15 . 2012-04-11 23:20 426184 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-16 19:15 . 2011-06-04 19:02 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-13 18:46 . 2012-05-13 17:42 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 18:45 . 2012-05-13 17:42 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-13 18:45 . 2012-05-13 17:42 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 18:31 . 2012-05-13 17:41 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-13 18:30 . 2012-05-13 17:41 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-04-19 06:56 . 2012-04-19 06:56 94208 -c--a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 06:56 . 2012-04-19 06:56 69632 -c--a-w- c:\windows\system32\QuickTime.qts
2012-04-11 04:43 . 2012-04-11 04:42 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 04:43 . 2012-04-11 04:42 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 04:43 . 2012-04-11 04:42 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 04:43 . 2012-04-11 04:42 159232 ----a-w- c:\windows\system32\imagehlp.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-06-04 7054984]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-06-03 1753192]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-06-08 255592]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Memeo Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2012-02-24 131072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 -c--a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Speed Launch]
2008-10-15 08:03 45936 -c--a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Synchronizer]
2007-05-11 05:29 738968 -c--a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2008-03-18 01:06 1848648 -c--a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2008-12-12 01:31 722256 -c--a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScanUtility]
2007-05-21 18:37 124512 ----a-w- c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-06-06 01:23 17344176 -c--a-r- c:\program files\Skype\Phone\Skype.exe
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-06 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 257224]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 BTHFILT;Bluetooth Command Filter;c:\windows\system32\DRIVERS\BthFilt.sys [2007-05-05 13824]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\DRIVERS\nwdelmdm.sys [2007-11-02 166144]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\program files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys [2009-05-25 32408]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0602010.005\SYMDS.SYS [2012-03-29 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0602010.005\SYMEFA.SYS [2012-03-29 905336]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\BASHDefs\20120531.001\BHDrvx86.sys [2012-04-04 821880]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0602010.005\ccSetx86.sys [2011-11-29 132744]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.2.1.5\Definitions\IPSDefs\20120613.007\IDSvix86.sys [2012-06-14 368248]
S1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [2008-06-10 22016]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0602010.005\Ironx86.SYS [2012-03-29 149624]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360\0602010.005\SYMNETS.SYS [2012-03-29 318584]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [2010-04-05 25824]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 MsgPlusService;Messenger Plus! Service;c:\program files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [2012-03-22 119296]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-06-17 131512]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 106656]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\DRIVERS\nwdelser.sys [2007-11-02 166144]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-16 31616]
S3 V0560Vid;Creative Live! Cam Optia AF Driver;c:\windows\system32\DRIVERS\V0560Vid.sys [2009-06-16 291712]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MfeAVFK
*Deregistered* - MfeBOPK
*Deregistered* - mfetdik
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 19:15]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:08]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 05:08]
.
2012-06-19 c:\windows\Tasks\User_Feed_Synchronization-{CE419895-3F91-4CA0-8F91-74F02CA7BED6}.job
- c:\windows\system32\msfeedssync.exe [2011-03-29 05:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: mcafee.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: viasat.com
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.2.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(512)
c:\windows\system32\wvauth.DLL
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\windows\system32\STacSV.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\conhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Memeo\AutoBackup\MemeoBackup.exe
c:\windows\system32\wlrmdr.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-06-18 14:16:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-19 00:16
ComboFix2.txt 2012-06-18 07:18
.
Pre-Run: 41,774,469,120 bytes free
Post-Run: 41,517,035,520 bytes free
.
- - End Of File - - AC858914D10E21631AAD4B8D2D19DFB2

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 18 June 2012 - 09:51 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 29 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 PaulW274

PaulW274
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 19 June 2012 - 12:13 AM

Based on your instructions, CCleaner will remove saved passwords. Do I really have to do this?

The path to the Malwarebytes' Anti-Malware on my computer is different than what you suggest. I'd be surprised if this isn't the case for a lot of other users.
C:\users\username\AppData\Roaming\....(remainder is the same)

Computer has been running fine since early on in the process. Can you please explain your comment that "These logs are looking a lot better but we still have work to do"? What specifically did you see in the logs that suggested that there were still problems?




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.19.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Paul Wickman :: PWICKMAN-D830 [administrator]

6/18/2012 6:41:41 PM
mbam-log-2012-06-18 (18-41-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275264
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:00:05 PM, on 6/18/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Windows\system32\wlrmdr.exe
C:\Windows\Explorer.exe
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.2.1.5\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.2.1.5\coIEPlg.dll
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Memeo Backup] C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - Trusted Zone: *.viasat.com (HKLM)
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted Zone: http://www.ajc.com (HKLM)
O15 - ESC Trusted Zone: http://www.citizengeorgia.com (HKLM)
O15 - ESC Trusted Zone: http://www.craigslist.com (HKLM)
O15 - ESC Trusted Zone: http://*.atlanta.craigslist.org (HKLM)
O15 - ESC Trusted Zone: http://flag.craigslist.org (HKLM)
O15 - ESC Trusted Zone: http://ad.doubleclick.net (HKLM)
O15 - ESC Trusted Zone: http://pagead2.googlesyndication.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.peachpundit.com (HKLM)
O15 - ESC Trusted Zone: http://poll.pollhost.com (HKLM)
O15 - ESC Trusted Zone: http://*.thenewsstar.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.1.1
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\6.2.1.5\ccSvcHst.exe
O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14207 bytes

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 19 June 2012 - 12:41 AM

Greetings

Do I really have to do this? - no that part can be changed


I did not say problems but we still have things to do to get the computer up to the best it can be



:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
      O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 PaulW274

PaulW274
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 19 June 2012 - 06:24 PM

Fixed checked items on HijackThis - no problems


ESET Results

C:\Qoobox\Quarantine\C\Users\Paul Wickman\AppData\Local\Diagnostics\CrashDumps\lqalrzs.dll.vir a variant of Win32/Kryptik.AGVE trojan
C:\Users\Paul Wickman\AppData\Roaming\Mozilla\Firefox\Profiles\lhj6jnwp.default\extensions\yozlqbofxr@yozlqbofxr.org.xpi JS/Redirector.NCA trojan

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:26 PM

Posted 19 June 2012 - 08:54 PM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Paul Wickman\AppData\Roaming\Mozilla\Firefox\Profiles\lhj6jnwp.default\extensions\yozlqbofxr@yozlqbofxr.org.xpi"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:


I need you to delete the combofix you have now and download a new one from here (the old one has a bug)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe



  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 PaulW274

PaulW274
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 20 June 2012 - 02:19 AM

The system couldn't find ComboFix so I manually deleted the Combofix folder on the C drive and rebooted. Then I didn't have a desktop so I restored the CF files from the recycle bin. But now no internet access. I rebooted and now no longer have a desktop or internet access. All I have is a black screen and s Start menu that will let me navigate around the computer. I need to get this fixed ASAP.

#15 PaulW274

PaulW274
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 20 June 2012 - 02:38 AM

I used System Restore to go back to the point where I installed HijackThis. Do you want me to restart from there or go back to the very beginning?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users